From 9f52fe33c47b7979ad891f7ce26f0f22d32e8d9c Mon Sep 17 00:00:00 2001
From: Ramachandran A G <ramacg@microsoft.com>
Date: Tue, 2 Apr 2024 12:38:54 +0530
Subject: [PATCH] * Add some sample files

---
 .gitignore                                    |   1 +
 docker-e2e/2023-12-15-12-fw-d-hub01.log       |  25 +++
 docker-e2e/Logstash-Docker                    |   9 +-
 docker-e2e/access-1.log                       |  15 ++
 docker-e2e/docker-compose-basic.yml           |  21 ++
 ...se-all.yml => docker-compose-filebeat.yml} |   0
 docker-e2e/email-agents.txt                   | 192 ++++++++++++++++++
 docker-e2e/kusto-tables.kql                   |  15 +-
 .../logstash-fortigate-paloalto.conf.template |  70 +++++++
 docker-e2e/palo-alto-2.log                    |   7 +
 10 files changed, 350 insertions(+), 5 deletions(-)
 create mode 100644 docker-e2e/2023-12-15-12-fw-d-hub01.log
 create mode 100644 docker-e2e/access-1.log
 create mode 100644 docker-e2e/docker-compose-basic.yml
 rename docker-e2e/{docker-compose-all.yml => docker-compose-filebeat.yml} (100%)
 create mode 100644 docker-e2e/email-agents.txt
 create mode 100644 docker-e2e/logstash-fortigate-paloalto.conf.template
 create mode 100644 docker-e2e/palo-alto-2.log

diff --git a/.gitignore b/.gitignore
index fc91a8e..b673ee8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -61,3 +61,4 @@ rspec.xml
 e2e/output_file.txt
 logs.txt
 local-run.sh
+docker-e2e/.env
diff --git a/docker-e2e/2023-12-15-12-fw-d-hub01.log b/docker-e2e/2023-12-15-12-fw-d-hub01.log
new file mode 100644
index 0000000..ec64e4f
--- /dev/null
+++ b/docker-e2e/2023-12-15-12-fw-d-hub01.log
@@ -0,0 +1,25 @@
+2023-12-15T12:52:28+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|satd|SYSTEM|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 cs3Label=Virtual System cs3= fname= flexString2Label=Module flexString2=general msg="SATD daemon configuration load phase-2 succeeded." externalId=7310235990801518282 cat=satd-config-p2-success PanOSDGl1=0 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 PanOSActionFlags=0x8000000000000000 anOSTimeGeneratedHighResolution=2023-12-15T12:52:28.666+09:00
+2023-12-15T12:52:28+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|sslmgr|SYSTEM|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 cs3Label=Virtual System cs3= fname= flexString2Label=Module flexString2=general msg="SSLMGR daemon configuration load phase-2 succeeded." externalId=7310235990801518283 cat=sslmgr-config-p2-success PanOSDGl1=0 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 PanOSActionFlags=0x8000000000000000 anOSTimeGeneratedHighResolution=2023-12-15T12:52:28.671+09:00
+2023-12-15T12:52:28+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|ras|SYSTEM|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 cs3Label=Virtual System cs3= fname= flexString2Label=Module flexString2=general msg="RASMGR daemon configuration load phase-2 succeeded." externalId=7310235990801518284 cat=rasmgr-config-p2-success PanOSDGl1=0 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 PanOSActionFlags=0x8000000000000000 anOSTimeGeneratedHighResolution=2023-12-15T12:52:28.726+09:00
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.101.21.4 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-P_Network-Dev-All_AADDS-Allow-DNS suser= duser= app=dns-base cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=610975 cnt=1 spt=56887 dpt=53 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x19 proto=udp act=allow flexNumber1Label=Total bytes flexNumber1=251 in=81 out=170 cn2Label=Packets cn2=2 PanOSPacketsReceived=1 PanOSPacketsSent=1 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102763 reason=aged-out PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=2b9fd2f2-5795-4f4d-aba1-a8379cd5c826 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.101.21.4 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-P_Network-Dev-All_AADDS-Allow-DNS suser= duser= app=dns-base cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=611376 cnt=1 spt=51076 dpt=53 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x19 proto=udp act=allow flexNumber1Label=Total bytes flexNumber1=206 in=95 out=111 cn2Label=Packets cn2=2 PanOSPacketsReceived=1 PanOSPacketsSent=1 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102764 reason=aged-out PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=2b9fd2f2-5795-4f4d-aba1-a8379cd5c826 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.101.21.4 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-P_Network-Dev-All_AADDS-Allow-DNS suser= duser= app=dns-base cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=611452 cnt=1 spt=39127 dpt=53 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x19 proto=udp act=allow flexNumber1Label=Total bytes flexNumber1=253 in=95 out=158 cn2Label=Packets cn2=2 PanOSPacketsReceived=1 PanOSPacketsSent=1 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102765 reason=aged-out PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=2b9fd2f2-5795-4f4d-aba1-a8379cd5c826 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.156.103 dst=13.107.4.50 sourceTranslatedAddress=10.101.139.11 destinationTranslatedAddress=13.107.4.50 cs1Label=Rule cs1=D-U_All_Internet-Azure-Access suser= duser= app=ms-update cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Untrust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/1 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=608978 cnt=1 spt=55109 dpt=80 sourceTranslatedPort=1737 destinationTranslatedPort=80 flexString1Label=Flags flexString1=0x40001c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=2189000 in=8302 out=2180698 cn2Label=Packets cn2=1634 PanOSPacketsReceived=1510 PanOSPacketsSent=124 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=29 cs2Label=URL Category cs2=computer-and-internet-info externalId=7310235986529102766 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=1142ea37-0c06-4c2b-8a00-6092ccc4b197 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.152.5 dst=52.231.80.185 sourceTranslatedAddress=10.101.139.11 destinationTranslatedAddress=52.231.80.185 cs1Label=Rule cs1=D-U_All_Internet-Azure-Access suser= duser= app=ssl cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Untrust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/1 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=609742 cnt=1 spt=37570 dpt=443 sourceTranslatedPort=52945 destinationTranslatedPort=443 flexString1Label=Flags flexString1=0x40041c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=13658 in=1640 out=12018 cn2Label=Packets cn2=22 PanOSPacketsReceived=13 PanOSPacketsSent=9 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=computer-and-internet-info externalId=7310235986529102767 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=1142ea37-0c06-4c2b-8a00-6092ccc4b197 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.211.0.60 dst=10.101.154.11 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-D_Network_Dev-Spoke_Zabbix-Monitoring suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=610095 cnt=1 spt=45227 dpt=10051 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=952 in=516 out=436 cn2Label=Packets cn2=10 PanOSPacketsReceived=5 PanOSPacketsSent=5 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102768 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=9d4ec3dc-82b4-4633-9f69-03e3d4f23901 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.26.4 dst=10.101.154.11 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=P-D_Server_azzabbix-azdevzabbix suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=612219 cnt=1 spt=44848 dpt=10051 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=1515 in=624 out=891 cn2Label=Packets cn2=13 PanOSPacketsReceived=5 PanOSPacketsSent=8 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102769 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=d96c9891-0e2d-4926-8fc3-0e0ca0ca6b6a PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.201.0.20 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-D_Server_Zabbix_Dev-Spoke-Monitoring suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=611982 cnt=1 spt=34920 dpt=10050 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=896 in=547 out=349 cn2Label=Packets cn2=11 PanOSPacketsReceived=4 PanOSPacketsSent=7 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102770 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=0c6adf8f-6e67-41f8-b147-3110cfdeebab PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.201.0.20 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-D_Server_Zabbix_Dev-Spoke-Monitoring suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=613564 cnt=1 spt=34908 dpt=10050 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=897 in=548 out=349 cn2Label=Packets cn2=11 PanOSPacketsReceived=4 PanOSPacketsSent=7 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102771 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=0c6adf8f-6e67-41f8-b147-3110cfdeebab PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.201.0.20 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-D_Server_Zabbix_Dev-Spoke-Monitoring suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=612582 cnt=1 spt=34860 dpt=10050 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=790 in=435 out=355 cn2Label=Packets cn2=9 PanOSPacketsReceived=4 PanOSPacketsSent=5 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102772 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=0c6adf8f-6e67-41f8-b147-3110cfdeebab PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.201.0.20 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-D_Server_Zabbix_Dev-Spoke-Monitoring suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=613721 cnt=1 spt=34826 dpt=10050 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=896 in=547 out=349 cn2Label=Packets cn2=11 PanOSPacketsReceived=4 PanOSPacketsSent=7 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102773 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=0c6adf8f-6e67-41f8-b147-3110cfdeebab PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.211.0.10 dst=10.101.21.4 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-P_Network-Dev-All_AADDS-Allow-DNS suser= duser= app=dns-base cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=610649 cnt=1 spt=37446 dpt=53 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x19 proto=udp act=allow flexNumber1Label=Total bytes flexNumber1=204 in=94 out=110 cn2Label=Packets cn2=2 PanOSPacketsReceived=1 PanOSPacketsSent=1 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102774 reason=aged-out PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=2b9fd2f2-5795-4f4d-aba1-a8379cd5c826 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.150.12 dst=10.101.21.4 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-P_Network-Dev-All_AADDS-Allow-DNS suser= duser= app=dns-base cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=613084 cnt=1 spt=50788 dpt=53 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x19 proto=udp act=allow flexNumber1Label=Total bytes flexNumber1=277 in=94 out=183 cn2Label=Packets cn2=2 PanOSPacketsReceived=1 PanOSPacketsSent=1 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102775 reason=aged-out PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=2b9fd2f2-5795-4f4d-aba1-a8379cd5c826 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.101.21.4 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-P_Network-Dev-All_AADDS-Allow-DNS suser= duser= app=dns-base cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=613298 cnt=1 spt=34802 dpt=53 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x19 proto=udp act=allow flexNumber1Label=Total bytes flexNumber1=206 in=95 out=111 cn2Label=Packets cn2=2 PanOSPacketsReceived=1 PanOSPacketsSent=1 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102776 reason=aged-out PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=2b9fd2f2-5795-4f4d-aba1-a8379cd5c826 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.101.21.4 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-P_Network-Dev-All_AADDS-Allow-DNS suser= duser= app=dns-base cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=610645 cnt=1 spt=53961 dpt=53 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x19 proto=udp act=allow flexNumber1Label=Total bytes flexNumber1=253 in=95 out=158 cn2Label=Packets cn2=2 PanOSPacketsReceived=1 PanOSPacketsSent=1 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102777 reason=aged-out PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=2b9fd2f2-5795-4f4d-aba1-a8379cd5c826 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.101.21.4 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-P_Network-Dev-All_AADDS-Allow-DNS suser= duser= app=dns-base cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=611601 cnt=1 spt=50960 dpt=53 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x19 proto=udp act=allow flexNumber1Label=Total bytes flexNumber1=253 in=95 out=158 cn2Label=Packets cn2=2 PanOSPacketsReceived=1 PanOSPacketsSent=1 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102778 reason=aged-out PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=2b9fd2f2-5795-4f4d-aba1-a8379cd5c826 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.101.21.4 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-P_Network-Dev-All_AADDS-Allow-DNS suser= duser= app=dns-base cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=614269 cnt=1 spt=34031 dpt=53 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x19 proto=udp act=allow flexNumber1Label=Total bytes flexNumber1=253 in=95 out=158 cn2Label=Packets cn2=2 PanOSPacketsReceived=1 PanOSPacketsSent=1 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102779 reason=aged-out PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=2b9fd2f2-5795-4f4d-aba1-a8379cd5c826 PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.201.0.20 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-D_Server_Zabbix_Dev-Spoke-Monitoring suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=611730 cnt=1 spt=34892 dpt=10050 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=765 in=410 out=355 cn2Label=Packets cn2=9 PanOSPacketsReceived=4 PanOSPacketsSent=5 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102780 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=0c6adf8f-6e67-41f8-b147-3110cfdeebab PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.201.0.20 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-D_Server_Zabbix_Dev-Spoke-Monitoring suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=611615 cnt=1 spt=34864 dpt=10050 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=790 in=435 out=355 cn2Label=Packets cn2=9 PanOSPacketsReceived=4 PanOSPacketsSent=5 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102781 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=0c6adf8f-6e67-41f8-b147-3110cfdeebab PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.201.0.20 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-D_Server_Zabbix_Dev-Spoke-Monitoring suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=613312 cnt=1 spt=34848 dpt=10050 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=761 in=406 out=355 cn2Label=Packets cn2=9 PanOSPacketsReceived=4 PanOSPacketsSent=5 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102782 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=0c6adf8f-6e67-41f8-b147-3110cfdeebab PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.201.0.20 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-D_Server_Zabbix_Dev-Spoke-Monitoring suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=614467 cnt=1 spt=34880 dpt=10050 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=776 in=421 out=355 cn2Label=Packets cn2=9 PanOSPacketsReceived=4 PanOSPacketsSent=5 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102783 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=0c6adf8f-6e67-41f8-b147-3110cfdeebab PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
+2023-12-15T12:52:29+09:00 fw-d-hub01 CEF: 0|Palo Alto Networks|PAN-OS|10.2.4-h2|end|TRAFFIC|1|rt=Dec 15 2023 03:52:28 GMT deviceExternalId=007957000355608 src=10.101.154.11 dst=10.201.0.20 sourceTranslatedAddress=0.0.0.0 destinationTranslatedAddress=0.0.0.0 cs1Label=Rule cs1=D-D_Server_Zabbix_Dev-Spoke-Monitoring suser= duser= app=zabbix cs3Label=Virtual System cs3=vsys1 cs4Label=Source Zone cs4=Trust cs5Label=Destination Zone cs5=Trust deviceInboundInterface=ethernet1/2 deviceOutboundInterface=ethernet1/2 cs6Label=LogProfile cs6=Log-Forwarding-Panoram cn1Label=SessionID cn1=610144 cnt=1 spt=34862 dpt=10050 sourceTranslatedPort=0 destinationTranslatedPort=0 flexString1Label=Flags flexString1=0x1c proto=tcp act=allow flexNumber1Label=Total bytes flexNumber1=770 in=415 out=355 cn2Label=Packets cn2=9 PanOSPacketsReceived=4 PanOSPacketsSent=5 start=Dec 15 2023 03:52:28 GMT cn3Label=Elapsed time in seconds cn3=0 cs2Label=URL Category cs2=any externalId=7310235986529102784 reason=tcp-fin PanOSDGl1=11 PanOSDGl2=0 PanOSDGl3=0 PanOSDGl4=0 PanOSVsysName= dvchost=fw-d-hub01 cat=from-policy PanOSActionFlags=0x8000000000000000 PanOSSrcUUID= PanOSDstUUID= PanOSTunnelID=0 PanOSMonitorTag= PanOSParentSessionID=0 PanOSParentStartTime= PanOSTunnelType=N/A PanOSSCTPAssocID=0 PanOSSCTPChunks=0 PanOSSCTPChunkSent=0 PanOSSCTPChunksRcv=0 PanOSRuleUUID=0c6adf8f-6e67-41f8-b147-3110cfdeebab PanOSHTTP2Con=0 PanLinkChange=0 PanPolicyID= PanLinkDetail= PanSDWANCluster= PanSDWANDevice= PanSDWANClustype= PanSDWANSite= PanDynamicUsrgrp=
\ No newline at end of file
diff --git a/docker-e2e/Logstash-Docker b/docker-e2e/Logstash-Docker
index af61434..dcd75a8 100644
--- a/docker-e2e/Logstash-Docker
+++ b/docker-e2e/Logstash-Docker
@@ -1,7 +1,8 @@
 FROM docker.elastic.co/logstash/logstash-oss:8.10.0
-COPY logstash-output-kusto-2.0.2-java.gem /tmp/logstash-output-kusto-2.0.2-java.gem
+COPY logstash-output-kusto-2.0.5-java.gem /tmp/logstash-output-kusto-2.0.5-java.gem
 RUN rm -f /usr/share/logstash/pipeline/logstash.conf && \
-  bin/logstash-plugin install /tmp/logstash-output-kusto-2.0.2-java.gem
-COPY logstash-nsg-logs.conf /usr/share/logstash/pipeline/logstash.conf
-COPY 2023-12-15-12-fw-d-hub01.log /tmp/fw-d-hub01.log
+  bin/logstash-plugin install /tmp/logstash-output-kusto-2.0.5-java.gem
+#-e2eCOPY logstash-nsg-logs.conf /usr/share/logstash/pipeline/logstash.conf
+COPY logstash-fortigate-paloalto.conf.template /usr/share/logstash/pipeline/logstash.conf
+COPY *.log /tmp/
 COPY logstash.yml /usr/share/logstash/config/logstash.yml
diff --git a/docker-e2e/access-1.log b/docker-e2e/access-1.log
new file mode 100644
index 0000000..07a8d40
--- /dev/null
+++ b/docker-e2e/access-1.log
@@ -0,0 +1,15 @@
+83.149.9.216 - - [17/May/2015:10:05:03 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:43 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard3.png HTTP/1.1" 200 171717 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:47 +0000] "GET /presentations/logstash-monitorama-2013/plugin/highlight/highlight.js HTTP/1.1" 200 26185 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:12 +0000] "GET /presentations/logstash-monitorama-2013/plugin/zoom-js/zoom.js HTTP/1.1" 200 7697 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:07 +0000] "GET /presentations/logstash-monitorama-2013/plugin/notes/notes.js HTTP/1.1" 200 2892 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:34 +0000] "GET /presentations/logstash-monitorama-2013/images/sad-medic.png HTTP/1.1" 200 430406 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:57 +0000] "GET /presentations/logstash-monitorama-2013/css/fonts/Roboto-Bold.ttf HTTP/1.1" 200 38720 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:50 +0000] "GET /presentations/logstash-monitorama-2013/css/fonts/Roboto-Regular.ttf HTTP/1.1" 200 41820 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:24 +0000] "GET /presentations/logstash-monitorama-2013/images/frontend-response-codes.png HTTP/1.1" 200 52878 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:50 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard.png HTTP/1.1" 200 321631 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:46 +0000] "GET /presentations/logstash-monitorama-2013/images/Dreamhost_logo.svg HTTP/1.1" 200 2126 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:11 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard2.png HTTP/1.1" 200 394967 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:19 +0000] "GET /presentations/logstash-monitorama-2013/images/apache-icon.gif HTTP/1.1" 200 8095 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:33 +0000] "GET /presentations/logstash-monitorama-2013/images/nagios-sms5.png HTTP/1.1" 200 78075 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
+83.149.9.216 - - [17/May/2015:10:05:00 +0000] "GET /presentations/logstash-monitorama-2013/images/redis.png HTTP/1.1" 200 25230 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
\ No newline at end of file
diff --git a/docker-e2e/docker-compose-basic.yml b/docker-e2e/docker-compose-basic.yml
new file mode 100644
index 0000000..4d80922
--- /dev/null
+++ b/docker-e2e/docker-compose-basic.yml
@@ -0,0 +1,21 @@
+version: '3.8'
+services:
+  logstash:
+    build: # "context" and "dockerfile" fields have to be under "build"
+      context: .
+      dockerfile: Logstash-Docker
+    hostname: logstash
+    environment:
+      - "LS_JAVA_OPTS=-Xms1024m -Xmx8192m"
+      - INGEST_CLUSTER_URL=${INGEST_CLUSTER_URL}
+      - APP_ID=${APP_ID}
+      - APP_KEY=${APP_KEY}
+      - APP_TENANT=${APP_TENANT}
+      - DATABASE=${DATABASE}
+    ports:
+      - "9600:9600"
+      - "5044:5044"
+      - "30001:30001"
+    deploy:
+      restart_policy:
+        condition: on-failure
diff --git a/docker-e2e/docker-compose-all.yml b/docker-e2e/docker-compose-filebeat.yml
similarity index 100%
rename from docker-e2e/docker-compose-all.yml
rename to docker-e2e/docker-compose-filebeat.yml
diff --git a/docker-e2e/email-agents.txt b/docker-e2e/email-agents.txt
new file mode 100644
index 0000000..3464abc
--- /dev/null
+++ b/docker-e2e/email-agents.txt
@@ -0,0 +1,192 @@
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
+{"Domain":"x.x.x.x:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:21:57.464Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"update.googleapis.com:443","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:04.544Z","Rule Name":"skip auth gdrive no ua","@version":"1","_metadata":{},"User Agent":"-","Profile":"All","Client IP":"x.x.x.x","Local Browser":[],"Result":"app ALLOWED","MessageType":"Applications","Is Browser":false}
+{"Domain":"https://business.bing.com/api/v3/user/proactive/signin","POP":"il-place-1@OCI","Tenant ID":"x.x.x.x","@timestamp":"2023-12-03T16:22:06.941Z","Rule Name":"default","@version":"1","_metadata":{},"User Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/x.x.x.x","Profile":"All","Client IP":"x.x.x.x[x.x.x.x]","Local Browser":["Edge","x.x.x.x"],"Result":"browser","MessageType":"Applications","Is Browser":true}
\ No newline at end of file
diff --git a/docker-e2e/kusto-tables.kql b/docker-e2e/kusto-tables.kql
index 882cef2..0c1b225 100644
--- a/docker-e2e/kusto-tables.kql
+++ b/docker-e2e/kusto-tables.kql
@@ -74,4 +74,17 @@ PaloAltoProcessed
 
 .alter table flowLogs policy  ingestionbatching @'{"MaximumBatchingTimeSpan":"00:00:05", "MaximumNumberOfItems": 100, "MaximumRawDataSizeMB": 100}'
 
-.create table flowLogs ingestion json mapping "flowLogsMapping" '[{"column":"category","path":"$.category","datatype":"string","transform":""},{"column":"State","path":"$.State","datatype":"string","transform":""},    {"column":"Protocol","path":"$.Protocol","datatype":"string","transform":""},{"column":"dstIP","path":"$.dstIP","datatype":"string","transform":""},    {"column":"flowLogVersion","path":"$.flowLogVersion","datatype":"int","transform":""},    {"column":"srcIP","path":"$.srcIP","datatype":"string","transform":""},    {"column":"ResourceGroup","path":"$.ResourceGroup","datatype":"string","transform":""},    {"column":"macAddress2","path":"$.macAddress2","datatype":"string","transform":""},    {"column":"PacketsSrcToDst","path":"$.PacketsSrcToDst","datatype":"int","transform":""},    {"column":"Direction","path":"$.Direction","datatype":"string","transform":""},    {"column":"Decision","path":"$.Decision","datatype":"string","transform":""},    {"column":"BytesSrcToDst","path":"$.BytesSrcToDst","datatype":"int","transform":""},    {"column":"BytesDstToSrc","path":"$.BytesDstToSrc","datatype":"int","transform":""},    {"column":"macAddress","path":"$.macAddress","datatype":"string","transform":""},    {"column":"Time","path":"$.Time","datatype":"datetime","transform":""},    {"column":"rule","path":"$.rule","datatype":"string","transform":""},    {"column":"NetworkSecurityGroup","path":"$.NetworkSecurityGroup","datatype":"string","transform":""},    {"column":"Subscription","path":"$.Subscription","datatype":"string","transform":""},    {"column":"PacketsDstToSrc","path":"$.PacketsDstToSrc","datatype":"int","transform":""},    {"column":"Timestamp","path":"$.Timestamp","datatype":"string","transform":""},    {"column":"nsgResourceID","path":"$.nsgResourceID","datatype":"string","transform":""},    {"column":"dstPort","path":"$.dstPort","datatype":"string","transform":""}, {"column":"srcPort","path":"$.srcPort","datatype":"string","transform":""}]'
\ No newline at end of file
+.create table flowLogs ingestion json mapping "flowLogsMapping" '[{"column":"category","path":"$.category","datatype":"string","transform":""},{"column":"State","path":"$.State","datatype":"string","transform":""},    {"column":"Protocol","path":"$.Protocol","datatype":"string","transform":""},{"column":"dstIP","path":"$.dstIP","datatype":"string","transform":""},    {"column":"flowLogVersion","path":"$.flowLogVersion","datatype":"int","transform":""},    {"column":"srcIP","path":"$.srcIP","datatype":"string","transform":""},    {"column":"ResourceGroup","path":"$.ResourceGroup","datatype":"string","transform":""},    {"column":"macAddress2","path":"$.macAddress2","datatype":"string","transform":""},    {"column":"PacketsSrcToDst","path":"$.PacketsSrcToDst","datatype":"int","transform":""},    {"column":"Direction","path":"$.Direction","datatype":"string","transform":""},    {"column":"Decision","path":"$.Decision","datatype":"string","transform":""},    {"column":"BytesSrcToDst","path":"$.BytesSrcToDst","datatype":"int","transform":""},    {"column":"BytesDstToSrc","path":"$.BytesDstToSrc","datatype":"int","transform":""},    {"column":"macAddress","path":"$.macAddress","datatype":"string","transform":""},    {"column":"Time","path":"$.Time","datatype":"datetime","transform":""},    {"column":"rule","path":"$.rule","datatype":"string","transform":""},    {"column":"NetworkSecurityGroup","path":"$.NetworkSecurityGroup","datatype":"string","transform":""},    {"column":"Subscription","path":"$.Subscription","datatype":"string","transform":""},    {"column":"PacketsDstToSrc","path":"$.PacketsDstToSrc","datatype":"int","transform":""},    {"column":"Timestamp","path":"$.Timestamp","datatype":"string","transform":""},    {"column":"nsgResourceID","path":"$.nsgResourceID","datatype":"string","transform":""},    {"column":"dstPort","path":"$.dstPort","datatype":"string","transform":""}, {"column":"srcPort","path":"$.srcPort","datatype":"string","transform":""}]'
+
+
+.create table  PaloAltoTrafficLogs( FUTURE_USE_1:string,RECEIVE_TIME:string,SERIAL_NUMBER:string,TYPE:string,THREAT_CONTENT_TYPE:string,FUTURE_USE_2:string,GENERATED_TIME:string,SOURCE_ADDRESS:string,DESTINATION_ADDRESS:string,NAT_SOURCE_IP:string,NAT_DESTINATION_IP:string,RULE_NAME:string,SOURCE_USER:string,DESTINATION_USER:string,APPLICATION:string,VIRTUAL_SYSTEM:string,SOURCE_ZONE:string,DESTINATION_ZONE:string,INBOUND_INTERFACE:string,OUTBOUND_INTERFACE:string,LOG_ACTION:string,FUTURE_USE_3:string,SESSION_ID:string,REPEAT_COUNT:string,SOURCE_PORT:int,DESTINATION_PORT:int,NAT_SOURCE_PORT:int,NAT_DESTINATION_PORT:int,FLAGS:string,PROTOCOL:string,ACTION:string,BYTES:string,BYTES_SENT:string,BYTES_RECEIVED:string,PACKETS:string,START_TIME:string,ELAPSED_TIME:string,CATEGORY:string,FUTURE_USE_4:string,SEQUENCE_NUMBER:long,ACTION_FLAGS:string,SOURCE_COUNTRY:string,DESTINATION_COUNTRY:string,FUTURE_USE_5:string,PACKETS_SENT:string,PACKETS_RECEIVED:string,SESSION_END_REASON:string,DEVICE_GROUP_HIERARCHY_LEVEL_1:string,DEVICE_GROUP_HIERARCHY_LEVEL_2:string,DEVICE_GROUP_HIERARCHY_LEVEL_3:string,DEVICE_GROUP_HIERARCHY_LEVEL_4:string,VIRTUAL_SYSTEM_NAME:string,DEVICE_NAME:string,ACTION_SOURCE:string,SOURCE_VM_UUID:string,DESTINATION_VM_UUID:string,TUNNEL_ID_IMSI:string,MONITOR_TAG_IMEI:string,PARENT_SESSION_ID:string,PARENT_START_TIME:string,TUNNEL_TYPE:string,SCTP_ASSOCIATION_ID:string,SCTP_CHUNKS:string,SCTP_CHUNKS_SENT:string,SCTP_CHUNKS_RECEIVED:string,RULE_UUID:string,HTTP_2_CONNECTION:string,APP_FLAP_COUNT:string,POLICY_ID:string,LINK_SWITCHES:string,SD_WAN_CLUSTER:string,SD_WAN_DEVICE_TYPE:string,SD_WAN_CLUSTER_TYPE:string,SD_WAN_SITE:string,DYNAMIC_USER_GROUP_NAME:string,XFF_ADDRESS:string,SOURCE_DEVICE_CATEGORY:string,SOURCE_DEVICE_PROFILE:string,SOURCE_DEVICE_MODEL:string,SOURCE_DEVICE_VENDOR:string,SOURCE_DEVICE_OS_FAMILY:string,SOURCE_DEVICE_OS_VERSION:string,SOURCE_HOSTNAME:string,SOURCE_MAC_ADDRESS:string,DESTINATION_DEVICE_CATEGORY:string,DESTINATION_DEVICE_PROFILE:string,DESTINATION_DEVICE_MODEL:string,DESTINATION_DEVICE_VENDOR:string,DESTINATION_DEVICE_OS_FAMILY:string,DESTINATION_DEVICE_OS_VERSION:string,DESTINATION_HOSTNAME:string,DESTINATION_MAC_ADDRESS:string,CONTAINER_ID:string,POD_NAMESPACE:string,POD_NAME:string,SOURCE_EXTERNAL_DYNAMIC_LIST:string,DESTINATION_EXTERNAL_DYNAMIC_LIST:string,HOST_ID:string,USER_SERIAL_NUMBER:string,SOURCE_DYNAMIC_ADDRESS_GROUP:string,DESTINATION_DYNAMIC_ADDRESS_GROUP:string,SESSION_OWNER:string,HIGH_RESOLUTION_TIMESTAMP:string,A_SLICE_SERVICE_TYPE:string,A_SLICE_DIFFERENTIATOR:string,APPLICATION_SUBCATEGORY:string,APPLICATION_CATEGORY:string,APPLICATION_TECHNOLOGY:string,APPLICATION_RISK:string,APPLICATION_CHARACTERISTIC:string,APPLICATION_CONTAINER:string,
+TUNNELED_APPLICATION:string,APPLICATION_SAAS:string,APPLICATION_SANCTIONED_STATE:string,OFFLOADED:string)
+
+.alter table PaloAltoTrafficLogs policy ingestionbatching
+```
+{
+    "MaximumBatchingTimeSpan" : "00:00:01",
+    "MaximumNumberOfItems" : 1,
+    "MaximumRawDataSizeMB" : 100
+}
+```
\ No newline at end of file
diff --git a/docker-e2e/logstash-fortigate-paloalto.conf.template b/docker-e2e/logstash-fortigate-paloalto.conf.template
new file mode 100644
index 0000000..c255778
--- /dev/null
+++ b/docker-e2e/logstash-fortigate-paloalto.conf.template
@@ -0,0 +1,70 @@
+input {  
+    stdin {}
+    file { 
+        # Took the file that you provided as the sample and sent that data into ADX     
+        add_field => { "[@metadata][source_type]" => "file" }
+        path => "/tmp/palo-alto-2.log" 
+        start_position => "beginning" 
+    } 
+}
+
+filter {
+  csv {
+        source => "message"
+        columns => [
+            "FUTURE_USE_1","RECEIVE_TIME","SERIAL_NUMBER","TYPE","THREAT_CONTENT_TYPE","FUTURE_USE_2","GENERATED_TIME","SOURCE_ADDRESS","DESTINATION_ADDRESS","NAT_SOURCE_IP","NAT_DESTINATION_IP","RULE_NAME","
+            SOURCE_USER","DESTINATION_USER","APPLICATION","VIRTUAL_SYSTEM","SOURCE_ZONE","DESTINATION_ZONE","INBOUND_INTERFACE","OUTBOUND_INTERFACE","LOG_ACTION","FUTURE_USE_3","SESSION_ID","REPEAT_COUNT","
+            SOURCE_PORT","DESTINATION_PORT","NAT_SOURCE_PORT","NAT_DESTINATION_PORT","FLAGS","PROTOCOL","ACTION","BYTES","BYTES_SENT","BYTES_RECEIVED","PACKETS","START_TIME","ELAPSED_TIME","CATEGORY","FUTURE_USE_4",
+            "SEQUENCE_NUMBER","ACTION_FLAGS","SOURCE_COUNTRY","DESTINATION_COUNTRY","FUTURE_USE_5","PACKETS_SENT","PACKETS_RECEIVED","SESSION_END_REASON","DEVICE_GROUP_HIERARCHY_LEVEL_1","
+            DEVICE_GROUP_HIERARCHY_LEVEL_2","DEVICE_GROUP_HIERARCHY_LEVEL_3","DEVICE_GROUP_HIERARCHY_LEVEL_4","VIRTUAL_SYSTEM_NAME","DEVICE_NAME","ACTION_SOURCE","SOURCE_VM_UUID","
+            DESTINATION_VM_UUID","TUNNEL_ID_IMSI","MONITOR_TAG_IMEI","PARENT_SESSION_ID","PARENT_START_TIME","TUNNEL_TYPE","SCTP_ASSOCIATION_ID","SCTP_CHUNKS","SCTP_CHUNKS_SENT","
+            SCTP_CHUNKS_RECEIVED","RULE_UUID","HTTP_2_CONNECTION","APP_FLAP_COUNT","POLICY_ID","LINK_SWITCHES","SD_WAN_CLUSTER","SD_WAN_DEVICE_TYPE","SD_WAN_CLUSTER_TYPE","SD_WAN_SITE","
+            DYNAMIC_USER_GROUP_NAME","XFF_ADDRESS","SOURCE_DEVICE_CATEGORY","SOURCE_DEVICE_PROFILE","SOURCE_DEVICE_MODEL","SOURCE_DEVICE_VENDOR","SOURCE_DEVICE_OS_FAMILY","
+            SOURCE_DEVICE_OS_VERSION","SOURCE_HOSTNAME","SOURCE_MAC_ADDRESS","DESTINATION_DEVICE_CATEGORY","DESTINATION_DEVICE_PROFILE","DESTINATION_DEVICE_MODEL","
+            DESTINATION_DEVICE_VENDOR","DESTINATION_DEVICE_OS_FAMILY","DESTINATION_DEVICE_OS_VERSION","DESTINATION_HOSTNAME","DESTINATION_MAC_ADDRESS","CONTAINER_ID","
+            POD_NAMESPACE","POD_NAME","SOURCE_EXTERNAL_DYNAMIC_LIST","DESTINATION_EXTERNAL_DYNAMIC_LIST","HOST_ID","USER_SERIAL_NUMBER","SOURCE_DYNAMIC_ADDRESS_GROUP","
+            DESTINATION_DYNAMIC_ADDRESS_GROUP","SESSION_OWNER","HIGH_RESOLUTION_TIMESTAMP","A_SLICE_SERVICE_TYPE","A_SLICE_DIFFERENTIATOR","APPLICATION_SUBCATEGORY","APPLICATION_CATEGORY","
+            APPLICATION_TECHNOLOGY","APPLICATION_RISK","APPLICATION_CHARACTERISTIC","APPLICATION_CONTAINER","TUNNELED_APPLICATION","APPLICATION_SAAS","APPLICATION_SANCTIONED_STATE","OFFLOADED"
+        ]  
+    }
+
+
+    date {
+        timezone => "GMT"
+        match => [ "ReceiveTime", "YYYY_MM_dd HH:mm:ss" ]
+    }
+
+    mutate {
+        convert => [ "NAT_DESTINATION_PORT", "integer" ]
+        convert => [ "NAT_SOURCE_PORT", "integer" ]
+        convert => [ "DESTINATION_PORT", "integer" ]
+        convert => [ "SOURCE_PORT", "integer" ]
+        convert => [ "SEQUENCE_NUMBER", "integer" ]
+        remove_field => [ "message", "host", "path", "original","event"]
+
+   }
+
+    ruby {
+        code => "
+        hash = event.to_hash
+        hash.each do |field,value|
+            if value == nil
+                event.remove(field)
+            end
+        end
+        "
+    }
+}
+
+output {  
+    #stdout {}
+    kusto {
+        path => "/tmp/kusto/paloalto-traffic/%{+YYYY-MM-dd-HH-mm}.txt"
+        ingest_url => "${INGEST_CLUSTER_URL}"
+        app_id => "${APP_ID}"
+        app_key => "${APP_KEY}"
+        app_tenant => "${APP_TENANT}"
+        database => "${DATABASE}"
+        table => "PaloAltoTrafficLogs" # fw as defined above
+    } 
+}
\ No newline at end of file
diff --git a/docker-e2e/palo-alto-2.log b/docker-e2e/palo-alto-2.log
new file mode 100644
index 0000000..3a41ad4
--- /dev/null
+++ b/docker-e2e/palo-alto-2.log
@@ -0,0 +1,7 @@
+<134>Mar 27 10:13:02 AAAA-FW000 1,2024/03/27 10:13:02,013201003851,TRAFFIC,drop,2562,2024/03/27 10:13:02,10.10.10.10,20.20.20.20,0.0.0.0,0.0.0.0,DENY,,,not-applicable,vsys1,EXTERNE,EXTERNE,ae1.901,,LOG_POLICY,2024/03/27 10:13:02,0,1,52232,5005,0,0,0x0,tcp,deny,64,64,0,1,2024/03/27 10:12:57,0,any,,7348185613160215594,0x0,Netherlands,France,,1,0,policy-deny,0,0,0,0,,AAAA-FW000,from-policy,,,0,,0,,N/A,0,0,0,0,6d57cb42-5111-436d-b9a3-02e5da56e687,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2024-03-27T10:13:02.074+01:00,,,unknown,unknown,unknown,1,,,not-applicable,no,no,0
+<134>Mar 27 10:13:02 AAAA-FW000 1,2024/03/27 10:13:02,013201003851,TRAFFIC,drop,2562,2024/03/27 10:13:02,10.10.10.10,20.20.20.20,0.0.0.0,0.0.0.0,DENY,,,not-applicable,vsys1,EXTERNE,EXTERNE,ae1.901,,LOG_POLICY,2024/03/27 10:13:02,0,1,52232,5005,0,0,0x0,tcp,deny,64,64,0,1,2024/03/27 10:12:57,0,any,,7348185613160215594,0x0,Netherlands,France,,1,0,policy-deny,0,0,0,0,,AAAA-FW000,from-policy,,,0,,0,,N/A,0,0,0,0,6d57cb42-5111-436d-b9a3-02e5da56e687,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2024-03-27T10:13:02.074+01:00,,,unknown,unknown,unknown,1,,,not-applicable,no,no,0
+<134>Mar 27 10:13:02 AAAA-FW000 1,2024/03/27 10:13:02,013201003851,TRAFFIC,drop,2562,2024/03/27 10:13:02,10.10.10.10,20.20.20.20,0.0.0.0,0.0.0.0,DENY,,,not-applicable,vsys1,EXTERNE,EXTERNE,ae1.901,,LOG_POLICY,2024/03/27 10:13:02,0,1,52232,5005,0,0,0x0,tcp,deny,64,64,0,1,2024/03/27 10:12:57,0,any,,7348185613160215594,0x0,Netherlands,France,,1,0,policy-deny,0,0,0,0,,AAAA-FW000,from-policy,,,0,,0,,N/A,0,0,0,0,6d57cb42-5111-436d-b9a3-02e5da56e687,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2024-03-27T10:13:02.074+01:00,,,unknown,unknown,unknown,1,,,not-applicable,no,no,0
+<134>Mar 27 10:13:02 AAAA-FW000 1,2024/03/27 10:13:02,013201003851,TRAFFIC,drop,2562,2024/03/27 10:13:02,10.10.10.10,20.20.20.20,0.0.0.0,0.0.0.0,DENY,,,not-applicable,vsys1,EXTERNE,EXTERNE,ae1.901,,LOG_POLICY,2024/03/27 10:13:02,0,1,52232,5005,0,0,0x0,tcp,deny,64,64,0,1,2024/03/27 10:12:57,0,any,,7348185613160215594,0x0,Netherlands,France,,1,0,policy-deny,0,0,0,0,,AAAA-FW000,from-policy,,,0,,0,,N/A,0,0,0,0,6d57cb42-5111-436d-b9a3-02e5da56e687,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2024-03-27T10:13:02.074+01:00,,,unknown,unknown,unknown,1,,,not-applicable,no,no,0
+<134>Mar 27 10:13:02 AAAA-FW000 1,2024/03/27 10:13:02,013201003851,TRAFFIC,drop,2562,2024/03/27 10:13:02,10.10.10.10,20.20.20.20,0.0.0.0,0.0.0.0,DENY,,,not-applicable,vsys1,EXTERNE,EXTERNE,ae1.901,,LOG_POLICY,2024/03/27 10:13:02,0,1,52232,5005,0,0,0x0,tcp,deny,64,64,0,1,2024/03/27 10:12:57,0,any,,7348185613160215594,0x0,Netherlands,France,,1,0,policy-deny,0,0,0,0,,AAAA-FW000,from-policy,,,0,,0,,N/A,0,0,0,0,6d57cb42-5111-436d-b9a3-02e5da56e687,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2024-03-27T10:13:02.074+01:00,,,unknown,unknown,unknown,1,,,not-applicable,no,no,0
+<134>Mar 27 10:13:02 AAAA-FW000 1,2024/03/27 10:13:02,013201003851,TRAFFIC,drop,2562,2024/03/27 10:13:02,10.10.10.10,20.20.20.20,0.0.0.0,0.0.0.0,DENY,,,not-applicable,vsys1,EXTERNE,EXTERNE,ae1.901,,LOG_POLICY,2024/03/27 10:13:02,0,1,52232,5005,0,0,0x0,tcp,deny,64,64,0,1,2024/03/27 10:12:57,0,any,,7348185613160215594,0x0,Netherlands,France,,1,0,policy-deny,0,0,0,0,,AAAA-FW000,from-policy,,,0,,0,,N/A,0,0,0,0,6d57cb42-5111-436d-b9a3-02e5da56e687,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2024-03-27T10:13:02.074+01:00,,,unknown,unknown,unknown,1,,,not-applicable,no,no,0
+<134>Mar 27 10:13:02 AAAA-FW000 1,2024/03/27 10:13:02,013201003851,TRAFFIC,drop,2562,2024/03/27 10:13:02,10.10.10.10,20.20.20.20,0.0.0.0,0.0.0.0,DENY,,,not-applicable,vsys1,EXTERNE,EXTERNE,ae1.901,,LOG_POLICY,2024/03/27 10:13:02,0,1,52232,5005,0,0,0x0,tcp,deny,64,64,0,1,2024/03/27 10:12:57,0,any,,7348185613160215594,0x0,Netherlands,France,,1,0,policy-deny,0,0,0,0,,AAAA-FW000,from-policy,,,0,,0,,N/A,0,0,0,0,6d57cb42-5111-436d-b9a3-02e5da56e687,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2024-03-27T10:13:02.074+01:00,,,unknown,unknown,unknown,1,,,not-applicable,no,no,0
\ No newline at end of file