/
DataLog.java
71 lines (66 loc) · 63.6 KB
/
DataLog.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
public class DataLog {
public DataLog(){};
public String inline = "Jun 8 14:15:18 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)] [Data Object: ] [User Action: login] [User Action Status: success] [User Action Status Reason: ] [Time: Thu, 08 Jun 2017 14:15:18 GMT] [Service type: Box] [File Size: 0] [Authentication Type: Form] [IsManagedEndpoint: false] [Asset Id: 1] [Event Id: 43681314331638] [Session Id: 3450197739] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 107.152.27.215] [Client Location: 03 0/0 unknown] [Server Location: US 37.3622/-122.14] [Browser Id: 2R5X2kHSBC57ccb978] [Device Id: c48eec5fe0ddb37a8584cff2fe34acbbc2651fdf0906ed1029c8e4e696193f7c] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: Box-1,Box-2,Box-5] [Is DLP excceeds: False] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://skyromi1.account.box.com/login?redirect_url=/folder/0] ]\n" +
"Jun 8 14:15:47 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)] [Data Object: ] [User Action: logout] [User Action Status: unknown] [User Action Status Reason: ] [Time: Thu, 08 Jun 2017 14:15:47 GMT] [Service type: Box] [File Size: 0] [IsManagedEndpoint: false] [Asset Id: 1] [Event Id: 43947602304019] [Session Id: 3450197739] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 107.152.26.199] [Client Location: 03 0/0 unknown] [Server Location: US 37.3622/-122.14] [Browser Id: 2R5X2kHSBC57ccb978] [Device Id: c48eec5fe0ddb37a8584cff2fe34acbbc2651fdf0906ed1029c8e4e696193f7c] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: Box-1,Box-10] [Is DLP excceeds: False] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://skyromi1.app.box.com/logout] ]\n" +
"Jun 8 14:18:47 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)] [Data Object: ] [User Action: login] [User Action Status: success] [User Action Status Reason: ] [Time: Thu, 08 Jun 2017 14:18:47 GMT] [Service type: Box] [File Size: 0] [Authentication Type: Form] [IsManagedEndpoint: false] [Asset Id: 1] [Event Id: 44480178248903] [Session Id: 1241435310] [Gateway Action Status: monitor] [Client IP: 192.168.3.249] [Server IP: 107.152.27.197] [Client Location: 03 0/0 unknown] [Server Location: US 37.3622/-122.14] [Browser Id: w4ZZBN1Z433d418b19] [Device Id: 8531862e632a91d8eb33c041e2cd5b6715afe895d484ec947901764d437a0ed8] [OS: Mac OS X 10] [OS version: 1] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.249] [Mapping Ids: Box-1,Box-2,Box-5] [Is DLP excceeds: False] [Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36] [source: proxy] [URI: https://account.box.com/login?redirect_url=/] ]\n" +
"Jun 8 14:19:19 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)] [Data Object: Files] [Labels: <Files> ] [User Action: download] [User Action Status: unknown] [User Action Status Reason: ] [Time: Thu, 08 Jun 2017 14:19:19 GMT] [Service type: Box] [File Size: 185615] [IsManagedEndpoint: false] [Asset Id: 1] [Event Id: 44944034716903] [Session Id: 0] [Gateway Action Status: monitor] [Client IP: 192.168.3.249] [Server IP: 107.152.26.200] [Client Location: 03 0/0 unknown] [Server Location: US 37.3622/-122.14] [Browser Id: w4ZZBN1Z433d418b19] [Device Id: 8531862e632a91d8eb33c041e2cd5b6715afe895d484ec947901764d437a0ed8] [OS: Mac OS X 10] [OS version: 1] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.249] [Mapping Ids: Box-1,Box-2,Box-37] [Is DLP excceeds: False] [FileTypes: <image/jpeg> ] [Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36] [source: proxy] [URI: https://dl.boxcloud.com/d/1/9M4v0s5AjjDYiQkNEYMuXx8DsHZ12q3du_egJj_LMdlOrGNhxWueLqhOW1bBJTo-REQtL9gQX9FaWg6N1SqRQ1egAo4kwL43wzKuHeL6rxcSa3b1WSHVRiQhHGHoX-2MR67pA8IoyFhHO6BZT86RPE-HnlVrPHQVpstyogy6fI3vZdJZWYTAn2FrZRWizovyvC6D75MpkF6FrE2zmSOdYIWPkl-UEL3yJTSAbCuY1cAinqnv5lVGve_hAuQpMi5nZqxshEq1-XqE2sjNdzW2blXXARrYd1XFE8cA8TM0bhZNkFQuZxpzH5yRP7nvoX_UF-pPjpFG8TyBmK5JWE3HVrtcoXcq4wkXdG7NIRAqXFwnXPLLWYuT8xZUMf5kzkJm2t6-6O3wqRX24s5AXlCkCqJQELZtbaHIyw0IJ8arygztSsuncSS4HqGnII8ikDxJMIkCeeHclbfifEyYuRKe9DoTjHbGQRpd7g3M1YVA9f2VoS6xeHyCTupHbIH6YS2WLUpHIAwrEdVkCJcWfwyWVjAJGUtbyYkLMw6jS9QFyYvLaRGnw4CCn4fMboaLkqgBS1FWz1FwBIsay9hZalXNnUugn9F8ELzY0HYo5MAAvIcaBMAi3F2Tpvzo8muiYZQpnVvI7zcm9fJ8DUyN_fNKlZg7SVQf0pBdZsRGj6c8i3ilwIYkfVjVDuHtsmtF71TpyHVzI9FJJAs7kArTBe9-FJ8II0kt57_hv0\n" +
"Jun 8 14:19:51 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)] [Data Object: Files] [Records: Sanity Test/YYYYYYY1.jpg] [Labels: <Files> ] [User Action: delete] [User Action Status: unknown] [User Action Status Reason: ] [Time: Thu, 08 Jun 2017 14:19:51 GMT] [Service type: Box] [File Size: 0] [IsManagedEndpoint: false] [Asset Id: 1] [Event Id: 44982689422599] [Session Id: 1241435310] [Gateway Action Status: monitor] [Client IP: 192.168.3.249] [Server IP: 107.152.26.199] [Client Location: 03 0/0 unknown] [Server Location: US 37.3622/-122.14] [Browser Id: w4ZZBN1Z433d418b19] [Device Id: 8531862e632a91d8eb33c041e2cd5b6715afe895d484ec947901764d437a0ed8] [OS: Mac OS X 10] [OS version: 1] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.249] [Mapping Ids: Box-1,Box-2,Box-33] [Is DLP excceeds: False] [Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36] [source: proxy] [URI: https://skyromi1.app.box.com/index.php?rm=box_delete_items] ]\n" +
"Jun 8 14:33:47 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)] [Data Object: ] [User Action: logout] [User Action Status: unknown] [User Action Status Reason: ] [Time: Thu, 08 Jun 2017 14:33:47 GMT] [Service type: Box] [File Size: 0] [IsManagedEndpoint: false] [Asset Id: 1] [Event Id: 45038523998283] [Session Id: 1241435310] [Gateway Action Status: monitor] [Client IP: 192.168.3.249] [Server IP: 107.152.26.199] [Client Location: 03 0/0 unknown] [Server Location: US 37.3622/-122.14] [Browser Id: w4ZZBN1Z433d418b19] [Device Id: 8531862e632a91d8eb33c041e2cd5b6715afe895d484ec947901764d437a0ed8] [OS: Mac OS X 10] [OS version: 1] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.249] [Mapping Ids: Box-1,Box-10,Box-2] [Is DLP excceeds: False] [Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36] [source: proxy] [URI: https://skyromi1.app.box.com/logout] ]\n" +
"Jun 9 09:49:02 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: ] [User Action: login] [User Action Status: success] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:49:01 GMT] [Service type: Office 365] [File Size: 0] [Authentication Type: Form] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 45334876811021] [Session Id: 2005554652] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.240.48] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-4,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://login.microsoftonline.com/common/login] ]\n" +
"Jun 9 09:49:14 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: OneDrive] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:49:14 GMT] [Service type: OneDrive] [File Size: 256] [Authentication Type: Unknown] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 45760078573338] [Session Id: 0] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 13.107.6.151] [Client Location: 03 0/0 unknown] [Server Location: US 47.6801/-122.121] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-73,O365-88,O365-934] [Is DLP excceeds: False] [FileTypes: <text/html> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://veridinet-my.sharepoint.com/_layouts/15/MySite.aspx?MySiteRedirect=AllDocuments] ]\n" +
"Jun 9 09:49:14 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: OneDrive] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:49:14 GMT] [Service type: OneDrive] [File Size: 294] [Authentication Type: Unknown] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 45772963475226] [Session Id: 0] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 13.107.6.151] [Client Location: 03 0/0 unknown] [Server Location: US 47.6801/-122.121] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-73,O365-88,O365-934] [Is DLP excceeds: False] [FileTypes: <text/html> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://veridinet-my.sharepoint.com/_layouts/15/Authenticate.aspx?Source=/_layouts/15/MySite.aspx?MySiteRedirect=AllDocuments] ]\n" +
"Jun 9 09:49:17 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: OneDrive] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:49:17 GMT] [Service type: OneDrive] [File Size: 169] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 45820208115485] [Session Id: 3944627415] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 13.107.6.151] [Client Location: 03 0/0 unknown] [Server Location: US 47.6801/-122.121] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-73,O365-88,O365-934] [Is DLP excceeds: False] [FileTypes: <text/html> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://veridinet-my.sharepoint.com/_layouts/15/Authenticate.aspx?Source=/_layouts/15/MySite.aspx?MySiteRedirect=AllDocuments] ]\n" +
"Jun 9 09:49:18 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: OneDrive] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:49:18 GMT] [Service type: OneDrive] [File Size: 218] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 45833093017374] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 13.107.6.151] [Client Location: 03 0/0 unknown] [Server Location: US 47.6801/-122.121] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-73,O365-74,O365-88,O365-934] [Is DLP excceeds: False] [FileTypes: <text/html> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://veridinet-my.sharepoint.com/_layouts/15/MySite.aspx?MySiteRedirect=AllDocuments] ]\n" +
"Jun 9 09:49:18 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: OneDrive] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:49:18 GMT] [Service type: OneDrive] [File Size: 211674] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 45845977919262] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 13.107.6.151] [Client Location: 03 0/0 unknown] [Server Location: US 47.6801/-122.121] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-74,O365-88,O365-934] [Is DLP excceeds: False] [FileTypes: <text/html> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://veridinet-my.sharepoint.com/personal/alan_veridinet_onmicrosoft_com/_layouts/15/onedrive.aspx] ]\n" +
"Jun 9 09:50:38 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: d.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: download] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:50:38 GMT] [Service type: Office 365] [File Size: 7491] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 47465180589934] [Session Id: 4205704052] [Gateway Action Status: block] [Client IP: 192.168.3.216] [Server IP: 13.107.6.151] [Client Location: 03 0/0 unknown] [Server Location: US 47.6801/-122.121] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-140,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-74,O365-934] [Is DLP excceeds: False] [FileTypes: <application/vnd.openxmlformats-officedocument.spreadsheetml.sheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://veridinet-my.sharepoint.com/personal/alan_veridinet_onmicrosoft_com/_layouts/15/download.aspx?SourceUrl=/personal/alan_veridinet_onmicrosoft_com/Documents/d.xlsx] ]\n" +
"Jun 9 09:52:47 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:52:47 GMT] [Service type: Office 365] [File Size: 14456] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48543217381359] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"SessionId\":\"12.6f4b7d7e5e3d1.A99.1.V25.421338JvjzkS/lDVMBYMAieBN14.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S1.N14.16.0.8228.505114.5.en-US5.en-US1.V1.N0.1.S\",\"TransientEditSessionToken\":null,\"PermissionFlags\":786367,\"Configurations\":1577744,\"CompleteResponseTimeout\":0,\"CollaborationParameter\":{},\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"MachineCluster\":\"NL1\",\"AjaxOptions\":0,\"ViewModeStateId\":0,\"OperationVersion\":null}&ewaControlId=\"m_excelWebRenderer_ewaCtl_m_ewa\"¤tObject=\"Sheet1\"&namedObjectViewData\n" +
"Jun 9 09:52:48 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:52:48 GMT] [Service type: Office 365] [File Size: 14133] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48590462021616] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"SessionId\":\"12.6f4b7d7e5e3d1.A99.1.V25.421338JvjzkS/lDVMBYMAieBN14.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S1.N14.16.0.8228.505114.5.en-US5.en-US1.V1.N0.1.S\",\"TransientEditSessionToken\":null,\"PermissionFlags\":786367,\"Configurations\":1577744,\"CompleteResponseTimeout\":0,\"CollaborationParameter\":{},\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"MachineCluster\":\"NL1\",\"AjaxOptions\":0,\"ViewModeStateId\":0,\"OperationVersion\":null}&ewaControlId=\"m_excelWebRenderer_ewaCtl_m_ewa\"¤tObject=\"Sheet1\"&namedObjectViewData\n" +
"Jun 9 09:52:48 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:52:48 GMT] [Service type: Office 365] [File Size: 14133] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48594756988912] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"SessionId\":\"12.6f4b7d7e5e3d1.A99.1.V25.421338JvjzkS/lDVMBYMAieBN14.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S1.N14.16.0.8228.505114.5.en-US5.en-US1.V1.N0.1.S\",\"TransientEditSessionToken\":null,\"PermissionFlags\":786367,\"Configurations\":1577744,\"CompleteResponseTimeout\":0,\"CollaborationParameter\":{},\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"MachineCluster\":\"NL1\",\"AjaxOptions\":0,\"ViewModeStateId\":0,\"OperationVersion\":null}&ewaControlId=\"m_excelWebRenderer_ewaCtl_m_ewa\"¤tObject=\"Sheet1\"&namedObjectViewData\n" +
"Jun 9 09:52:48 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:52:48 GMT] [Service type: Office 365] [File Size: 14167] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48599051956208] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"SessionId\":\"12.6f4b7d7e5e3d1.A99.1.V25.421338JvjzkS/lDVMBYMAieBN14.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S1.N14.16.0.8228.505114.5.en-US5.en-US1.V1.N0.1.S\",\"TransientEditSessionToken\":null,\"PermissionFlags\":786367,\"Configurations\":1577744,\"CompleteResponseTimeout\":0,\"CollaborationParameter\":{},\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"MachineCluster\":\"NL1\",\"AjaxOptions\":0,\"ViewModeStateId\":0,\"OperationVersion\":null}&ewaControlId=\"m_excelWebRenderer_ewaCtl_m_ewa\"¤tObject=\"Sheet1\"&namedObjectViewData\n" +
"Jun 9 09:52:48 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:52:48 GMT] [Service type: Office 365] [File Size: 14168] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48603346923504] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"SessionId\":\"12.6f4b7d7e5e3d1.A99.1.V25.421338JvjzkS/lDVMBYMAieBN14.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S1.N14.16.0.8228.505114.5.en-US5.en-US1.V1.N0.1.S\",\"TransientEditSessionToken\":null,\"PermissionFlags\":786367,\"Configurations\":1577744,\"CompleteResponseTimeout\":0,\"CollaborationParameter\":{},\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"MachineCluster\":\"NL1\",\"AjaxOptions\":0,\"ViewModeStateId\":0,\"OperationVersion\":null}&ewaControlId=\"m_excelWebRenderer_ewaCtl_m_ewa\"¤tObject=\"Sheet1\"&namedObjectViewData\n" +
"Jun 9 09:52:48 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:52:48 GMT] [Service type: Office 365] [File Size: 14150] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48607641890800] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"SessionId\":\"12.6f4b7d7e5e3d1.A99.1.V25.421338JvjzkS/lDVMBYMAieBN14.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S1.N14.16.0.8228.505114.5.en-US5.en-US1.V1.N0.1.S\",\"TransientEditSessionToken\":null,\"PermissionFlags\":786367,\"Configurations\":1577744,\"CompleteResponseTimeout\":0,\"CollaborationParameter\":{},\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"MachineCluster\":\"NL1\",\"AjaxOptions\":0,\"ViewModeStateId\":0,\"OperationVersion\":null}&ewaControlId=\"m_excelWebRenderer_ewaCtl_m_ewa\"¤tObject=\"Sheet1\"&namedObjectViewData\n" +
"Jun 9 09:53:03 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: modify] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:03 GMT] [Service type: Office 365] [File Size: 581] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48757965746175] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-203,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/EwaInternalWebService.json/CloseWorkbook] ]\n" +
"Jun 9 09:53:05 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: modify] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:05 GMT] [Service type: Office 365] [File Size: 2727] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48770850648065] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-202,O365-203,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/EwaInternalWebService.json/OpenWorkbook] ]\n" +
"Jun 9 09:53:06 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:06 GMT] [Service type: Office 365] [File Size: 14625] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48818095288322] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"SessionId\":\"12.6f4b7d7e5e3d1.A284.1.E185.http://tier0?id=https%3A%2F%2Fveridinet%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Falan%5Fveridinet%5Fonmicrosoft%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffiles%2Fe4988e4a309546809c1d2a2880d7ad1814.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S24.Q8KHTDdlFUWC9qM0Dtrp0Q==14.16.0.8228.505114.5.en-US5.en-US1.M1.N0.1.S\",\"TransientEditSessionToken\":\"GzBLThN77EmbKL5tCtQhRQ==\",\"PermissionFlags\":786431,\"Configurations\":1577744,\"CompleteResponseTime\n" +
"Jun 9 09:53:06 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:06 GMT] [Service type: Office 365] [File Size: 14660] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48822390255618] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"SessionId\":\"12.6f4b7d7e5e3d1.A284.1.E185.http://tier0?id=https%3A%2F%2Fveridinet%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Falan%5Fveridinet%5Fonmicrosoft%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffiles%2Fe4988e4a309546809c1d2a2880d7ad1814.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S24.Q8KHTDdlFUWC9qM0Dtrp0Q==14.16.0.8228.505114.5.en-US5.en-US1.M1.N0.1.S\",\"TransientEditSessionToken\":\"GzBLThN77EmbKL5tCtQhRQ==\",\"PermissionFlags\":786431,\"Configurations\":1577744,\"CompleteResponseTime\n" +
"Jun 9 09:53:06 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:06 GMT] [Service type: Office 365] [File Size: 14641] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48843865092098] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"SessionId\":\"12.6f4b7d7e5e3d1.A284.1.E185.http://tier0?id=https%3A%2F%2Fveridinet%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Falan%5Fveridinet%5Fonmicrosoft%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffiles%2Fe4988e4a309546809c1d2a2880d7ad1814.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S24.Q8KHTDdlFUWC9qM0Dtrp0Q==14.16.0.8228.505114.5.en-US5.en-US1.M1.N0.1.S\",\"TransientEditSessionToken\":\"GzBLThN77EmbKL5tCtQhRQ==\",\"PermissionFlags\":786431,\"Configurations\":1577744,\"CompleteResponseTime\n" +
"Jun 9 09:53:06 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:06 GMT] [Service type: Office 365] [File Size: 14948] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48848160059394] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"SessionId\":\"12.6f4b7d7e5e3d1.A284.1.E185.http://tier0?id=https%3A%2F%2Fveridinet%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Falan%5Fveridinet%5Fonmicrosoft%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffiles%2Fe4988e4a309546809c1d2a2880d7ad1814.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S24.Q8KHTDdlFUWC9qM0Dtrp0Q==14.16.0.8228.505114.5.en-US5.en-US1.M1.N0.1.S\",\"TransientEditSessionToken\":\"GzBLThN77EmbKL5tCtQhRQ==\",\"PermissionFlags\":786431,\"Configurations\":1577744,\"CompleteResponseTime\n" +
"Jun 9 09:53:06 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:06 GMT] [Service type: Office 365] [File Size: 14624] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48852455026690] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"SessionId\":\"12.6f4b7d7e5e3d1.A284.1.E185.http://tier0?id=https%3A%2F%2Fveridinet%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Falan%5Fveridinet%5Fonmicrosoft%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffiles%2Fe4988e4a309546809c1d2a2880d7ad1814.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S24.Q8KHTDdlFUWC9qM0Dtrp0Q==14.16.0.8228.505114.5.en-US5.en-US1.M1.N0.1.S\",\"TransientEditSessionToken\":\"GzBLThN77EmbKL5tCtQhRQ==\",\"PermissionFlags\":786431,\"Configurations\":1577744,\"CompleteResponseTime\n" +
"Jun 9 09:53:06 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: view] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:06 GMT] [Service type: Office 365] [File Size: 14660] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 48856749993986] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={\"WorkbookMetadataParameter\":{\"WorkbookMetadataState\":{\"MetadataVersion\":0,\"ServerEventVersion\":0}},\"SessionId\":\"12.6f4b7d7e5e3d1.A284.1.E185.http://tier0?id=https%3A%2F%2Fveridinet%2Dmy%2Esharepoint%2Ecom%2Fpersonal%2Falan%5Fveridinet%5Fonmicrosoft%5Fcom%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffiles%2Fe4988e4a309546809c1d2a2880d7ad1814.5.en-US5.en-US42.c3a3468e1b0a499fa4e1683f8abed16d-Unlimited1.S24.Q8KHTDdlFUWC9qM0Dtrp0Q==14.16.0.8228.505114.5.en-US5.en-US1.M1.N0.1.S\",\"TransientEditSessionToken\":\"GzBLThN77EmbKL5tCtQhRQ==\",\"PermissionFlags\":786431,\"Configurations\":1577744,\"CompleteResponseTime\n" +
"Jun 9 09:53:15 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: modify] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:15 GMT] [Service type: Office 365] [File Size: 1354] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 49092973195275] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-203,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/EwaInternalWebService.json/SetCell] ]\n" +
"Jun 9 09:53:27 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: modify] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:27 GMT] [Service type: Office 365] [File Size: 769] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 49131627900951] [Session Id: 4205704052] [Gateway Action Status: monitor] [Client IP: 192.168.3.216] [Server IP: 104.40.225.204] [Client Location: 03 0/0 unknown] [Server Location: NL 52.35/4.9167] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-203,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934] [Is DLP excceeds: False] [FileTypes: <application/x-tika-msworks-spreadsheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://euc-excel.officeapps.live.com/x/_vti_bin/EwaInternalWebService.json/CloseWorkbook] ]\n" +
"Jun 9 09:53:36 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)] [Data Object: Files] [Records: Book.xlsx] [Labels: <OneDrive(SharePoint)> ] [User Action: download] [User Action Status: unknown] [User Action Status Reason: ] [Time: Fri, 09 Jun 2017 09:53:36 GMT] [Service type: Office 365] [File Size: 8341] [IsManagedEndpoint: false] [Asset Id: 3] [Event Id: 49187462475808] [Session Id: 4205704052] [Gateway Action Status: block] [Client IP: 192.168.3.216] [Server IP: 13.107.6.151] [Client Location: 03 0/0 unknown] [Server Location: US 47.6801/-122.121] [Browser Id: yNrJdw7rHH5ee425ed] [Device Id: bfbf22daebe7ca9bf4d4370e51ca132647d4c453c34e575099777ea0a4345d16] [OS: Windows] [OS version: 10] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.216] [Mapping Ids: O365-140,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-74,O365-934] [Is DLP excceeds: False] [FileTypes: <application/vnd.openxmlformats-officedocument.spreadsheetml.sheet> ] [Useragent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko] [source: proxy] [URI: https://veridinet-my.sharepoint.com/personal/alan_veridinet_onmicrosoft_com/_layouts/15/download.aspx?SourceUrl=/personal/alan_veridinet_onmicrosoft_com/Documents/Book.xlsx] ]";
public String outline = "Jun 8 14:15:18 [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)][Data Object: ][User Action: login][User Action Status: success][Service type: Box][Mapping Ids: Box-1,Box-2,Box-5][URI: https://skyromi1.account.box.com/login?redirect_url=/folder/0]\n" +
"Jun 8 14:15:47 [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)][Data Object: ][User Action: logout][User Action Status: unknown][Service type: Box][Mapping Ids: Box-1,Box-10][URI: https://skyromi1.app.box.com/logout]\n" +
"Jun 8 14:18:47 [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)][Data Object: ][User Action: login][User Action Status: success][Service type: Box][Mapping Ids: Box-1,Box-2,Box-5][URI: https://account.box.com/login?redirect_url=/]\n" +
"Jun 8 14:19:19 [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)][Data Object: Files][User Action: download][User Action Status: unknown][Labels: <Files> ][Service type: Box][Mapping Ids: Box-1,Box-2,Box-37]\n" +
"Jun 8 14:19:51 [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)][Data Object: Files][Records: Sanity Test/YYYYYYY1.jpg][User Action: delete][User Action Status: unknown][Labels: <Files> ][Service type: Box][Mapping Ids: Box-1,Box-2,Box-33][URI: https://skyromi1.app.box.com/index.php?rm=box_delete_items]\n" +
"Jun 8 14:33:47 [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)][Data Object: ][User Action: logout][User Action Status: unknown][Service type: Box][Mapping Ids: Box-1,Box-10,Box-2][URI: https://skyromi1.app.box.com/logout]\n" +
"Jun 9 09:49:02 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: ][User Action: login][User Action Status: success][Service type: Office 365][Mapping Ids: O365-4,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934][URI: https://login.microsoftonline.com/common/login]\n" +
"Jun 9 09:49:14 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: OneDrive][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: OneDrive][Mapping Ids: O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-73,O365-88,O365-934][URI: https://veridinet-my.sharepoint.com/_layouts/15/MySite.aspx?MySiteRedirect=AllDocuments]\n" +
"Jun 9 09:49:14 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: OneDrive][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: OneDrive][Mapping Ids: O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-73,O365-88,O365-934][URI: https://veridinet-my.sharepoint.com/_layouts/15/Authenticate.aspx?Source=/_layouts/15/MySite.aspx?MySiteRedirect=AllDocuments]\n" +
"Jun 9 09:49:17 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: OneDrive][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: OneDrive][Mapping Ids: O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-73,O365-88,O365-934][URI: https://veridinet-my.sharepoint.com/_layouts/15/Authenticate.aspx?Source=/_layouts/15/MySite.aspx?MySiteRedirect=AllDocuments]\n" +
"Jun 9 09:49:18 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: OneDrive][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: OneDrive][Mapping Ids: O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-73,O365-74,O365-88,O365-934][URI: https://veridinet-my.sharepoint.com/_layouts/15/MySite.aspx?MySiteRedirect=AllDocuments]\n" +
"Jun 9 09:49:18 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: OneDrive][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: OneDrive][Mapping Ids: O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-74,O365-88,O365-934][URI: https://veridinet-my.sharepoint.com/personal/alan_veridinet_onmicrosoft_com/_layouts/15/onedrive.aspx]\n" +
"Jun 9 09:50:38 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: d.xlsx][User Action: download][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-140,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-74,O365-934][URI: https://veridinet-my.sharepoint.com/personal/alan_veridinet_onmicrosoft_com/_layouts/15/download.aspx?SourceUrl=/personal/alan_veridinet_onmicrosoft_com/Documents/d.xlsx]\n" +
"Jun 9 09:52:47 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:52:48 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:52:48 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:52:48 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:52:48 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:52:48 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:53:03 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: modify][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-203,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934][URI: https://euc-excel.officeapps.live.com/x/_vti_bin/EwaInternalWebService.json/CloseWorkbook]\n" +
"Jun 9 09:53:05 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: modify][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-202,O365-203,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934][URI: https://euc-excel.officeapps.live.com/x/_vti_bin/EwaInternalWebService.json/OpenWorkbook]\n" +
"Jun 9 09:53:06 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:53:06 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:53:06 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:53:06 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:53:06 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:53:06 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: view][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-157,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934]\n" +
"Jun 9 09:53:15 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: modify][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-203,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934][URI: https://euc-excel.officeapps.live.com/x/_vti_bin/EwaInternalWebService.json/SetCell]\n" +
"Jun 9 09:53:27 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: modify][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-203,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-934][URI: https://euc-excel.officeapps.live.com/x/_vti_bin/EwaInternalWebService.json/CloseWorkbook]\n" +
"Jun 9 09:53:36 [Login Username: alan@veridinet.onmicrosoft.com (repository: alan@veridinet.onmicrosoft.com)][Data Object: Files][Records: Book.xlsx][User Action: download][User Action Status: unknown][Labels: <OneDrive(SharePoint)> ][Service type: Office 365][Mapping Ids: O365-140,O365-43,O365-44,O365-445,O365-507,O365-52,O365-53,O365-600,O365-74,O365-934][URI: https://veridinet-my.sharepoint.com/personal/alan_veridinet_onmicrosoft_com/_layouts/15/download.aspx?SourceUrl=/personal/alan_veridinet_onmicrosoft_com/Documents/Book.xlsx]\n";
public String oneLineIn = "Jun 8 14:19:19 skyfence sf_gateway[12923] [12948]: MgmtInterface INFO[MgmtIntfNetworkEvent.cpp:161] Activity: [Event Info: [EventType: Full] [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)] [Data Object: Files] [Labels: <Files> ] [User Action: download] [User Action Status: unknown] [User Action Status Reason: ] [Time: Thu, 08 Jun 2017 14:19:19 GMT] [Service type: Box] [File Size: 185615] [IsManagedEndpoint: false] [Asset Id: 1] [Event Id: 44944034716903] [Session Id: 0] [Gateway Action Status: monitor] [Client IP: 192.168.3.249] [Server IP: 107.152.26.200] [Client Location: 03 0/0 unknown] [Server Location: US 37.3622/-122.14] [Browser Id: w4ZZBN1Z433d418b19] [Device Id: 8531862e632a91d8eb33c041e2cd5b6715afe895d484ec947901764d437a0ed8] [OS: Mac OS X 10] [OS version: 1] [device type: PC] [device version: ] [Client Type: desktop] [Customer Id: 1] [DataTypes: ] [icapConnectors: ] [TOR Networks: ] [Anonymous Proxies: ] [Malicious IPs: ] [IP Chain: 192.168.3.249] [Mapping Ids: Box-1,Box-2,Box-37] [Is DLP excceeds: False] [FileTypes: <image/jpeg> ] [Useragent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36] [source: proxy] [URI: https://dl.boxcloud.com/d/1/9M4v0s5AjjDYiQkNEYMuXx8DsHZ12q3du_egJj_LMdlOrGNhxWueLqhOW1bBJTo-REQtL9gQX9FaWg6N1SqRQ1egAo4kwL43wzKuHeL6rxcSa3b1WSHVRiQhHGHoX-2MR67pA8IoyFhHO6BZT86RPE-HnlVrPHQVpstyogy6fI3vZdJZWYTAn2FrZRWizovyvC6D75MpkF6FrE2zmSOdYIWPkl-UEL3yJTSAbCuY1cAinqnv5lVGve_hAuQpMi5nZqxshEq1-XqE2sjNdzW2blXXARrYd1XFE8cA8TM0bhZNkFQuZxpzH5yRP7nvoX_UF-pPjpFG8TyBmK5JWE3HVrtcoXcq4wkXdG7NIRAqXFwnXPLLWYuT8xZUMf5kzkJm2t6-6O3wqRX24s5AXlCkCqJQELZtbaHIyw0IJ8arygztSsuncSS4HqGnII8ikDxJMIkCeeHclbfifEyYuRKe9DoTjHbGQRpd7g3M1YVA9f2VoS6xeHyCTupHbIH6YS2WLUpHIAwrEdVkCJcWfwyWVjAJGUtbyYkLMw6jS9QFyYvLaRGnw4CCn4fMboaLkqgBS1FWz1FwBIsay9hZalXNnUugn9F8ELzY0HYo5MAAvIcaBMAi3F2Tpvzo8muiYZQpnVvI7zcm9fJ8DUyN_fNKlZg7SVQf0pBdZsRGj6c8i3ilwIYkfVjVDuHtsmtF71TpyHVzI9FJJAs7kArTBe9-FJ8II0kt57_hv0\n";
public String oneLineOut = "Jun 8 14:19:19 [Login Username: user1@skyromi.onmicrosoft.com (repository: user1@skyromi.onmicrosoft.com)][Data Object: Files][User Action: download][User Action Status: unknown][Labels: <Files> ][Service type: Box][Mapping Ids: Box-1,Box-2,Box-37]\n";
public String randomString = "lkhblkhbjlbjhb kjhvkjvjk vjvkgvkh kjvkkk 6116162661 [sfsf] sdfd [sada: sggx]";
}