diff --git a/.script/tests/KqlvalidationsTests/CustomTables/InfobloxCDC.json b/.script/tests/KqlvalidationsTests/CustomTables/InfobloxCDC.json
index 545fb3eaf85..4ddac8e821e 100644
--- a/.script/tests/KqlvalidationsTests/CustomTables/InfobloxCDC.json
+++ b/.script/tests/KqlvalidationsTests/CustomTables/InfobloxCDC.json
@@ -40,6 +40,62 @@
         {
             "Name": "DestinationDnsDomain",
             "Type": "String"
+        },
+        {
+            "Name": "ThreatLevel",
+            "Type": "String"
+        },
+        {
+            "Name": "ThreatConfidence",
+            "Type": "Int"
+        },
+        {
+            "Name": "InfobloxThreatConfidence",
+            "Type": "Int"
+        },
+        {
+            "Name": "InfobloxB1FeedName",
+            "Type": "String"
+        },
+        {
+            "Name": "ThreatClass",
+            "Type": "String"
+        },
+        {
+            "Name": "ThreatProperty",
+            "Type": "String"
+        },
+        {
+            "Name": "DeviceAction",
+            "Type": "String"
+        },
+        {
+            "Name": "InfobloxB1PolicyName",
+            "Type": "String"
+        },
+        {
+            "Name": "SourceMACAddress",
+            "Type": "String"
+        },
+        {
+            "Name": "SourceUserName",
+            "Type": "String"
+        },
+        {
+            "Name": "InfobloxB1SrcOSVersion",
+            "Type": "String"
+        },
+        {
+            "Name": "InfobloxB1ConnectionType",
+            "Type": "String"
+        },
+        {
+            "Name": "InfobloxB1Network",
+            "Type": "String"
+        },
+        {
+            "Name": "AdditionalExtensionsParsedNested",
+            "Type": "Dynamic"
         }
     ]
-}
\ No newline at end of file
+}
diff --git a/Logos/infoblox_logo.svg b/Logos/infoblox_logo.svg
index 458f4db2ee1..865f8187914 100644
--- a/Logos/infoblox_logo.svg
+++ b/Logos/infoblox_logo.svg
@@ -1,11 +1,18 @@
-<svg xmlns="http://www.w3.org/2000/svg" id="32de6b2b-4165-4947-9b45-8b5aa59ef5d4" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 56 66" fill="#fff" fill-rule="evenodd" stroke="#000" stroke-linecap="round" stroke-linejoin="round">
-    <g stroke="none" fill-rule="nonzero" transform="translate(0.5 0.5)">
-        <path d="M10.095 27.966l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.538-2.15.538-2.824 0" fill="#95c840"/>
-        <path d="M10.095 51.36L.403 44.1C.133 43.83 0 43.56 0 43.427a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.672-2.15.672-2.824 0" fill="#59c9e6"/>
-        <path d="M25.69 16.403l-9.68-7.26c-.27-.27-.403-.538-.403-.807a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672 0 .27-.134.538-.403.807l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#ebe719"/>
-        <path d="M25.69 39.798l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#50c0af"/>
-        <path transform="translate(0,47.194)" d="M25.69 16.403l-9.68-7.26c-.27-.27-.403-.538-.403-.807a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672 0 .27-.134.538-.403.807l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#0377bb"/>
-        <path d="M41.288 27.966l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.672.538-2.017.538-2.824 0" fill="#78bc43"/>
-        <path d="M41.288 51.36l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.672.672-2.017.672-2.824 0" fill="#109fda"/>
-    </g>
-</svg>
\ No newline at end of file
+<?xml version="1.0" encoding="UTF-8"?>
+<svg id="32de6b2b-4165-4947-9b45-8b5aa59ef5d4" xmlns="http://www.w3.org/2000/svg" width="100" height="100" viewBox="0 0 100 100">
+  <defs>
+    <style>
+      .cls-1 {
+        fill: #00b04c;
+      }
+    </style>
+  </defs>
+  <g>
+    <path class="cls-1" d="m24.64,29.21l18.78,18.78c1.11,1.11,1.11,2.92,0,4.03l-18.78,18.78c-1.11,1.11-2.92,1.11-4.03,0L1.83,52.01c-1.11-1.11-1.11-2.92,0-4.03l18.78-18.78c1.11-1.11,2.92-1.11,4.03,0"/>
+    <path class="cls-1" d="m52.01,1.83l18.78,18.78c1.11,1.11,1.11,2.92,0,4.03l-18.78,18.78c-1.11,1.11-2.92,1.11-4.03,0l-18.78-18.78c-1.11-1.11-1.11-2.92,0-4.03L47.99,1.83c1.11-1.11,2.92-1.11,4.03,0"/>
+  </g>
+  <g>
+    <path class="cls-1" d="m52.01,56.58l18.78,18.78c1.11,1.11,1.11,2.92,0,4.03l-18.78,18.78c-1.11,1.11-2.92,1.11-4.03,0l-18.78-18.78c-1.11-1.11-1.11-2.92,0-4.03l18.78-18.78c1.11-1.11,2.92-1.11,4.03,0"/>
+    <path class="cls-1" d="m79.39,29.21l18.78,18.78c1.11,1.11,1.11,2.92,0,4.03l-18.78,18.78c-1.11,1.11-2.92,1.11-4.03,0l-18.78-18.78c-1.11-1.11-1.11-2.92,0-4.03l18.78-18.78c1.11-1.11,2.92-1.11,4.03,0"/>
+  </g>
+</svg>
diff --git a/Sample Data/CEF/InfobloxCloudDataConnector-sampledata.csv b/Sample Data/CEF/InfobloxCloudDataConnector-sampledata.csv
index debe70e5c8a..0d2b4bc8fca 100644
--- a/Sample Data/CEF/InfobloxCloudDataConnector-sampledata.csv	
+++ b/Sample Data/CEF/InfobloxCloudDataConnector-sampledata.csv	
@@ -1,108 +1,529 @@
-SourceSystem,TimeGenerated [Pacific Time (US and Canada) Tijuana],DeviceVendor,DeviceProduct,DeviceEventClassID,LogSeverity,DeviceAction,SimplifiedDeviceAction,Computer,CommunicationDirection,DestinationIP,DeviceAddress,DeviceName,Message,Protocol,SourcePort,SourceIP,DeviceVersion,Activity,AdditionalExtensions,ApplicationProtocol,DestinationDnsDomain,SourceHostName,SourceMACAddress,SourceUserName,Type,AdditionalExtensionsParsedNested,cat,code_12,code_53,code_55,code_57,code_61,code_82,InfobloxAnCount,InfobloxArCount,InfobloxB1ConnectionType,InfobloxB1DNSTags,InfobloxB1FeedName,InfobloxB1FeedType,InfobloxB1Network,InfobloxB1OPHIPAddress,InfobloxB1OPHName,InfobloxB1PolicyAction,InfobloxB1PolicyName,InfobloxB1Region,InfobloxB1SrcOSVersion,InfobloxB1ThreatIndicator,InfobloxClientID,InfobloxCSiteId,InfobloxDNSQClass,InfobloxDNSQFlags,InfobloxDNSQType,InfobloxDNSRCode,InfobloxDNSView,InfobloxDomainCat,InfobloxFingerprintPr,InfobloxLeaseOp,InfobloxLeaseUUID,InfobloxLifetime,InfobloxNsCount,InfobloxPolicyID,InfobloxRPZ,InfobloxRPZRule,InfobloxServerID,InfobloxSubnetID,InfobloxThreatConfidence,InfobloxThreatLevel,InfobloxThreatProperty,ThreatLevel_Score,ThreatLevel,ThreatClass,ThreatProperty
-OpsManager,"10/26/2021, 2:16:58.298 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME REDIRECT rewrite crl4.digicert.com. [A] via CAT_Streaming Media.crl4.digicert.com.""",,18544,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Streaming Media.crl4.digicert.com.;InfobloxRPZ=CAT_Streaming Media;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Streaming Media;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft 365,APP_Uncategorized,CAT_Content Server,CAT_Software/Hardware,CAT_Streaming Media;InfobloxB1ThreatIndicator=CAT;InfobloxB1FeedName=CAT_Streaming Media;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,crl4.digicert.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Streaming Media.crl4.digicert.com."",""InfobloxRPZ"":""CAT_Streaming Media"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Streaming Media"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Microsoft 365,APP_Uncategorized,CAT_Content Server,CAT_Software/Hardware,CAT_Streaming Media"",""InfobloxB1ThreatIndicator"":""CAT"",""InfobloxB1FeedName"":""CAT_Streaming Media"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,remote_client,"APP_Microsoft 365,APP_Uncategorized,CAT_Content Server,CAT_Software/Hardware,CAT_Streaming Media",CAT_Streaming Media,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,CAT,,,,,A,,,Streaming Media,,,,,,99986,CAT_Streaming Media,CAT_Streaming Media.crl4.digicert.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:52:30.581 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,192.168.1.90,,"""rpz QNAME REDIRECT rewrite ocsp.digicert.com. [AAAA] via CAT_Streaming Media.ocsp.digicert.com.""",,31206,192.168.1.90,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=default;InfobloxDNSQType=AAAA;InfobloxRPZRule=CAT_Streaming Media.ocsp.digicert.com.;InfobloxRPZ=CAT_Streaming Media;InfobloxCSiteId=261392d3041b4a9b96c47e3c2b8446dd;InfobloxPolicyID=99986;InfobloxDomainCat=Streaming Media;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft 365,APP_Uncategorized,CAT_Content Server,CAT_Software/Hardware,CAT_Streaming Media;InfobloxB1ThreatIndicator=CAT;InfobloxB1FeedName=CAT_Streaming Media;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,ocsp.digicert.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSView"":""default"",""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""CAT_Streaming Media.ocsp.digicert.com."",""InfobloxRPZ"":""CAT_Streaming Media"",""InfobloxCSiteId"":""261392d3041b4a9b96c47e3c2b8446dd"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Streaming Media"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft 365,APP_Uncategorized,CAT_Content Server,CAT_Software/Hardware,CAT_Streaming Media"",""InfobloxB1ThreatIndicator"":""CAT"",""InfobloxB1FeedName"":""CAT_Streaming Media"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,dfp,"APP_Microsoft 365,APP_Uncategorized,CAT_Content Server,CAT_Software/Hardware,CAT_Streaming Media",CAT_Streaming Media,FQDN,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,Redirect,Sentinel-Security-Policy,us-west-1,,CAT,,261392d3041b4a9b96c47e3c2b8446dd,,,AAAA,,default,Streaming Media,,,,,,99986,CAT_Streaming Media,CAT_Streaming Media.ocsp.digicert.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:39.969 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,192.168.1.106,,"""rpz QNAME REDIRECT rewrite www.amazon.com. [A] via CAT_Online Shopping.www.amazon.com.""",,7930,192.168.1.106,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=default;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Online Shopping.www.amazon.com.;InfobloxRPZ=CAT_Online Shopping;InfobloxCSiteId=261392d3041b4a9b96c47e3c2b8446dd;InfobloxPolicyID=99986;InfobloxDomainCat=Online Shopping;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,CAT_Online Shopping;InfobloxB1ThreatIndicator=CAT;InfobloxB1FeedName=CAT_Online Shopping;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,www.amazon.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSView"":""default"",""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Online Shopping.www.amazon.com."",""InfobloxRPZ"":""CAT_Online Shopping"",""InfobloxCSiteId"":""261392d3041b4a9b96c47e3c2b8446dd"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Online Shopping"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,CAT_Online Shopping"",""InfobloxB1ThreatIndicator"":""CAT"",""InfobloxB1FeedName"":""CAT_Online Shopping"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,dfp,"APP_Uncategorized,CAT_Content Server,CAT_Online Shopping",CAT_Online Shopping,FQDN,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,Redirect,Sentinel-Security-Policy,us-west-1,,CAT,,261392d3041b4a9b96c47e3c2b8446dd,,,A,,default,Online Shopping,,,,,,99986,CAT_Online Shopping,CAT_Online Shopping.www.amazon.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:39.138 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,192.168.1.106,,"""rpz QNAME REDIRECT rewrite www.amazon.com. [AAAA] via CAT_Online Shopping.www.amazon.com.""",,31846,192.168.1.106,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=default;InfobloxDNSQType=AAAA;InfobloxRPZRule=CAT_Online Shopping.www.amazon.com.;InfobloxRPZ=CAT_Online Shopping;InfobloxCSiteId=261392d3041b4a9b96c47e3c2b8446dd;InfobloxPolicyID=99986;InfobloxDomainCat=Online Shopping;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_GoToMyPC,APP_Uncategorized,CAT_Content Server,CAT_Online Shopping;InfobloxB1ThreatIndicator=CAT;InfobloxB1FeedName=CAT_Online Shopping;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,www.amazon.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSView"":""default"",""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""CAT_Online Shopping.www.amazon.com."",""InfobloxRPZ"":""CAT_Online Shopping"",""InfobloxCSiteId"":""261392d3041b4a9b96c47e3c2b8446dd"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Online Shopping"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_GoToMyPC,APP_Uncategorized,CAT_Content Server,CAT_Online Shopping"",""InfobloxB1ThreatIndicator"":""CAT"",""InfobloxB1FeedName"":""CAT_Online Shopping"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,dfp,"APP_GoToMyPC,APP_Uncategorized,CAT_Content Server,CAT_Online Shopping",CAT_Online Shopping,FQDN,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,Redirect,Sentinel-Security-Policy,us-west-1,,CAT,,261392d3041b4a9b96c47e3c2b8446dd,,,AAAA,,default,Online Shopping,,,,,,99986,CAT_Online Shopping,CAT_Online Shopping.www.amazon.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:42.405 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,192.168.1.106,,"""rpz QNAME REDIRECT rewrite www.amazon.com. [A] via CAT_Online Shopping.www.amazon.com.""",,60808,192.168.1.106,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=default;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Online Shopping.www.amazon.com.;InfobloxRPZ=CAT_Online Shopping;InfobloxCSiteId=261392d3041b4a9b96c47e3c2b8446dd;InfobloxPolicyID=99986;InfobloxDomainCat=Online Shopping;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,CAT_Online Shopping;InfobloxB1ThreatIndicator=CAT;InfobloxB1FeedName=CAT_Online Shopping;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,www.amazon.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSView"":""default"",""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Online Shopping.www.amazon.com."",""InfobloxRPZ"":""CAT_Online Shopping"",""InfobloxCSiteId"":""261392d3041b4a9b96c47e3c2b8446dd"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Online Shopping"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,CAT_Online Shopping"",""InfobloxB1ThreatIndicator"":""CAT"",""InfobloxB1FeedName"":""CAT_Online Shopping"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,dfp,"APP_Uncategorized,CAT_Content Server,CAT_Online Shopping",CAT_Online Shopping,FQDN,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,Redirect,Sentinel-Security-Policy,us-west-1,,CAT,,261392d3041b4a9b96c47e3c2b8446dd,,,A,,default,Online Shopping,,,,,,99986,CAT_Online Shopping,CAT_Online Shopping.www.amazon.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:08:22.872 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME REDIRECT rewrite photograph.myfw.us. [A] via CAT_Malicious Sites.photograph.myfw.us.""",,42222,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Malicious Sites.photograph.myfw.us.;InfobloxRPZ=CAT_Malicious Sites;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Malicious Sites;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malicious Sites,etiqrisk-ip;InfobloxB1ThreatIndicator=CAT;InfobloxB1FeedName=CAT_Malicious Sites;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,photograph.myfw.us.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Malicious Sites.photograph.myfw.us."",""InfobloxRPZ"":""CAT_Malicious Sites"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Malicious Sites"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malicious Sites,etiqrisk-ip"",""InfobloxB1ThreatIndicator"":""CAT"",""InfobloxB1FeedName"":""CAT_Malicious Sites"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,remote_client,"APP_Uncategorized,CAT_Malicious Sites,etiqrisk-ip",CAT_Malicious Sites,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,CAT,,,,,A,,,Malicious Sites,,,,,,99986,CAT_Malicious Sites,CAT_Malicious Sites.photograph.myfw.us.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:40.097 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,192.168.1.106,,"""rpz QNAME REDIRECT rewrite www.ebay.com. [AAAA] via CAT_Auctions/Classifieds.www.ebay.com.""",,44483,192.168.1.106,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=default;InfobloxDNSQType=AAAA;InfobloxRPZRule=CAT_Auctions/Classifieds.www.ebay.com.;InfobloxRPZ=CAT_Auctions/Classifieds;InfobloxCSiteId=261392d3041b4a9b96c47e3c2b8446dd;InfobloxPolicyID=99986;InfobloxDomainCat=Auctions/Classifieds;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server;InfobloxB1ThreatIndicator=CAT;InfobloxB1FeedName=CAT_Auctions/Classifieds;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,www.ebay.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSView"":""default"",""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""CAT_Auctions/Classifieds.www.ebay.com."",""InfobloxRPZ"":""CAT_Auctions/Classifieds"",""InfobloxCSiteId"":""261392d3041b4a9b96c47e3c2b8446dd"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Auctions/Classifieds"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server"",""InfobloxB1ThreatIndicator"":""CAT"",""InfobloxB1FeedName"":""CAT_Auctions/Classifieds"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,dfp,"APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server",CAT_Auctions/Classifieds,FQDN,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,Redirect,Sentinel-Security-Policy,us-west-1,,CAT,,261392d3041b4a9b96c47e3c2b8446dd,,,AAAA,,default,Auctions/Classifieds,,,,,,99986,CAT_Auctions/Classifieds,CAT_Auctions/Classifieds.www.ebay.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:40.171 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,192.168.1.106,,"""rpz QNAME REDIRECT rewrite www.ebay.com. [AAAA] via CAT_Auctions/Classifieds.www.ebay.com.""",,41235,192.168.1.106,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=default;InfobloxDNSQType=AAAA;InfobloxRPZRule=CAT_Auctions/Classifieds.www.ebay.com.;InfobloxRPZ=CAT_Auctions/Classifieds;InfobloxCSiteId=261392d3041b4a9b96c47e3c2b8446dd;InfobloxPolicyID=99986;InfobloxDomainCat=Auctions/Classifieds;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server;InfobloxB1ThreatIndicator=CAT;InfobloxB1FeedName=CAT_Auctions/Classifieds;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,www.ebay.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSView"":""default"",""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""CAT_Auctions/Classifieds.www.ebay.com."",""InfobloxRPZ"":""CAT_Auctions/Classifieds"",""InfobloxCSiteId"":""261392d3041b4a9b96c47e3c2b8446dd"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Auctions/Classifieds"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server"",""InfobloxB1ThreatIndicator"":""CAT"",""InfobloxB1FeedName"":""CAT_Auctions/Classifieds"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,dfp,"APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server",CAT_Auctions/Classifieds,FQDN,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,Redirect,Sentinel-Security-Policy,us-west-1,,CAT,,261392d3041b4a9b96c47e3c2b8446dd,,,AAAA,,default,Auctions/Classifieds,,,,,,99986,CAT_Auctions/Classifieds,CAT_Auctions/Classifieds.www.ebay.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:24.870 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME REDIRECT rewrite salesforce.com. [A] via APP_Salesforce.salesforce.com.""",,6155,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=APP_Salesforce.salesforce.com.;InfobloxRPZ=APP_Salesforce;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Salesforce;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Salesforce,APP_Uncategorized,CAT_Business,CAT_Software/Hardware;InfobloxB1ThreatIndicator=APP;InfobloxB1FeedName=APP_Salesforce;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,salesforce.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""APP_Salesforce.salesforce.com."",""InfobloxRPZ"":""APP_Salesforce"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Salesforce"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Salesforce,APP_Uncategorized,CAT_Business,CAT_Software/Hardware"",""InfobloxB1ThreatIndicator"":""APP"",""InfobloxB1FeedName"":""APP_Salesforce"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,remote_client,"APP_Salesforce,APP_Uncategorized,CAT_Business,CAT_Software/Hardware",APP_Salesforce,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,APP,,,,,A,,,Salesforce,,,,,,99986,APP_Salesforce,APP_Salesforce.salesforce.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:32.735 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME REDIRECT rewrite github.com. [A] via APP_GitHub.github.com.""",,42085,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=APP_GitHub.github.com.;InfobloxRPZ=APP_GitHub;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=GitHub;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_GitHub,APP_Uncategorized,CAT_Technical/Business Forums;InfobloxB1ThreatIndicator=APP;InfobloxB1FeedName=APP_GitHub;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,github.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""APP_GitHub.github.com."",""InfobloxRPZ"":""APP_GitHub"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""GitHub"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_GitHub,APP_Uncategorized,CAT_Technical/Business Forums"",""InfobloxB1ThreatIndicator"":""APP"",""InfobloxB1FeedName"":""APP_GitHub"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,remote_client,"APP_GitHub,APP_Uncategorized,CAT_Technical/Business Forums",APP_GitHub,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,APP,,,,,A,,,GitHub,,,,,,99986,APP_GitHub,APP_GitHub.github.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:40.097 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME REDIRECT rewrite dropbox.com. [A] via APP_Dropbox.dropbox.com.""",,43754,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=APP_Dropbox.dropbox.com.;InfobloxRPZ=APP_Dropbox;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Dropbox;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Dropbox,APP_Uncategorized,CAT_Personal Network Storage;InfobloxB1ThreatIndicator=APP;InfobloxB1FeedName=APP_Dropbox;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,dropbox.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""APP_Dropbox.dropbox.com."",""InfobloxRPZ"":""APP_Dropbox"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Dropbox"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Dropbox,APP_Uncategorized,CAT_Personal Network Storage"",""InfobloxB1ThreatIndicator"":""APP"",""InfobloxB1FeedName"":""APP_Dropbox"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,remote_client,"APP_Dropbox,APP_Uncategorized,CAT_Personal Network Storage",APP_Dropbox,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,APP,,,,,A,,,Dropbox,,,,,,99986,APP_Dropbox,APP_Dropbox.dropbox.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:32.735 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME REDIRECT rewrite www.gstatic.com. [A] via APP_Dropbox.www.gstatic.com.""",,42085,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=APP_Dropbox.www.gstatic.com.;InfobloxRPZ=APP_Dropbox;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Dropbox;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Box,APP_Dropbox,APP_Google Drive,APP_Google Gmail,APP_Google Jamboard,APP_Google Meet,APP_Google Sites,APP_Google Voice,APP_Uncategorized,CAT_Content Server,CAT_Internet Services;InfobloxB1ThreatIndicator=APP;InfobloxB1FeedName=APP_Dropbox;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,www.gstatic.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""APP_Dropbox.www.gstatic.com."",""InfobloxRPZ"":""APP_Dropbox"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Dropbox"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Box,APP_Dropbox,APP_Google Drive,APP_Google Gmail,APP_Google Jamboard,APP_Google Meet,APP_Google Sites,APP_Google Voice,APP_Uncategorized,CAT_Content Server,CAT_Internet Services"",""InfobloxB1ThreatIndicator"":""APP"",""InfobloxB1FeedName"":""APP_Dropbox"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,remote_client,"APP_Box,APP_Dropbox,APP_Google Drive,APP_Google Gmail,APP_Google Jamboard,APP_Google Meet,APP_Google Sites,APP_Google Voice,APP_Uncategorized,CAT_Content Server,CAT_Internet Services",APP_Dropbox,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,APP,,,,,A,,,Dropbox,,,,,,99986,APP_Dropbox,APP_Dropbox.www.gstatic.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:40.265 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME REDIRECT rewrite dropbox.com. [A] via APP_Dropbox.dropbox.com.""",,41838,208.50.179.13,2.1.3,RPZ EVENT QNAME REDIRECT,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=APP_Dropbox.dropbox.com.;InfobloxRPZ=APP_Dropbox;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Dropbox;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Dropbox,APP_Uncategorized,CAT_Personal Network Storage;InfobloxB1ThreatIndicator=APP;InfobloxB1FeedName=APP_Dropbox;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",DNS,dropbox.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""APP_Dropbox.dropbox.com."",""InfobloxRPZ"":""APP_Dropbox"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Dropbox"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Dropbox,APP_Uncategorized,CAT_Personal Network Storage"",""InfobloxB1ThreatIndicator"":""APP"",""InfobloxB1FeedName"":""APP_Dropbox"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,remote_client,"APP_Dropbox,APP_Uncategorized,CAT_Personal Network Storage",APP_Dropbox,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,APP,,,,,A,,,Dropbox,,,,,,99986,APP_Dropbox,APP_Dropbox.dropbox.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:52:30.580 PM",Infoblox,Data Connector,RPZ-QNAME-REDIRECT,0,REDIRECT,REDIRECT,infoblox-virtual-machine,,,,,"""rpz QNAME REDIRECT rewrite ocsp.digicert.com. [A] via CAT_Streaming Media.ocsp.digicert.com.""",,31206,192.168.1.90,2.1.3,RPZ EVENT QNAME REDIRECT,InfobloxDNSView=default;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Streaming Media.ocsp.digicert.com.;InfobloxRPZ=CAT_Streaming Media;InfobloxCSiteId=261392d3041b4a9b96c47e3c2b8446dd;InfobloxPolicyID=99986;InfobloxDomainCat=Streaming Media;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP),DNS,ocsp.digicert.com.,,00:50:56:0b:0f:80, ],CommonSecurityLog,"{""InfobloxDNSView"":""default"",""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Streaming Media.ocsp.digicert.com."",""InfobloxRPZ"":""CAT_Streaming Media"",""InfobloxCSiteId"":""261392d3041b4a9b96c47e3c2b8446dd"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Streaming Media"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,,,,,,,,,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,261392d3041b4a9b96c47e3c2b8446dd,,,A,,default,Streaming Media,,,,,,99986,CAT_Streaming Media,CAT_Streaming Media.ocsp.digicert.com.,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:07:47.257 PM",Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,NXDOMAIN,NXDOMAIN,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME NXDOMAIN rewrite nxead.itemdb.com. [A] via ext-base-antimalware.nxead.itemdb.com.""",,37404,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.nxead.itemdb.com.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=80;InfobloxThreatLevel=80;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malicious Sites,CAT_PUPs (potentially unwanted programs),CAT_Phishing,bogon,ext-base-antimalware;InfobloxB1ThreatIndicator=nxead.itemdb.com;InfobloxB1FeedName=Ext_Base_AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",DNS,nxead.itemdb.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""ext-base-antimalware.nxead.itemdb.com."",""InfobloxRPZ"":""ext-base-antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""80"",""InfobloxThreatLevel"":""80"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malicious Sites,CAT_PUPs (potentially unwanted programs),CAT_Phishing,bogon,ext-base-antimalware"",""InfobloxB1ThreatIndicator"":""nxead.itemdb.com"",""InfobloxB1FeedName"":""Ext_Base_AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,remote_client,"APP_Uncategorized,CAT_Malicious Sites,CAT_PUPs (potentially unwanted programs),CAT_Phishing,bogon,ext-base-antimalware",Ext_Base_AntiMalware,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,nxead.itemdb.com,,,,,A,,,,,,,,,99986,ext-base-antimalware,ext-base-antimalware.nxead.itemdb.com.,,,80,80,APT_MalwareC2,80,High,APT,MalwareC2
-OpsManager,"10/26/2021, 2:08:16.819 PM",Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,NXDOMAIN,NXDOMAIN,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME NXDOMAIN rewrite nxead.itemdb.com. [A] via ext-base-antimalware.nxead.itemdb.com.""",,42222,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.nxead.itemdb.com.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=80;InfobloxThreatLevel=80;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malicious Sites,CAT_PUPs (potentially unwanted programs),CAT_Phishing,bogon,ext-base-antimalware;InfobloxB1ThreatIndicator=nxead.itemdb.com;InfobloxB1FeedName=Ext_Base_AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",DNS,nxead.itemdb.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""ext-base-antimalware.nxead.itemdb.com."",""InfobloxRPZ"":""ext-base-antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""80"",""InfobloxThreatLevel"":""80"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malicious Sites,CAT_PUPs (potentially unwanted programs),CAT_Phishing,bogon,ext-base-antimalware"",""InfobloxB1ThreatIndicator"":""nxead.itemdb.com"",""InfobloxB1FeedName"":""Ext_Base_AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,remote_client,"APP_Uncategorized,CAT_Malicious Sites,CAT_PUPs (potentially unwanted programs),CAT_Phishing,bogon,ext-base-antimalware",Ext_Base_AntiMalware,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,nxead.itemdb.com,,,,,A,,,,,,,,,99986,ext-base-antimalware,ext-base-antimalware.nxead.itemdb.com.,,,80,80,APT_MalwareC2,80,High,APT,MalwareC2
-OpsManager,"10/26/2021, 2:08:16.974 PM",Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,NXDOMAIN,NXDOMAIN,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME NXDOMAIN rewrite nxead.itemdb.com. [A] via ext-base-antimalware.nxead.itemdb.com.""",,42222,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.nxead.itemdb.com.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=80;InfobloxThreatLevel=80;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malicious Sites,CAT_PUPs (potentially unwanted programs),CAT_Phishing,bogon,ext-base-antimalware;InfobloxB1ThreatIndicator=nxead.itemdb.com;InfobloxB1FeedName=Ext_Base_AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",DNS,nxead.itemdb.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""ext-base-antimalware.nxead.itemdb.com."",""InfobloxRPZ"":""ext-base-antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""80"",""InfobloxThreatLevel"":""80"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malicious Sites,CAT_PUPs (potentially unwanted programs),CAT_Phishing,bogon,ext-base-antimalware"",""InfobloxB1ThreatIndicator"":""nxead.itemdb.com"",""InfobloxB1FeedName"":""Ext_Base_AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,remote_client,"APP_Uncategorized,CAT_Malicious Sites,CAT_PUPs (potentially unwanted programs),CAT_Phishing,bogon,ext-base-antimalware",Ext_Base_AntiMalware,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,nxead.itemdb.com,,,,,A,,,,,,,,,99986,ext-base-antimalware,ext-base-antimalware.nxead.itemdb.com.,,,80,80,APT_MalwareC2,80,High,APT,MalwareC2
-OpsManager,"10/26/2021, 2:05:57.191 PM",Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,NXDOMAIN,NXDOMAIN,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME NXDOMAIN rewrite editorswa.com. [A] via base.editorswa.com.""",,20330,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.editorswa.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Blogs/Wiki,base;InfobloxB1ThreatIndicator=editorswa.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",DNS,editorswa.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.editorswa.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Blogs/Wiki,base"",""InfobloxB1ThreatIndicator"":""editorswa.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,remote_client,"APP_Uncategorized,CAT_Blogs/Wiki,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,editorswa.com,,,,,A,,,,,,,,,99986,base,base.editorswa.com.,,,,100,APT_MalwareC2,100,High,APT,MalwareC2
-OpsManager,"10/26/2021, 2:06:13.371 PM",Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,NXDOMAIN,NXDOMAIN,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME NXDOMAIN rewrite editorswa.com. [A] via base.editorswa.com.""",,20330,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.editorswa.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Blogs/Wiki,base;InfobloxB1ThreatIndicator=editorswa.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",DNS,editorswa.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.editorswa.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Blogs/Wiki,base"",""InfobloxB1ThreatIndicator"":""editorswa.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,remote_client,"APP_Uncategorized,CAT_Blogs/Wiki,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,editorswa.com,,,,,A,,,,,,,,,99986,base,base.editorswa.com.,,,,100,APT_MalwareC2,100,High,APT,MalwareC2
-OpsManager,"10/26/2021, 2:06:13.371 PM",Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,NXDOMAIN,NXDOMAIN,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME NXDOMAIN rewrite hg8l3u.loan. [A] via base.hg8l3u.loan.""",,20330,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.hg8l3u.loan.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=hg8l3u.loan;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",DNS,hg8l3u.loan.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.hg8l3u.loan."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""hg8l3u.loan"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,hg8l3u.loan,,,,,A,,,,,,,,,99986,base,base.hg8l3u.loan.,,,,100,APT_MalwareC2,100,High,APT,MalwareC2
-OpsManager,"10/26/2021, 2:05:57.191 PM",Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,NXDOMAIN,NXDOMAIN,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME NXDOMAIN rewrite mail.google.com-recoveryservice.info. [A] via base.mail.google.com-recoveryservice.info.""",,20330,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.mail.google.com-recoveryservice.info.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malicious Sites,base;InfobloxB1ThreatIndicator=mail.google.com-recoveryservice.info;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",DNS,mail.google.com-recoveryservice.info.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.mail.google.com-recoveryservice.info."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malicious Sites,base"",""InfobloxB1ThreatIndicator"":""mail.google.com-recoveryservice.info"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,remote_client,"APP_Uncategorized,CAT_Malicious Sites,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,mail.google.com-recoveryservice.info,,,,,A,,,,,,,,,99986,base,base.mail.google.com-recoveryservice.info.,,,,100,APT_MalwareC2,100,High,APT,MalwareC2
-OpsManager,"10/26/2021, 2:08:11.199 PM",Infoblox,Data Connector,RPZ-QNAME-NXDOMAIN,8,NXDOMAIN,NXDOMAIN,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""rpz QNAME NXDOMAIN rewrite dpc.servegame.com. [A] via base.dpc.servegame.com.""",,42222,208.50.179.13,2.1.3,RPZ EVENT QNAME NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.dpc.servegame.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services,CAT_Personal Pages,base;InfobloxB1ThreatIndicator=dpc.servegame.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",DNS,dpc.servegame.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.dpc.servegame.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services,CAT_Personal Pages,base"",""InfobloxB1ThreatIndicator"":""dpc.servegame.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,remote_client,"APP_Uncategorized,CAT_Internet Services,CAT_Personal Pages,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,dpc.servegame.com,,,,,A,,,,,,,,,99986,base,base.dpc.servegame.com.,,,,100,APT_MalwareC2,100,High,APT,MalwareC2
-OpsManager,"10/26/2021, 2:06:23.026 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""cdn.content.prod.cms.msn.com. 1657 IN CNAME cdn.content.prod.cms.msn.com.edgekey.net.  cdn.content.prod.cms.msn.com.edgekey.net. 2 IN CNAME e10663.dscg.akamaiedge.net.  e10663.dscg.akamaiedge.net. 20 IN A 23.1.245.167  . 0 4096 OPT """,TCP,25880,208.50.179.13,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,CAT_Portal Sites",DNS,cdn.content.prod.cms.msn.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,CAT_Portal Sites""}",,,,,,,,3,1,remote_client,"APP_Uncategorized,CAT_Content Server,CAT_Portal Sites",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:06:24.448 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,""". 0 4096 OPT """,TCP,41853,208.50.179.13,2.1.3,DNS Response IN A NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",DNS,hg8p7q.tech.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,,IN,#NAME?,A,NXDOMAIN,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:06:24.449 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,""". 0 4096 OPT """,TCP,41853,208.50.179.13,2.1.3,DNS Response IN A NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",DNS,udp.jjevil.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,,IN,#NAME?,A,NXDOMAIN,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:06:24.968 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,"""assets.msn.com. 6779 IN CNAME assets.msn.com.edgekey.net.  assets.msn.com.edgekey.net. 179 IN CNAME e28578.d.akamaiedge.net.  e28578.d.akamaiedge.net. 15 IN A 23.50.233.55  e28578.d.akamaiedge.net. 15 IN A 23.50.233.125  e28578.d.akamaiedge.net. 15 IN A 23.50.233.134  e28578.d.akamaiedge.net. 15 IN A 23.50.233.53  e28578.d.akamaiedge.net. 15 IN A 23.50.233.135  e28578.d.akamaiedge.net. 15 IN A 23.50.233.56  e28578.d.akamaiedge.net. 15 IN A 23.50.233.119  e28578.d.akamaiedge.net. 15 IN A 23.50.233.48  e28578.d.akamaiedge.net. 15 IN A 23.50.233.133  . 0 4096 OPT """,TCP,57010,208.50.179.13,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=11;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,CAT_Portal Sites",DNS,assets.msn.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""11"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,CAT_Portal Sites""}",,,,,,,,11,1,remote_client,"APP_Uncategorized,CAT_Content Server,CAT_Portal Sites",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:06:24.968 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,""". 0 4096 OPT """,TCP,57010,208.50.179.13,2.1.3,DNS Response IN A NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_PUPs (potentially unwanted programs),base",DNS,jepsen.r3u8.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_PUPs (potentially unwanted programs),base""}",,,,,,,,0,1,remote_client,"APP_Uncategorized,CAT_PUPs (potentially unwanted programs),base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,,IN,#NAME?,A,NXDOMAIN,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:06:26.519 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,""". 0 4096 OPT """,TCP,40134,208.50.179.13,2.1.3,DNS Response IN A NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malicious Sites,CAT_Parked Domain,base",DNS,updatepatch.icr38.net.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malicious Sites,CAT_Parked Domain,base""}",,,,,,,,0,1,remote_client,"APP_Uncategorized,CAT_Malicious Sites,CAT_Parked Domain,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,,IN,#NAME?,A,NXDOMAIN,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:06:26.519 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,208.50.179.13,Sentinel-Win-Main2,""". 0 4096 OPT """,TCP,40134,208.50.179.13,2.1.3,DNS Response IN A NXDOMAIN,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malicious Sites,base,etiqrisk-ip,ext-antimalware-ip",DNS,ftp.scarlet-witch.com.,,00:50:56:01:13:0f,rdp,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malicious Sites,base,etiqrisk-ip,ext-antimalware-ip""}",,,,,,,,0,1,remote_client,"APP_Uncategorized,CAT_Malicious Sites,base,etiqrisk-ip,ext-antimalware-ip",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,,IN,#NAME?,A,NXDOMAIN,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:49:48.161 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""client.wns.windows.com. 1459 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 284 IN A 40.83.240.146  . 32768 4096 OPT """,TCP,35175,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",DNS,client.wns.windows.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware""}",,,,,,,,2,1,dfp,"APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:38.815 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""contile.services.mozilla.com. 513 IN A 34.117.237.239  . 32768 4096 OPT """,TCP,17458,192.168.1.106,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Software/Hardware",DNS,contile.services.mozilla.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Software/Hardware""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:38.816 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""www.ebay.com. 0 IN A 3.215.231.251  . 32768 1232 OPT """,TCP,17458,192.168.1.106,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server",DNS,www.ebay.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:39.788 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""www.amazon.com. 0 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 32768 1232 OPT """,TCP,39838,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,CAT_Online Shopping",DNS,www.amazon.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,CAT_Online Shopping""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Content Server,CAT_Online Shopping",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,AAAA,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:49:48.161 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""wns.notify.trafficmanager.net. 137 IN A 13.64.180.106  . 32768 4096 OPT """,TCP,35175,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,wns.notify.trafficmanager.net.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:27:45.244 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""ocsp.digicert.com. 0 IN A 3.215.231.251  . 150792 IN NS b.root-servers.net.  . 150792 IN NS j.root-servers.net.  . 150792 IN NS h.root-servers.net.  . 150792 IN NS c.root-servers.net.  . 150792 IN NS a.root-servers.net.  . 150792 IN NS f.root-servers.net.  . 150792 IN NS i.root-servers.net.  . 150792 IN NS e.root-servers.net.  . 150792 IN NS m.root-servers.net.  . 150792 IN NS d.root-servers.net.  . 150792 IN NS g.root-servers.net.  . 150792 IN NS l.root-servers.net.  . 150792 IN NS k.root-servers.net.  a.root-servers.net. 150792 IN A 198.41.0.4  b.root-servers.net. 150792 IN A 199.9.14.201  c.root-servers.net. 150792 IN A 192.33.4.12  d.root-servers.net. 150792 IN A 199.7.91.13  e.root-servers.net. 150792 IN A 192.203.230.10  f.root-servers.net. 150792 IN A 192.5.5.241  g.root-servers.net. 150792 IN A 192.112.36.4  h.root-servers.net. 150792 IN A 198.97.190.53  i.root-servers.net. 150792 IN A 192.36.148.17  j.root-servers.net. 150792 IN A 192.58.128.30  k.root-servers.net. 150792 IN A 193.0.14.129  l.root-servers.net. 150792 IN A 199.7.83.42  m.root-servers.net. 150792 IN A 202.12.27.33  a.root-servers.net. 150792 IN AAAA 2001:503:ba3e::2:30""",UDP,61908,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14,DNS,ocsp.digicert.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14""}",,,,,,,,1,14,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:48:39.990 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""us-east-1.elb.amazonaws.com. 59 IN SOA ns-1119.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60  . 32768 4096 OPT """,TCP,21360,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,int-classic-scout-production-1074780512.us-east-1.elb.amazonaws.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,0,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,AAAA,NOERROR,,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:38:30.252 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""connectivity-check.ubuntu.com. 600 IN A 35.224.170.84  connectivity-check.ubuntu.com. 600 IN A 35.232.111.17  . 0 1232 OPT """,UDP,43700,192.168.1.106,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,DNS,connectivity-check.ubuntu.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1""}",,,,,,,,2,1,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:38:36.521 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""connectivity-check.ubuntu.com. 600 IN A 35.232.111.17  connectivity-check.ubuntu.com. 600 IN A 35.224.170.84  . 32768 4096 OPT """,TCP,55942,192.168.1.106,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Software/Hardware",DNS,connectivity-check.ubuntu.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Software/Hardware""}",,,,,,,,2,1,dfp,"APP_Uncategorized,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:48:42.365 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""article.smartasset.com. 84365 IN CNAME unbouncepages.com.  unbouncepages.com. 900 IN SOA ns-748.awsdns-29.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400  . 32768 4096 OPT """,TCP,19173,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Finance/Banking,CAT_Internet Services",DNS,article.smartasset.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Finance/Banking,CAT_Internet Services""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Finance/Banking,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,AAAA,NOERROR,,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:30.237 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""connectivity-check.ubuntu.com. 350 IN A 35.232.111.17  connectivity-check.ubuntu.com. 350 IN A 35.224.170.84  . 0 1232 OPT """,UDP,43089,192.168.1.106,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1,DNS,connectivity-check.ubuntu.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1""}",,,,,,,,2,1,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:48:44.761 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""unbouncepages.com. 60 IN A 108.128.55.166  unbouncepages.com. 60 IN A 18.200.10.24  . 32768 4096 OPT """,TCP,3638,192.168.1.106,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,unbouncepages.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,2,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:30.237 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""services.mozilla.com. 356 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400  . 0 1232 OPT """,UDP,57187,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1,DNS,contile.services.mozilla.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1""}",,,,,,,,0,1,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:39.788 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""www.amazon.com. 0 IN A 3.215.231.251  . 32768 1232 OPT """,TCP,7930,192.168.1.106,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,CAT_Online Shopping",DNS,www.amazon.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,CAT_Online Shopping""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Content Server,CAT_Online Shopping",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:30.237 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""contile.services.mozilla.com. 296 IN A 34.117.237.239  . 0 1232 OPT """,UDP,53808,192.168.1.106,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,DNS,contile.services.mozilla.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1""}",,,,,,,,1,1,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:40.178 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""services.mozilla.com. 842 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400  . 32768 4096 OPT """,TCP,44483,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Software/Hardware",DNS,contile.services.mozilla.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Software/Hardware""}",,,,,,,,0,1,dfp,"APP_Uncategorized,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,AAAA,NOERROR,,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:43:40.178 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""www.ebay.com. 0 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 32768 1232 OPT """,TCP,44483,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server",DNS,www.ebay.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Auctions/Classifieds,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,AAAA,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:48:45.260 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""i.geistm.com. 38 IN CNAME int-classic-scout-production-1074780512.us-east-1.elb.amazonaws.com.  us-east-1.elb.amazonaws.com. 59 IN SOA ns-1119.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60  . 0 1232 OPT """,UDP,46383,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=1;InfobloxArCount=1,DNS,i.geistm.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1""}",,,,,,,,1,1,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:38:45.246 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""client.wns.windows.com. 222 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 194 IN A 40.83.247.108  . 150134 IN NS g.root-servers.net.  . 150134 IN NS l.root-servers.net.  . 150134 IN NS e.root-servers.net.  . 150134 IN NS h.root-servers.net.  . 150134 IN NS i.root-servers.net.  . 150134 IN NS b.root-servers.net.  . 150134 IN NS f.root-servers.net.  . 150134 IN NS a.root-servers.net.  . 150134 IN NS m.root-servers.net.  . 150134 IN NS d.root-servers.net.  . 150134 IN NS j.root-servers.net.  . 150134 IN NS k.root-servers.net.  . 150134 IN NS c.root-servers.net.  a.root-servers.net. 150134 IN A 198.41.0.4  b.root-servers.net. 150134 IN A 199.9.14.201  c.root-servers.net. 150134 IN A 192.33.4.12  d.root-servers.net. 150134 IN A 199.7.91.13  e.root-servers.net. 150134 IN A 192.203.230.10  f.root-servers.net. 150134 IN A 192.5.5.241  g.root-servers.net. 150134 IN A 192.112.36.4  h.root-servers.net. 150134 IN A 198.97.190.53  i.root-servers.net. 150134 IN A 192.36.148.17  j.root-servers.net. 150134 IN A 192.58.128.30  k.root-servers.net. 150134 IN A 193.0.14.129""",UDP,58700,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=11,DNS,client.wns.windows.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""11""}",,,,,,,,2,11,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:38:45.246 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""client.wns.windows.com. 222 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 194 IN A 40.83.247.108  . 150134 IN NS k.root-servers.net.  . 150134 IN NS d.root-servers.net.  . 150134 IN NS l.root-servers.net.  . 150134 IN NS h.root-servers.net.  . 150134 IN NS j.root-servers.net.  . 150134 IN NS c.root-servers.net.  . 150134 IN NS i.root-servers.net.  . 150134 IN NS e.root-servers.net.  . 150134 IN NS m.root-servers.net.  . 150134 IN NS f.root-servers.net.  . 150134 IN NS g.root-servers.net.  . 150134 IN NS b.root-servers.net.  . 150134 IN NS a.root-servers.net.  a.root-servers.net. 150134 IN A 198.41.0.4  b.root-servers.net. 150134 IN A 199.9.14.201  c.root-servers.net. 150134 IN A 192.33.4.12  d.root-servers.net. 150134 IN A 199.7.91.13  e.root-servers.net. 150134 IN A 192.203.230.10  f.root-servers.net. 150134 IN A 192.5.5.241  g.root-servers.net. 150134 IN A 192.112.36.4  h.root-servers.net. 150134 IN A 198.97.190.53  i.root-servers.net. 150134 IN A 192.36.148.17  j.root-servers.net. 150134 IN A 192.58.128.30  k.root-servers.net. 150134 IN A 193.0.14.129""",UDP,58700,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=11,DNS,client.wns.windows.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""11""}",,,,,,,,2,11,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:38:50.387 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""client.wns.windows.com. 2124 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 222 IN A 40.83.240.146  . 32768 4096 OPT """,TCP,45265,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",DNS,client.wns.windows.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware""}",,,,,,,,2,1,dfp,"APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:07:30.270 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""us-east-1.elb.amazonaws.com. 55 IN SOA ns-1119.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60""",UDP,63104,192.168.1.90,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0,DNS,proxyserverecs-1736642167.us-east-1.elb.amazonaws.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""0""}",,,,,,,,0,0,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:44:00.280 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""ubuntu.com. 1985 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2018054618 10800 3600 604800 3600  . 0 1232 OPT """,UDP,43569,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1,DNS,connectivity-check.ubuntu.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1""}",,,,,,,,0,1,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:44:00.281 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""ubuntu.com. 1985 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2018054618 10800 3600 604800 3600  . 0 1232 OPT """,UDP,38962,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1,DNS,connectivity-check.ubuntu.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1""}",,,,,,,,0,1,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:27:48.928 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""client.wns.windows.com. 2785 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 33 IN A 40.83.240.146  . 32768 4096 OPT """,TCP,45226,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",DNS,client.wns.windows.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware""}",,,,,,,,2,1,dfp,"APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:27:48.928 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""wns.notify.trafficmanager.net. 45 IN A 40.83.247.108  . 32768 4096 OPT """,TCP,45226,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,wns.notify.trafficmanager.net.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:08:57.119 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""go.microsoft.com. 2165 IN CNAME go.microsoft.com.edgekey.net.  go.microsoft.com.edgekey.net. 278 IN CNAME e11290.dspg.akamaiedge.net.  e11290.dspg.akamaiedge.net. 11 IN A 104.86.5.150  . 32768 4096 OPT """,TCP,40468,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft 365,APP_Uncategorized,CAT_Business,CAT_Content Server,CAT_Software/Hardware",DNS,go.microsoft.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft 365,APP_Uncategorized,CAT_Business,CAT_Content Server,CAT_Software/Hardware""}",,,,,,,,3,1,dfp,"APP_Microsoft 365,APP_Uncategorized,CAT_Business,CAT_Content Server,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:08:57.119 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""go.microsoft.com.edgekey.net. 256 IN CNAME e11290.dspg.akamaiedge.net.  e11290.dspg.akamaiedge.net. 7 IN A 104.86.5.150  . 32768 4096 OPT """,TCP,40468,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",DNS,go.microsoft.com.edgekey.net.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,,,,,,,2,1,dfp,"APP_Uncategorized,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:08:57.119 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""e11290.dspg.akamaiedge.net. 8 IN A 104.86.5.150  . 32768 4096 OPT """,TCP,40468,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",DNS,e11290.dspg.akamaiedge.net.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:08:57.119 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""settings-win.data.microsoft.com. 2359 IN CNAME settingsfd-geo.trafficmanager.net.  settingsfd-geo.trafficmanager.net. 27 IN A 52.185.211.133  . 32768 4096 OPT """,TCP,40468,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",DNS,settings-win.data.microsoft.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware""}",,,,,,,,2,1,dfp,"APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:09:00.415 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""go.microsoft.com. 11 IN CNAME go.microsoft.com.edgekey.net.  go.microsoft.com.edgekey.net. 7 IN CNAME e11290.dspg.akamaiedge.net.  e11290.dspg.akamaiedge.net. 8 IN A 104.86.5.150  . 151925 IN NS b.root-servers.net.  . 151925 IN NS e.root-servers.net.  . 151925 IN NS l.root-servers.net.  . 151925 IN NS i.root-servers.net.  . 151925 IN NS k.root-servers.net.  . 151925 IN NS d.root-servers.net.  . 151925 IN NS c.root-servers.net.  . 151925 IN NS a.root-servers.net.  . 151925 IN NS f.root-servers.net.  . 151925 IN NS m.root-servers.net.  . 151925 IN NS h.root-servers.net.  . 151925 IN NS j.root-servers.net.  . 151925 IN NS g.root-servers.net.  a.root-servers.net. 151925 IN A 198.41.0.4  b.root-servers.net. 151925 IN A 199.9.14.201  c.root-servers.net. 151925 IN A 192.33.4.12  d.root-servers.net. 151925 IN A 199.7.91.13  e.root-servers.net. 151925 IN A 192.203.230.10  f.root-servers.net. 151925 IN A 192.5.5.241  g.root-servers.net. 151925 IN A 192.112.36.4  h.root-servers.net. 151925 IN A 198.97.190.53  i.root-servers.net. 151925 IN A 192.36.148.17""",UDP,58238,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=9,DNS,go.microsoft.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""9""}",,,,,,,,3,9,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:09:00.415 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""ubuntu.com. 1113 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2018054618 10800 3600 604800 3600  . 0 1232 OPT """,UDP,42027,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1,DNS,connectivity-check.ubuntu.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1""}",,,,,,,,0,1,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:09:00.415 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""settings-win.data.microsoft.com. 27 IN CNAME settingsfd-geo.trafficmanager.net.  settingsfd-geo.trafficmanager.net. 14 IN A 52.137.106.217  . 151925 IN NS h.root-servers.net.  . 151925 IN NS g.root-servers.net.  . 151925 IN NS j.root-servers.net.  . 151925 IN NS m.root-servers.net.  . 151925 IN NS c.root-servers.net.  . 151925 IN NS k.root-servers.net.  . 151925 IN NS b.root-servers.net.  . 151925 IN NS d.root-servers.net.  . 151925 IN NS a.root-servers.net.  . 151925 IN NS f.root-servers.net.  . 151925 IN NS i.root-servers.net.  . 151925 IN NS e.root-servers.net.  . 151925 IN NS l.root-servers.net.  a.root-servers.net. 151925 IN A 198.41.0.4  b.root-servers.net. 151925 IN A 199.9.14.201  c.root-servers.net. 151925 IN A 192.33.4.12  d.root-servers.net. 151925 IN A 199.7.91.13  e.root-servers.net. 151925 IN A 192.203.230.10  f.root-servers.net. 151925 IN A 192.5.5.241  g.root-servers.net. 151925 IN A 192.112.36.4  h.root-servers.net. 151925 IN A 198.97.190.53  i.root-servers.net. 151925 IN A 192.36.148.17  j.root-servers.net. 151925 IN A 192.58.128.30  k.root-servers.net. 151925 IN A 193.0.14.129""",UDP,63617,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=11,DNS,settings-win.data.microsoft.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""11""}",,,,,,,,2,11,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:09:00.415 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""ubuntu.com. 1113 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2018054618 10800 3600 604800 3600  . 0 1232 OPT """,UDP,60509,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1,DNS,connectivity-check.ubuntu.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1""}",,,,,,,,0,1,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:09:30.220 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""csp.infoblox.com. 12 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 33 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 33 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 33 IN A 18.209.243.220  . 151889 IN NS b.root-servers.net.  . 151889 IN NS j.root-servers.net.  . 151889 IN NS e.root-servers.net.  . 151889 IN NS l.root-servers.net.  . 151889 IN NS a.root-servers.net.  . 151889 IN NS f.root-servers.net.  . 151889 IN NS d.root-servers.net.  . 151889 IN NS c.root-servers.net.  . 151889 IN NS g.root-servers.net.  . 151889 IN NS h.root-servers.net.  . 151889 IN NS m.root-servers.net.  . 151889 IN NS i.root-servers.net.  . 151889 IN NS k.root-servers.net.  a.root-servers.net. 151889 IN A 198.41.0.4  b.root-servers.net. 151889 IN A 199.9.14.201  c.root-servers.net. 151889 IN A 192.33.4.12  d.root-servers.net. 151889 IN A 199.7.91.13  e.root-servers.net. 151889 IN A 192.203.230.10  f.root-servers.net. 151889 IN A 192.5.5.241  g.root-servers.net. 151889 IN A 192.112.36.4  h.root-servers.net. 151889 IN A 198.97.190.53""",UDP,63618,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8,DNS,csp.infoblox.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8""}",,,,,,,,4,8,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:09:30.221 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""probe.infoblox.com. 0 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""""",UDP,63620,192.168.1.90,2.1.3,DNS Response IN TXT NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=0,DNS,probe.infoblox.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""0""}",,,,,,,,1,0,,,,,,,,,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:09:30.388 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,192.168.1.90,,"""probe.infoblox.com. 0 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""""",UDP,63620,192.168.1.90,2.1.3,DNS Response IN TXT NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,DNS,probe.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,,,,,,,1,0,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:14:05.910 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""ubuntu.com. 834 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2018054618 10800 3600 604800 3600  . 32768 4096 OPT """,TCP,47767,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Software/Hardware",DNS,connectivity-check.ubuntu.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Software/Hardware""}",,,,,,,,0,1,dfp,"APP_Uncategorized,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,AAAA,NOERROR,,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:30.237 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""www.amazon.com. 0 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 0 1232 OPT """,UDP,42801,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,DNS,www.amazon.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1""}",,,,,,,,1,1,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:30.237 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""www.amazon.com. 0 IN A 3.215.231.251  . 0 1232 OPT """,UDP,48634,192.168.1.106,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,DNS,www.amazon.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1""}",,,,,,,,1,1,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:38:50.388 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""wns.notify.trafficmanager.net. 194 IN A 40.83.247.108  . 32768 4096 OPT """,TCP,45265,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,wns.notify.trafficmanager.net.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:39:00.326 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""ubuntu.com. 2285 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2018054618 10800 3600 604800 3600  . 0 1232 OPT """,UDP,53671,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1,DNS,connectivity-check.ubuntu.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1""}",,,,,,,,0,1,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:30.238 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""www.ebay.com. 0 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 0 1232 OPT """,UDP,53682,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,DNS,www.ebay.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1""}",,,,,,,,1,1,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:30.238 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""www.ebay.com. 0 IN A 3.215.231.251  . 0 1232 OPT """,UDP,35508,192.168.1.106,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1,DNS,www.ebay.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1""}",,,,,,,,1,1,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:38.819 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""services.mozilla.com. 356 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400  . 32768 4096 OPT """,TCP,31846,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Software/Hardware",DNS,contile.services.mozilla.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Software/Hardware""}",,,,,,,,0,1,dfp,"APP_Uncategorized,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,AAAA,NOERROR,,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:39:00.326 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""ubuntu.com. 2285 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2018054618 10800 3600 604800 3600  . 0 1232 OPT """,UDP,57705,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1,DNS,connectivity-check.ubuntu.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1""}",,,,,,,,0,1,,,,,,,,,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:27:52.295 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""arc.msn.com. 20755 IN CNAME arc.trafficmanager.net.  arc.trafficmanager.net. 46 IN CNAME iris-de-prod-azsc-wus2-b.westus2.cloudapp.azure.com.  iris-de-prod-azsc-wus2-b.westus2.cloudapp.azure.com. 3 IN A 20.69.130.185  . 32768 4096 OPT """,TCP,45226,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services,CAT_Portal Sites",DNS,arc.msn.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services,CAT_Portal Sites""}",,,,,,,,3,1,dfp,"APP_Uncategorized,CAT_Internet Services,CAT_Portal Sites",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:40:00.290 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""probe.infoblox.com. 0 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 150059 IN NS h.root-servers.net.  . 150059 IN NS l.root-servers.net.  . 150059 IN NS k.root-servers.net.  . 150059 IN NS b.root-servers.net.  . 150059 IN NS f.root-servers.net.  . 150059 IN NS d.root-servers.net.  . 150059 IN NS e.root-servers.net.  . 150059 IN NS g.root-servers.net.  . 150059 IN NS a.root-servers.net.  . 150059 IN NS i.root-servers.net.  . 150059 IN NS j.root-servers.net.  . 150059 IN NS c.root-servers.net.  . 150059 IN NS m.root-servers.net.  a.root-servers.net. 150059 IN A 198.41.0.4  b.root-servers.net. 150059 IN A 199.9.14.201  c.root-servers.net. 150059 IN A 192.33.4.12  d.root-servers.net. 150059 IN A 199.7.91.13  e.root-servers.net. 150059 IN A 192.203.230.10  f.root-servers.net. 150059 IN A 192.5.5.241  g.root-servers.net. 150059 IN A 192.112.36.4  h.root-servers.net. 150059 IN A 198.97.190.53  i.root-servers.net. 150059 IN A 192.36.148.17  j.root-servers.net. 150059 IN A 192.58.128.30  k.root-servers.net. 150059 IN A 193.0.14.129  l.root-servers.net. 150059 IN A 199.7.83.42  m.root-servers.net. 150059 IN A 202.12.27.33""",UDP,58704,192.168.1.90,2.1.3,DNS Response IN TXT NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13,DNS,probe.infoblox.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13""}",,,,,,,,1,13,,,,,,,,,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:40:00.290 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,,,"""csp.infoblox.com. 17 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 44 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 44 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 44 IN A 18.233.189.178  . 150059 IN NS a.root-servers.net.  . 150059 IN NS c.root-servers.net.  . 150059 IN NS g.root-servers.net.  . 150059 IN NS k.root-servers.net.  . 150059 IN NS i.root-servers.net.  . 150059 IN NS d.root-servers.net.  . 150059 IN NS h.root-servers.net.  . 150059 IN NS e.root-servers.net.  . 150059 IN NS f.root-servers.net.  . 150059 IN NS b.root-servers.net.  . 150059 IN NS l.root-servers.net.  . 150059 IN NS m.root-servers.net.  . 150059 IN NS j.root-servers.net.  a.root-servers.net. 150059 IN A 198.41.0.4  b.root-servers.net. 150059 IN A 199.9.14.201  c.root-servers.net. 150059 IN A 192.33.4.12  d.root-servers.net. 150059 IN A 199.7.91.13  e.root-servers.net. 150059 IN A 192.203.230.10  f.root-servers.net. 150059 IN A 192.5.5.241  g.root-servers.net. 150059 IN A 192.112.36.4  h.root-servers.net. 150059 IN A 198.97.190.53""",UDP,58702,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8,DNS,csp.infoblox.com.,,,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8""}",,,,,,,,4,8,,,,,,,,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:40:00.687 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,192.168.1.90,,"""probe.infoblox.com. 0 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 150059 IN NS h.root-servers.net.  . 150059 IN NS l.root-servers.net.  . 150059 IN NS k.root-servers.net.  . 150059 IN NS b.root-servers.net.  . 150059 IN NS f.root-servers.net.  . 150059 IN NS d.root-servers.net.  . 150059 IN NS e.root-servers.net.  . 150059 IN NS g.root-servers.net.  . 150059 IN NS a.root-servers.net.  . 150059 IN NS i.root-servers.net.  . 150059 IN NS j.root-servers.net.  . 150059 IN NS c.root-servers.net.  . 150059 IN NS m.root-servers.net.  a.root-servers.net. 150059 IN A 198.41.0.4  b.root-servers.net. 150059 IN A 199.9.14.201  c.root-servers.net. 150059 IN A 192.33.4.12  d.root-servers.net. 150059 IN A 199.7.91.13  e.root-servers.net. 150059 IN A 192.203.230.10  f.root-servers.net. 150059 IN A 192.5.5.241  g.root-servers.net. 150059 IN A 192.112.36.4  h.root-servers.net. 150059 IN A 198.97.190.53  i.root-servers.net. 150059 IN A 192.36.148.17  j.root-servers.net. 150059 IN A 192.58.128.30  k.root-servers.net. 150059 IN A 193.0.14.129  l.root-servers.net. 150059 IN A 199.7.83.42  m.root-servers.net. 150059 IN A 202.12.27.33""",UDP,58704,192.168.1.90,2.1.3,DNS Response IN TXT NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,DNS,probe.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,,,,,,,1,13,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:40:00.687 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,192.168.1.90,,"""csp.infoblox.com. 17 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 44 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 44 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 44 IN A 18.233.189.178  . 150059 IN NS a.root-servers.net.  . 150059 IN NS c.root-servers.net.  . 150059 IN NS g.root-servers.net.  . 150059 IN NS k.root-servers.net.  . 150059 IN NS i.root-servers.net.  . 150059 IN NS d.root-servers.net.  . 150059 IN NS h.root-servers.net.  . 150059 IN NS e.root-servers.net.  . 150059 IN NS f.root-servers.net.  . 150059 IN NS b.root-servers.net.  . 150059 IN NS l.root-servers.net.  . 150059 IN NS m.root-servers.net.  . 150059 IN NS j.root-servers.net.  a.root-servers.net. 150059 IN A 198.41.0.4  b.root-servers.net. 150059 IN A 199.9.14.201  c.root-servers.net. 150059 IN A 192.33.4.12  d.root-servers.net. 150059 IN A 199.7.91.13  e.root-servers.net. 150059 IN A 192.203.230.10  f.root-servers.net. 150059 IN A 192.5.5.241  g.root-servers.net. 150059 IN A 192.112.36.4  h.root-servers.net. 150059 IN A 198.97.190.53""",UDP,58702,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,DNS,csp.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,,,,,,,4,8,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:40:02.715 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""csp.infoblox.com. 37 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  csp.infoblox.com. 37 IN RRSIG CNAME 5 3 60 20211030035028 20211026032210 51153 infoblox.com.",TCP,42434,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;GGOUG8KYpXfmGFIh0VSI3IzjZ61XmYb849xIGN7zVVxKBKMUIVzheVsbfoM16kZgTTTs8oXTplmh6bPyjbvzS8wThIF2uXGj416MNqa1Ci0yGeWDhN6npXErWKv4IQT0K346qv1S1US0JYi4vFZY3MfQAHUiTkxeVdPRwo20KWU=  csp.infoblox.com. 37 IN RRSIG CNAME 5 3 60 20211030035028 20211026032210 61272 infoblox.com.;o8tonjeIlHiWq8VQtKS6LjaX1Sjte+NHKCNzdEV5oBsipH+53DFWI0rIIUyY7DfUttCII3eTb3A7aqUXWAWmc/zKxFP1Nz34kike2mlWaMm4e0C7mtrG5JpPh+AzyoEGsLVQP6gGYvsLMIUXumt/EKbUSNJFwg3CvEaCRj5Q3Tk=  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.235.149.1  . 32768 4096 OPT "";InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=nios;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem;InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",DNS,csp.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""GGOUG8KYpXfmGFIh0VSI3IzjZ61XmYb849xIGN7zVVxKBKMUIVzheVsbfoM16kZgTTTs8oXTplmh6bPyjbvzS8wThIF2uXGj416MNqa1Ci0yGeWDhN6npXErWKv4IQT0K346qv1S1US0JYi4vFZY3MfQAHUiTkxeVdPRwo20KWU"":""  csp.infoblox.com. 37 IN RRSIG CNAME 5 3 60 20211030035028 20211026032210 61272 infoblox.com."",""o8tonjeIlHiWq8VQtKS6LjaX1Sjte+NHKCNzdEV5oBsipH+53DFWI0rIIUyY7DfUttCII3eTb3A7aqUXWAWmc/zKxFP1Nz34kike2mlWaMm4e0C7mtrG5JpPh+AzyoEGsLVQP6gGYvsLMIUXumt/EKbUSNJFwg3CvEaCRj5Q3Tk"":""  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.235.149.1  . 32768 4096 OPT \"""",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""nios"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem""}",,,,,,,,6,1,nios,,,,on-prem,192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:38.819 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""www.amazon.com. 0 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 32768 1232 OPT """,TCP,31846,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_GoToMyPC,APP_Uncategorized,CAT_Content Server,CAT_Online Shopping",DNS,www.amazon.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_GoToMyPC,APP_Uncategorized,CAT_Content Server,CAT_Online Shopping""}",,,,,,,,1,1,dfp,"APP_GoToMyPC,APP_Uncategorized,CAT_Content Server,CAT_Online Shopping",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,AAAA,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:48:42.365 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""unbouncepages.com. 388 IN SOA ns-748.awsdns-29.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400  . 32768 4096 OPT """,TCP,19173,192.168.1.106,2.1.3,DNS Response IN AAAA NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,unbouncepages.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,0,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,AAAA,NOERROR,,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:27:52.295 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""ris.api.iris.microsoft.com. 2996 IN CNAME ris-prod.trafficmanager.net.  ris-prod.trafficmanager.net. 18 IN CNAME asf-ris-prod-scus-azsc.southcentralus.cloudapp.azure.com.  asf-ris-prod-scus-azsc.southcentralus.cloudapp.azure.com. 9 IN A 104.214.104.116  . 32768 4096 OPT """,TCP,45226,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",DNS,ris.api.iris.microsoft.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware""}",,,,,,,,3,1,dfp,"APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:42:05.148 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""arc.msn.com. 19922 IN CNAME arc.trafficmanager.net.  arc.trafficmanager.net. 55 IN CNAME iris-de-prod-azsc-wus2-b.westus2.cloudapp.azure.com.  iris-de-prod-azsc-wus2-b.westus2.cloudapp.azure.com. 6 IN A 20.69.130.185  . 32768 4096 OPT """,TCP,25671,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services,CAT_Portal Sites",DNS,arc.msn.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services,CAT_Portal Sites""}",,,,,,,,3,1,dfp,"APP_Uncategorized,CAT_Internet Services,CAT_Portal Sites",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:42:05.148 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""arc.trafficmanager.net. 59 IN CNAME iris-de-prod-azsc-wus2-b.westus2.cloudapp.azure.com.  iris-de-prod-azsc-wus2-b.westus2.cloudapp.azure.com. 9 IN A 20.69.130.185  . 32768 4096 OPT """,TCP,25671,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,arc.trafficmanager.net.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,2,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:42:05.148 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""iris-de-prod-azsc-wus2-b.westus2.cloudapp.azure.com. 9 IN A 20.69.130.185  . 32768 4096 OPT """,TCP,25671,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,iris-de-prod-azsc-wus2-b.westus2.cloudapp.azure.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:19:44.811 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""csp.infoblox.com. 56 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  csp.infoblox.com. 56 IN RRSIG CNAME 5 3 60 20211030035028 20211026032210 51153 infoblox.com.",TCP,9594,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;GGOUG8KYpXfmGFIh0VSI3IzjZ61XmYb849xIGN7zVVxKBKMUIVzheVsbfoM16kZgTTTs8oXTplmh6bPyjbvzS8wThIF2uXGj416MNqa1Ci0yGeWDhN6npXErWKv4IQT0K346qv1S1US0JYi4vFZY3MfQAHUiTkxeVdPRwo20KWU=  csp.infoblox.com. 56 IN RRSIG CNAME 5 3 60 20211030035028 20211026032210 61272 infoblox.com.;o8tonjeIlHiWq8VQtKS6LjaX1Sjte+NHKCNzdEV5oBsipH+53DFWI0rIIUyY7DfUttCII3eTb3A7aqUXWAWmc/zKxFP1Nz34kike2mlWaMm4e0C7mtrG5JpPh+AzyoEGsLVQP6gGYvsLMIUXumt/EKbUSNJFwg3CvEaCRj5Q3Tk=  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 56 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 56 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 56 IN A 18.209.243.220  . 32768 4096 OPT "";InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=nios;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem;InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",DNS,csp.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""GGOUG8KYpXfmGFIh0VSI3IzjZ61XmYb849xIGN7zVVxKBKMUIVzheVsbfoM16kZgTTTs8oXTplmh6bPyjbvzS8wThIF2uXGj416MNqa1Ci0yGeWDhN6npXErWKv4IQT0K346qv1S1US0JYi4vFZY3MfQAHUiTkxeVdPRwo20KWU"":""  csp.infoblox.com. 56 IN RRSIG CNAME 5 3 60 20211030035028 20211026032210 61272 infoblox.com."",""o8tonjeIlHiWq8VQtKS6LjaX1Sjte+NHKCNzdEV5oBsipH+53DFWI0rIIUyY7DfUttCII3eTb3A7aqUXWAWmc/zKxFP1Nz34kike2mlWaMm4e0C7mtrG5JpPh+AzyoEGsLVQP6gGYvsLMIUXumt/EKbUSNJFwg3CvEaCRj5Q3Tk"":""  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 56 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 56 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 56 IN A 18.209.243.220  . 32768 4096 OPT \"""",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""nios"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem""}",,,,,,,,6,1,nios,,,,on-prem,192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:19:44.811 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""probe.infoblox.com. 0 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 32768 1232 OPT """,TCP,9594,192.168.1.90,2.1.3,DNS Response IN TXT NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business,LIST_PROBE_209101",DNS,probe.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business,LIST_PROBE_209101""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Business,LIST_PROBE_209101",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,TXT,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:19:45.521 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,192.168.1.90,,"""csp.infoblox.com. 56 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 5 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 5 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 5 IN A 18.235.149.1  . 151279 IN NS k.root-servers.net.  . 151279 IN NS a.root-servers.net.  . 151279 IN NS e.root-servers.net.  . 151279 IN NS b.root-servers.net.  . 151279 IN NS h.root-servers.net.  . 151279 IN NS d.root-servers.net.  . 151279 IN NS l.root-servers.net.  . 151279 IN NS f.root-servers.net.  . 151279 IN NS c.root-servers.net.  . 151279 IN NS i.root-servers.net.  . 151279 IN NS j.root-servers.net.  . 151279 IN NS m.root-servers.net.  . 151279 IN NS g.root-servers.net.  a.root-servers.net. 151279 IN A 198.41.0.4  b.root-servers.net. 151279 IN A 199.9.14.201  c.root-servers.net. 151279 IN A 192.33.4.12  d.root-servers.net. 151279 IN A 199.7.91.13  e.root-servers.net. 151279 IN A 192.203.230.10  f.root-servers.net. 151279 IN A 192.5.5.241  g.root-servers.net. 151279 IN A 192.112.36.4  h.root-servers.net. 151279 IN A 198.97.190.53""",UDP,60059,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,DNS,csp.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,,,,,,,4,8,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:19:45.521 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,192.168.1.90,,"""probe.infoblox.com. 0 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 151279 IN NS c.root-servers.net.  . 151279 IN NS j.root-servers.net.  . 151279 IN NS m.root-servers.net.  . 151279 IN NS l.root-servers.net.  . 151279 IN NS a.root-servers.net.  . 151279 IN NS f.root-servers.net.  . 151279 IN NS k.root-servers.net.  . 151279 IN NS b.root-servers.net.  . 151279 IN NS d.root-servers.net.  . 151279 IN NS h.root-servers.net.  . 151279 IN NS e.root-servers.net.  . 151279 IN NS i.root-servers.net.  . 151279 IN NS g.root-servers.net.  a.root-servers.net. 151279 IN A 198.41.0.4  b.root-servers.net. 151279 IN A 199.9.14.201  c.root-servers.net. 151279 IN A 192.33.4.12  d.root-servers.net. 151279 IN A 199.7.91.13  e.root-servers.net. 151279 IN A 192.203.230.10  f.root-servers.net. 151279 IN A 192.5.5.241  g.root-servers.net. 151279 IN A 192.112.36.4  h.root-servers.net. 151279 IN A 198.97.190.53  i.root-servers.net. 151279 IN A 192.36.148.17  j.root-servers.net. 151279 IN A 192.58.128.30  k.root-servers.net. 151279 IN A 193.0.14.129  l.root-servers.net. 151279 IN A 199.7.83.42  m.root-servers.net. 151279 IN A 202.12.27.33""",UDP,60061,192.168.1.90,2.1.3,DNS Response IN TXT NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,DNS,probe.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,,,,,,,1,13,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:07:30.926 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""us-east-1.elb.amazonaws.com. 55 IN SOA ns-1119.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60  . 32768 4096 OPT """,TCP,31406,192.168.1.90,2.1.3,DNS Response IN AAAA NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,proxyserverecs-1736642167.us-east-1.elb.amazonaws.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,0,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,AAAA,NOERROR,,,,,,,1,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:22:19.752 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""client.wns.windows.com. 3137 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 117 IN A 13.64.180.106  . 32768 4096 OPT """,TCP,45375,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",DNS,client.wns.windows.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware""}",,,,,,,,2,1,dfp,"APP_Microsoft OneDrive,APP_Microsoft Sharepoint,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:22:30.651 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""getpocket-cdn.prod.mozaws.net. 138 IN CNAME prod.pocket.prod.cloudops.mozgcp.net.  prod.pocket.prod.cloudops.mozgcp.net. 426 IN A 34.120.5.221  . 32768 4096 OPT """,TCP,45709,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",DNS,getpocket-cdn.prod.mozaws.net.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware""}",,,,,,,,2,1,dfp,"APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:22:30.651 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""getpocket.cdn.mozilla.net. 60 IN CNAME getpocket-cdn.prod.mozaws.net.  getpocket-cdn.prod.mozaws.net. 150 IN CNAME prod.pocket.prod.cloudops.mozgcp.net.  prod.pocket.prod.cloudops.mozgcp.net. 408 IN A 34.120.5.221  . 32768 4096 OPT """,TCP,45709,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",DNS,getpocket.cdn.mozilla.net.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware""}",,,,,,,,3,1,dfp,"APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:23:18.430 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""settings-win.data.microsoft.com. 3044 IN CNAME settingsfd-geo.trafficmanager.net.  settingsfd-geo.trafficmanager.net. 60 IN A 52.183.220.149  . 32768 4096 OPT """,TCP,56678,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",DNS,settings-win.data.microsoft.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware""}",,,,,,,,2,1,dfp,"APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:23:18.431 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""settingsfd-geo.trafficmanager.net. 12 IN A 52.185.211.133  . 32768 4096 OPT """,TCP,56678,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,settingsfd-geo.trafficmanager.net.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:23:31.083 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,192.168.1.90,,"""wpad.tme.infoblox.com. 3600 IN A 208.50.179.11  . 151052 IN NS g.root-servers.net.  . 151052 IN NS m.root-servers.net.  . 151052 IN NS j.root-servers.net.  . 151052 IN NS i.root-servers.net.  . 151052 IN NS c.root-servers.net.  . 151052 IN NS b.root-servers.net.  . 151052 IN NS l.root-servers.net.  . 151052 IN NS f.root-servers.net.  . 151052 IN NS d.root-servers.net.  . 151052 IN NS h.root-servers.net.  . 151052 IN NS e.root-servers.net.  . 151052 IN NS k.root-servers.net.  . 151052 IN NS a.root-servers.net.  a.root-servers.net. 151052 IN A 198.41.0.4  b.root-servers.net. 151052 IN A 199.9.14.201  c.root-servers.net. 151052 IN A 192.33.4.12  d.root-servers.net. 151052 IN A 199.7.91.13  e.root-servers.net. 151052 IN A 192.203.230.10  f.root-servers.net. 151052 IN A 192.5.5.241  g.root-servers.net. 151052 IN A 192.112.36.4  h.root-servers.net. 151052 IN A 198.97.190.53  i.root-servers.net. 151052 IN A 192.36.148.17  j.root-servers.net. 151052 IN A 192.58.128.30  k.root-servers.net. 151052 IN A 193.0.14.129  l.root-servers.net. 151052 IN A 199.7.83.42  m.root-servers.net. 151052 IN A 202.12.27.33""",UDP,64479,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,DNS,wpad.tme.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,,,,,,,1,13,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:23:31.083 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,192.168.1.201,192.168.1.90,,"""wpad.tme.infoblox.com. 3600 IN A 208.50.179.11  . 151052 IN NS h.root-servers.net.  . 151052 IN NS b.root-servers.net.  . 151052 IN NS d.root-servers.net.  . 151052 IN NS c.root-servers.net.  . 151052 IN NS a.root-servers.net.  . 151052 IN NS f.root-servers.net.  . 151052 IN NS e.root-servers.net.  . 151052 IN NS g.root-servers.net.  . 151052 IN NS i.root-servers.net.  . 151052 IN NS j.root-servers.net.  . 151052 IN NS k.root-servers.net.  . 151052 IN NS l.root-servers.net.  . 151052 IN NS m.root-servers.net.  a.root-servers.net. 151052 IN A 198.41.0.4  b.root-servers.net. 151052 IN A 199.9.14.201  c.root-servers.net. 151052 IN A 192.33.4.12  d.root-servers.net. 151052 IN A 199.7.91.13  e.root-servers.net. 151052 IN A 192.203.230.10  f.root-servers.net. 151052 IN A 192.5.5.241  g.root-servers.net. 151052 IN A 192.112.36.4  h.root-servers.net. 151052 IN A 198.97.190.53  i.root-servers.net. 151052 IN A 192.36.148.17  j.root-servers.net. 151052 IN A 192.58.128.30  k.root-servers.net. 151052 IN A 193.0.14.129  l.root-servers.net. 151052 IN A 199.7.83.42  m.root-servers.net. 151052 IN A 202.12.27.33""",UDP,53312,192.168.1.90,2.1.3,DNS Response IN A NOERROR,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,DNS,wpad.tme.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,,,,,,,1,13,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,13,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:23:31.796 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""wpad.tme.infoblox.com. 3600 IN A 208.50.179.11  wpad.tme.infoblox.com. 3600 IN RRSIG A 5 3 3600 20211030154037 20211026150411 51153 infoblox.com.",TCP,32362,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;deK3G8Hhy9bQOPz6n6mMVIlaJdEAatYhwbXfibTZuIuY74PlFO17RyIWVDhaJkrefwIM/P9TQowFwW3JVkZpOUypw8zd52IKTBVn+RxNDl6Wni/zLMVVAtH99pAwEO01ECUn+FG29UENtB8Lh7wO6IEPOu8f/aCizTleCyQOA0M=  wpad.tme.infoblox.com. 3600 IN RRSIG A 5 3 3600 20211030154037 20211026150411 61272 infoblox.com.;hK/Hr0rTxawCuZvr79g2vMNXrRe2umJJqSwEZU7SlUjN4BVmOZDIRgxuGm1byfYCb9RMmUvNWjxVi+rWjqJ9F5onfjTyEf5ku2WVBZNTQnJ57ZJD3MbGZ22fESGnGXN1wrkL9dzG2wok5P0cDUvBRqrdXlG1WtidBboSjnhwNv0=  *.tme.infoblox.com. 3600 IN NSEC tp-poc-public.infoblox.com. A RRSIG NSEC  *.tme.infoblox.com. 3600 IN RRSIG NSEC 5 3 3600 20211030185629 20211026182505 51153 infoblox.com.;eLW679sybatWWu0B2ECKiwJi9lCBAqg6qCkG49BB2DM93kl88osn/e2wQHl9ekQ1ytCBsrGjsdDIxCPD2yCOFkEEJKUVR58Ns4YJH5Hs6UGWfhoJLV1LmVIohiJpqVOPQP8ix5l6f5GE5Arr5o/C/SzrtgXsXcU+td7tlqjOYbI=  *.tme.infoblox.com. 3600 IN RRSIG NSEC 5 3 3600 20211030185629 20211026182505 61272 infoblox.com.;gRAX8zN/IhEXg3j5s/YJBnXMsYOqTvhDvPrm/hz60OYdNHW9/oT3zXqAD6cnifPRuO543glUSyRqbUlgiCtSR5B/nwlPfavWWGuPZ0OcMUfZvgpGxSVvuAUCBUcyTzBb62PBAcVM7ELWRxlSNMdJA2RsI5HoiaVM1Jsurn/AmRY=  . 32768 4096 OPT "";InfobloxAnCount=3;InfobloxNsCount=3;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=nios;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem;InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",DNS,wpad.tme.infoblox.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""deK3G8Hhy9bQOPz6n6mMVIlaJdEAatYhwbXfibTZuIuY74PlFO17RyIWVDhaJkrefwIM/P9TQowFwW3JVkZpOUypw8zd52IKTBVn+RxNDl6Wni/zLMVVAtH99pAwEO01ECUn+FG29UENtB8Lh7wO6IEPOu8f/aCizTleCyQOA0M"":""  wpad.tme.infoblox.com. 3600 IN RRSIG A 5 3 3600 20211030154037 20211026150411 61272 infoblox.com."",""hK/Hr0rTxawCuZvr79g2vMNXrRe2umJJqSwEZU7SlUjN4BVmOZDIRgxuGm1byfYCb9RMmUvNWjxVi+rWjqJ9F5onfjTyEf5ku2WVBZNTQnJ57ZJD3MbGZ22fESGnGXN1wrkL9dzG2wok5P0cDUvBRqrdXlG1WtidBboSjnhwNv0"":""  *.tme.infoblox.com. 3600 IN NSEC tp-poc-public.infoblox.com. A RRSIG NSEC  *.tme.infoblox.com. 3600 IN RRSIG NSEC 5 3 3600 20211030185629 20211026182505 51153 infoblox.com."",""eLW679sybatWWu0B2ECKiwJi9lCBAqg6qCkG49BB2DM93kl88osn/e2wQHl9ekQ1ytCBsrGjsdDIxCPD2yCOFkEEJKUVR58Ns4YJH5Hs6UGWfhoJLV1LmVIohiJpqVOPQP8ix5l6f5GE5Arr5o/C/SzrtgXsXcU+td7tlqjOYbI"":""  *.tme.infoblox.com. 3600 IN RRSIG NSEC 5 3 3600 20211030185629 20211026182505 61272 infoblox.com."",""gRAX8zN/IhEXg3j5s/YJBnXMsYOqTvhDvPrm/hz60OYdNHW9/oT3zXqAD6cnifPRuO543glUSyRqbUlgiCtSR5B/nwlPfavWWGuPZ0OcMUfZvgpGxSVvuAUCBUcyTzBb62PBAcVM7ELWRxlSNMdJA2RsI5HoiaVM1Jsurn/AmRY"":""  . 32768 4096 OPT \"""",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""3"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""nios"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem""}",,,,,,,,3,1,nios,,,,on-prem,192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,3,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:23:58.392 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""global.asimov.events.data.trafficmanager.net. 57 IN CNAME onedscolprdcus01.centralus.cloudapp.azure.com.  onedscolprdcus01.centralus.cloudapp.azure.com. 7 IN A 52.182.141.63  . 32768 4096 OPT """,TCP,3130,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,global.asimov.events.data.trafficmanager.net.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,2,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:23:58.392 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""v10.events.data.microsoft.com. 2997 IN CNAME global.asimov.events.data.trafficmanager.net.  global.asimov.events.data.trafficmanager.net. 56 IN CNAME onedscolprdneu01.northeurope.cloudapp.azure.com.  onedscolprdneu01.northeurope.cloudapp.azure.com. 6 IN A 20.50.73.9  . 32768 4096 OPT """,TCP,3130,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft 365,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",DNS,v10.events.data.microsoft.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft 365,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware""}",,,,,,,,3,1,dfp,"APP_Microsoft 365,APP_Uncategorized,CAT_Business,CAT_Internet Services,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:23:58.392 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.90,,"""onedscolprdcus01.centralus.cloudapp.azure.com. 9 IN A 52.182.141.63  . 32768 4096 OPT """,TCP,3130,192.168.1.90,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,onedscolprdcus01.centralus.cloudapp.azure.com.,,00:50:56:0b:0f:80,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:28:40.485 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""contile.services.mozilla.com. 296 IN A 34.117.237.239  . 32768 4096 OPT """,TCP,41235,192.168.1.106,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Software/Hardware",DNS,contile.services.mozilla.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Software/Hardware""}",,,,,,,,1,1,dfp,"APP_Uncategorized,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:08:15.015 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""connectivity-check.ubuntu.com. 6 IN A 35.224.170.84  connectivity-check.ubuntu.com. 6 IN A 35.232.111.17  . 32768 4096 OPT """,TCP,64985,192.168.1.106,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Software/Hardware",DNS,connectivity-check.ubuntu.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Software/Hardware""}",,,,,,,,2,1,dfp,"APP_Uncategorized,CAT_Software/Hardware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:13:41.580 PM",Infoblox,Data Connector,DNS Response,1,,,infoblox-virtual-machine,,,192.168.1.106,,"""int-classic-scout-production-1074780512.us-east-1.elb.amazonaws.com. 51 IN A 67.202.62.77  int-classic-scout-production-1074780512.us-east-1.elb.amazonaws.com. 51 IN A 44.194.147.142  . 32768 4096 OPT """,TCP,28250,192.168.1.106,2.1.3,DNS Response IN A NOERROR,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Internet Services",DNS,int-classic-scout-production-1074780512.us-east-1.elb.amazonaws.com.,,00:50:56:0b:0f:15,,CommonSecurityLog,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Internet Services""}",,,,,,,,2,1,dfp,"APP_Uncategorized,CAT_Internet Services",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,,IN,#NAME?,A,NOERROR,,,,,,,0,,,,,,,,,,N/A,,
-OpsManager,"10/26/2021, 2:12:52.891 PM",Infoblox,Data Connector,DHCP-LEASE-UPDATE,1,,,infoblox-virtual-machine,,,,,,,,192.168.1.106,2.1.3,DHCP Lease Update,"cat=""DHCP Lease Update"";InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxLifetime=300;InfobloxSubnetID=245079;InfobloxServerID=1;InfobloxLeaseUUID=996854c4-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025';code_82='\013\004\300\250\001\311'",DHCP,,dhcp-virtual-machine,00:50:56:0b:0f:15,,CommonSecurityLog,"{""cat"":""\""DHCP Lease Update\"""",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxSubnetID"":""245079"",""InfobloxServerID"":""1"",""InfobloxLeaseUUID"":""996854c4-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""code_12"":""'dhcp-virtual-machine'"",""code_53"":""'\\003'"",""code_55"":""'\\001\\002\\006\\014\\017\\032\\034y\\003!()*w\\371\\374\\021'"",""code_57"":""'\\377\\377'"",""code_61"":""'\\001\\000PV\\013\\017\\025'"",""code_82"":""'\\013\\004\\300\\250\\001\\311'""}","""DHCP Lease Update""",'dhcp-virtual-machine','\003','\001\002\006\014\017\032\034y\003!()*w\371\374\021','\377\377','\001\000PV\013\017\025','\013\004\300\250\001\311',,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,,TRUE,Update,996854c4-27ab-11ec-a802-7270aef5e23e,300,,,,,1,245079,,,,,N/A,,
+TenantId,TimeGenerated [UTC],DeviceVendor,DeviceProduct,DeviceVersion,DeviceEventClassID,Activity,LogSeverity,OriginalLogSeverity,AdditionalExtensions,DeviceAction,ApplicationProtocol,EventCount,DestinationDnsDomain,DestinationServiceName,DestinationTranslatedAddress,DestinationTranslatedPort,CommunicationDirection,DeviceDnsDomain,DeviceExternalID,DeviceFacility,DeviceInboundInterface,DeviceNtDomain,DeviceOutboundInterface,DevicePayloadId,ProcessName,DeviceTranslatedAddress,DestinationHostName,DestinationMACAddress,DestinationNTDomain,DestinationProcessId,DestinationUserPrivileges,DestinationProcessName,DestinationPort,DestinationIP,DeviceTimeZone,DestinationUserID,DestinationUserName,DeviceAddress,DeviceName,DeviceMacAddress,ProcessID,EndTime [UTC],ExternalID,ExtID,FileCreateTime,FileHash,FileID,FileModificationTime,FilePath,FilePermission,FileType,FileName,FileSize,ReceivedBytes,Message,OldFileCreateTime,OldFileHash,OldFileID,OldFileModificationTime,OldFileName,OldFilePath,OldFilePermission,OldFileSize,OldFileType,SentBytes,EventOutcome,Protocol,Reason,RequestURL,RequestClientApplication,RequestContext,RequestCookies,RequestMethod,ReceiptTime,SourceHostName,SourceMACAddress,SourceNTDomain,SourceDnsDomain,SourceServiceName,SourceTranslatedAddress,SourceTranslatedPort,SourceProcessId,SourceUserPrivileges,SourceProcessName,SourcePort,SourceIP,StartTime [UTC],SourceUserID,SourceUserName,EventType,DeviceEventCategory,DeviceCustomIPv6Address1,DeviceCustomIPv6Address1Label,DeviceCustomIPv6Address2,DeviceCustomIPv6Address2Label,DeviceCustomIPv6Address3,DeviceCustomIPv6Address3Label,DeviceCustomIPv6Address4,DeviceCustomIPv6Address4Label,DeviceCustomFloatingPoint1,DeviceCustomFloatingPoint1Label,DeviceCustomFloatingPoint2,DeviceCustomFloatingPoint2Label,DeviceCustomFloatingPoint3,DeviceCustomFloatingPoint3Label,DeviceCustomFloatingPoint4,DeviceCustomFloatingPoint4Label,DeviceCustomNumber1,FieldDeviceCustomNumber1,DeviceCustomNumber1Label,DeviceCustomNumber2,FieldDeviceCustomNumber2,DeviceCustomNumber2Label,DeviceCustomNumber3,FieldDeviceCustomNumber3,DeviceCustomNumber3Label,DeviceCustomString1,DeviceCustomString1Label,DeviceCustomString2,DeviceCustomString2Label,DeviceCustomString3,DeviceCustomString3Label,DeviceCustomString4,DeviceCustomString4Label,DeviceCustomString5,DeviceCustomString5Label,DeviceCustomString6,DeviceCustomString6Label,DeviceCustomDate1,DeviceCustomDate1Label,DeviceCustomDate2,DeviceCustomDate2Label,FlexDate1,FlexDate1Label,FlexNumber1,FlexNumber1Label,FlexNumber2,FlexNumber2Label,FlexString1,FlexString1Label,FlexString2,FlexString2Label,RemoteIP,RemotePort,MaliciousIP,ThreatSeverity,IndicatorThreatType,ThreatDescription,ThreatConfidence,ReportReferenceLink,MaliciousIPLongitude,MaliciousIPLatitude,MaliciousIPCountry,Computer,SourceSystem,SimplifiedDeviceAction,CollectorHostName,Type,_ResourceId,AdditionalExtensionsParsedNested,baYR42SOW46H9tIJsvvgoIpoy/O2bJbxaIPxCwuVRmr3N+w4Fb3KYX5t7G9c/9W9vVgC8fdZnYUfvKc9lNVI6tC3w4t+8ylCPGcfP4SRvEPPozQkYXmvm1rdHyL+Fg74OWgXvW/rOo5rtBbCbBxsfAJdDPQaDOPIyEaMAtzlObE,InfobloxAnCount,InfobloxArCount,InfobloxB1ConnectionType,InfobloxB1DNSTags,InfobloxB1FeedName,InfobloxB1FeedType,InfobloxB1Network,InfobloxB1OPHIPAddress,InfobloxB1OPHName,InfobloxB1PolicyAction,InfobloxB1PolicyName,InfobloxB1Region,InfobloxB1SrcOSVersion,InfobloxB1ThreatIndicator,InfobloxClientID,InfobloxDNSQClass,InfobloxDNSQFlags,InfobloxDNSQType,InfobloxDNSRCode,InfobloxDNSView,InfobloxDomainCat,InfobloxFingerprint,InfobloxFingerprintPr,InfobloxHost,InfobloxIPSpace,InfobloxLeaseOp,InfobloxLeaseUUID,InfobloxLifetime,InfobloxNsCount,InfobloxPolicyID,InfobloxRangeEnd,InfobloxRangeStart,InfobloxRPZ,InfobloxRPZRule,InfobloxSubnet,InfobloxThreatConfidence,InfobloxThreatLevel,InfobloxThreatProperty,J5aqktuEZUMQ/0RY2R+HO1a+gSFKaBJM8X6BQ56jvFUQhd0XxkufnJg55VqMqPYusR3FF64kMN3qrCs+Ptj99vH06W6A8j7nWPPpVeroePNnW+SrRDWKZteWaO5c/nh0WTpXEzK3PeY/5A0p8CdqHZJ1Jj52h5rkUODobyzO77o,jLqtQui7dTvXs7BaS/r/vNClcUbaq7RGL716U0NH83ad2CR+DXgZoH0tj5FRGcHei9J8JtmHntCkYBk2DXMyNRTc7K8HWBDDVhZloU/K/S1f3y8kd9On3eyJY5tFHjV1yjO7l14fo3GOQYQMCLB/98Gruu96kZVDiJhEG73zfMY,QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg,TfcashclDU0dnofxM/W69lUQlkNn5GeR7eCEEgVLtsQYDKIoui7eDVgw4csxXJo4+rI73iQlKOnOrGyvzlogn/lBE2zjnIWjfhcjMeJFktOQQx11bfCkoDlpkk/tFX8IvdPP/Om1PoW6wRUAwx+BwzT1HkOGJcHT4mTJywu94PM,Vbx9pTDdTtSIdPLerhTLqr3ZEwsK+0sXra4mAn5khgSFyknINBGeVKYIqF3LJxYzmmlqzk06xFP3nMbM4iGrUuZmrnZbGRArUc1OXrE0vzaBio3B8CXrYBD+GZQIEOt0rH85SEem/WdMlNBvX3GYbCrwUckmxx1Rq1+4FltG+cs,ThreatLevel_Score,ThreatLevel,ThreatClass,ThreatProperty
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:16:14.624 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN HTTPS NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=HTTPS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,www.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""googleapis.com. 44 IN SOA ns1.google.com. dns-admin.google.com. 548957318 900 900 1800 60  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,22430,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""HTTPS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,HTTPS,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:16:14.624 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Windows",,DNS,,client.wns.windows.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""client.wns.windows.com. 2993 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 54 IN A 40.83.247.108  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,23793,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Windows""}",,2,1,remote_client,"APP_Uncategorized,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:16:13.717 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=12;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,www.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""www.googleapis.com. 131 IN A 142.251.214.138  www.googleapis.com. 131 IN A 172.217.12.106  www.googleapis.com. 131 IN A 142.250.189.202  www.googleapis.com. 131 IN A 172.217.164.106  www.googleapis.com. 131 IN A 142.250.189.170  www.googleapis.com. 131 IN A 142.250.189.234  www.googleapis.com. 131 IN A 142.251.32.42  www.googleapis.com. 131 IN A 142.251.46.234  www.googleapis.com. 131 IN A 142.250.191.42  www.googleapis.com. 131 IN A 142.250.191.74  www.googleapis.com. 131 IN A 142.251.46.170  www.googleapis.com. 131 IN A 142.251.46.202  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,44805,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""12"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,12,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:16:10.271 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,a767.dspw65.akamai.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""a767.dspw65.akamai.net. 9 IN A 104.114.77.27  a767.dspw65.akamai.net. 9 IN A 104.114.77.82  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,39882,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,2,1,dfp,"APP_Uncategorized,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:16:10.270 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=7;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 105 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 418 IN CNAME fg.download.windowsupdate.com.c.footprint.net.  fg.download.windowsupdate.com.c.footprint.net. 190 IN A 8.252.41.254  fg.download.windowsupdate.com.c.footprint.net. 190 IN A 8.252.42.126  fg.download.windowsupdate.com.c.footprint.net. 190 IN A 8.247.116.126  fg.download.windowsupdate.com.c.footprint.net. 190 IN A 8.249.23.254  fg.download.windowsupdate.com.c.footprint.net. 190 IN A 8.240.20.254  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,39882,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""7"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,7,1,dfp,"APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:16:10.270 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Akamai CDN,CAT_Content Server",,DNS,,download.windowsupdate.com.edgesuite.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""download.windowsupdate.com.edgesuite.net. 707 IN CNAME a767.dspw65.akamai.net.  a767.dspw65.akamai.net. 3 IN A 104.114.77.82  a767.dspw65.akamai.net. 3 IN A 104.114.77.27  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,39882,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Akamai CDN,CAT_Content Server""}",,3,1,dfp,"APP_Akamai CDN,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:16:10.270 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Azure Cloud Services,CAT_Content Server",,DNS,,wu-bg-shim.trafficmanager.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wu-bg-shim.trafficmanager.net. 570 IN CNAME download.windowsupdate.com.edgesuite.net.  download.windowsupdate.com.edgesuite.net. 572 IN CNAME a767.dspw65.akamai.net.  a767.dspw65.akamai.net. 9 IN A 104.114.77.27  a767.dspw65.akamai.net. 9 IN A 104.114.77.82  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,39882,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Azure Cloud Services,CAT_Content Server""}",,4,1,dfp,"APP_Azure Cloud Services,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:56.636 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,settings.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""settings.data.microsoft.com. 116 IN CNAME atm-settingsfe-prod-geo2.trafficmanager.net.  atm-settingsfe-prod-geo2.trafficmanager.net. 56 IN CNAME settings-prod-sea-2.southeastasia.cloudapp.azure.com.  settings-prod-sea-2.southeastasia.cloudapp.azure.com. 6 IN A 40.119.249.228  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,24042,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,3,1,remote_client,"APP_Uncategorized,CAT_Technology - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:56.636 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,tile-service.weather.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""tile-service.weather.microsoft.com. 2388 IN CNAME wildcard.weather.microsoft.com.edgekey.net.  wildcard.weather.microsoft.com.edgekey.net. 155 IN CNAME e15275.g.akamaiedge.net.  e15275.g.akamaiedge.net. 14 IN A 104.81.80.250  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,24042,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,3,1,remote_client,"APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:56.636 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Windows Spotlight,CAT_Portal Sites",,DNS,,arc.msn.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""arc.msn.com. 6430 IN CNAME arc.trafficmanager.net.  arc.trafficmanager.net. 52 IN CNAME iris-de-prod-azsc-v2-wus2-b.westus2.cloudapp.azure.com.  iris-de-prod-azsc-v2-wus2-b.westus2.cloudapp.azure.com. 1 IN A 20.99.185.48  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,24042,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Windows Spotlight,CAT_Portal Sites""}",,3,1,remote_client,"APP_Windows Spotlight,CAT_Portal Sites",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:56.636 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=12;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,login.live.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""login.live.com. 180 IN CNAME login.msa.msidentity.com.  login.msa.msidentity.com. 180 IN CNAME www.tm.lg.prod.aadmsa.akadns.net.  www.tm.lg.prod.aadmsa.akadns.net. 150 IN CNAME prdv4a.aadg.msidentity.com.  prdv4a.aadg.msidentity.com. 161 IN CNAME www.tm.v4.a.prd.aadg.trafficmanager.net.  www.tm.v4.a.prd.aadg.trafficmanager.net. 180 IN A 20.190.190.130  www.tm.v4.a.prd.aadg.trafficmanager.net. 180 IN A 20.190.190.131  www.tm.v4.a.prd.aadg.trafficmanager.net. 180 IN A 20.190.190.194  www.tm.v4.a.prd.aadg.trafficmanager.net. 180 IN A 40.126.62.132  www.tm.v4.a.prd.aadg.trafficmanager.net. 180 IN A 20.190.190.132  www.tm.v4.a.prd.aadg.trafficmanager.net. 180 IN A 20.190.190.193  www.tm.v4.a.prd.aadg.trafficmanager.net. 180 IN A 40.126.62.131  www.tm.v4.a.prd.aadg.trafficmanager.net. 180 IN A 40.126.62.130  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,24042,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""12"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,12,1,remote_client,"APP_Uncategorized,CAT_Technology - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:55.058 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,settings.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""settings.data.microsoft.com. 119 IN CNAME atm-settingsfe-prod-geo2.trafficmanager.net.  atm-settingsfe-prod-geo2.trafficmanager.net. 59 IN CNAME settings-prod-sea-2.southeastasia.cloudapp.azure.com.  settings-prod-sea-2.southeastasia.cloudapp.azure.com. 9 IN A 40.119.249.228  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,23072,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,3,1,remote_client,"APP_Uncategorized,CAT_Technology - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:55.058 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Windows Spotlight,CAT_Portal Sites",,DNS,,arc.msn.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""arc.msn.com. 5906 IN CNAME arc.trafficmanager.net.  arc.trafficmanager.net. 52 IN CNAME iris-de-prod-azsc-v2-wus2.westus2.cloudapp.azure.com.  iris-de-prod-azsc-v2-wus2.westus2.cloudapp.azure.com. 2 IN A 20.99.186.246  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,23072,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Windows Spotlight,CAT_Portal Sites""}",,3,1,remote_client,"APP_Windows Spotlight,CAT_Portal Sites",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:26.723 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN HTTPS NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=HTTPS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,clientservices.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""googleapis.com. 27 IN SOA ns1.google.com. dns-admin.google.com. 548957318 900 900 1800 60  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,34379,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""HTTPS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,HTTPS,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:23.499 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,clientservices.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""clientservices.googleapis.com. 143 IN A 142.250.191.67  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,38380,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,1,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:08.936 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 32768 1232 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,65222,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101""}",,1,1,dfp,"APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:08.935 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg=  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.235.149.1  . 32768 4096 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 22 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  csp.infoblox.com. 22 IN RRSIG CNAME 8 3 60 20230723012023 20230719003621 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,65222,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg"":""  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.235.149.1  . 32768 4096 OPT \"""",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,5,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,"  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.235.149.1  . 32768 4096 OPT """,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:08.935 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;oAlqtk5JFVAfXKwluS7sX8EC2TqFwfAa1eh2fRVbtMrhUoNtjOax6DUzil/qYH4HZMl5ryDgHSAFPQqa5n2D/g=;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,us-west-1-geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""us-west-1-geo.threatdefense.infoblox.com. 228 IN A 52.119.41.51  us-west-1-geo.threatdefense.infoblox.com. 228 IN RRSIG A 13 4 300 20230719051845 20230719031345 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,65222,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:08.935 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;IvrrUDaM3hW9UI3XFGsooSE37heIfxy4JXZ9b7XC86IscD73XdgdpsUVgOJ+nW96kbWb4z1mrcsfgm7UweOo6g=;oAlqtk5JFVAfXKwluS7sX8EC2TqFwfAa1eh2fRVbtMrhUoNtjOax6DUzil/qYH4HZMl5ryDgHSAFPQqa5n2D/g=;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 228 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  geo.threatdefense.infoblox.com. 228 IN RRSIG CNAME 13 4 300 20230719051845 20230719031345 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,65222,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,4,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:08.935 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 22 IN A 18.235.149.1  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,65222,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,3,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:00.445 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains,base,bogon",,DNS,,ipv4.windowsupdate.otzo.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains,base,bogon""}",,0,1,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains,base,bogon",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:00.445 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Online Information Management,CAT_Web-based Email",,DNS,,g.live.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""g.live.com. 60 IN CNAME g.msn.com.  g.msn.com. 9251 IN CNAME g-msn-com-nsatc.trafficmanager.net.  g-msn-com-nsatc.trafficmanager.net. 47 IN A 20.125.63.4  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Online Information Management,CAT_Web-based Email""}",,3,1,remote_client,"APP_Uncategorized,CAT_Online Information Management,CAT_Web-based Email",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:00.233 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft OneDrive,CAT_Personal Storage",,DNS,,oneclient.sfx.ms.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""oneclient.sfx.ms. 159 IN CNAME oneclient.sfx.ms.edgekey.net.  oneclient.sfx.ms.edgekey.net. 8219 IN CNAME e9659.dspg.akamaiedge.net.  e9659.dspg.akamaiedge.net. 17 IN A 104.96.193.120  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,28641,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Microsoft OneDrive,CAT_Personal Storage""}",,3,1,remote_client,"APP_Microsoft OneDrive,CAT_Personal Storage",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:00.232 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Online Information Management,CAT_Web-based Email",,DNS,,g.live.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""g.live.com. 176 IN CNAME g.msn.com.  g.msn.com. 13176 IN CNAME g-msn-com-nsatc.trafficmanager.net.  g-msn-com-nsatc.trafficmanager.net. 59 IN A 20.125.63.4  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,28641,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Online Information Management,CAT_Web-based Email""}",,3,1,remote_client,"APP_Uncategorized,CAT_Online Information Management,CAT_Web-based Email",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:15:00.160 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ipv4.windowsupdate.otzo.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains,base,bogon;InfobloxB1ThreatIndicator=windowsupdate.otzo.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,ipv4.windowsupdate.otzo.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ipv4.windowsupdate.otzo.com. [A] via base.ipv4.windowsupdate.otzo.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ipv4.windowsupdate.otzo.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains,base,bogon"",""InfobloxB1ThreatIndicator"":""windowsupdate.otzo.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains,base,bogon",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,windowsupdate.otzo.com,,,,A,,,,,,,,,,,,99986,,,base,base.ipv4.windowsupdate.otzo.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:57.563 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,www.accountts-google.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 897 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689740063 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:57.562 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,thats.to.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""to. 2692 IN SOA to. hostmaster.tonic.to. 2023071917 43200 7200 2592000 7200  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:57.562 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains,base",,DNS,,nokiadns.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:57.562 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,honarkhabar.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689740063 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:57.562 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable,eecn-ip,sanctions-high,sanctions-med",,DNS,,abcd120807.3322.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable,eecn-ip,sanctions-high,sanctions-med""}",,0,1,remote_client,"APP_Uncategorized,CAT_Unreachable,eecn-ip,sanctions-high,sanctions-med",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:57.561 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Personal Pages & Blogs,CAT_Piracy & Copyright Theft,CAT_Streaming & Downloadable Audio,etiqrisk-ip",,DNS,,ftp.linear.wikaba.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""ftp.linear.wikaba.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Personal Pages & Blogs,CAT_Piracy & Copyright Theft,CAT_Streaming & Downloadable Audio,etiqrisk-ip""}",,1,1,remote_client,"APP_Uncategorized,CAT_Personal Pages & Blogs,CAT_Piracy & Copyright Theft,CAT_Streaming & Downloadable Audio,etiqrisk-ip",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:57.216 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.nokiadns.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains,base;InfobloxB1ThreatIndicator=nokiadns.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,nokiadns.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite nokiadns.com. [A] via base.nokiadns.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.nokiadns.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains,base"",""InfobloxB1ThreatIndicator"":""nokiadns.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,nokiadns.com,,,,A,,,,,,,,,,,,99986,,,base,base.nokiadns.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:57.216 AM",Infoblox,Data Connector,2.1.3,RPZ-IP-NXDOMAIN,RPZ EVENT IP NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=eecn-ip.60.10.1.119/32;InfobloxRPZ=eecn-ip.60.10.1;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=OFACSanction;InfobloxThreatConfidence=100;InfobloxThreatLevel=0;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable,eecn-ip,sanctions-high,sanctions-med;InfobloxB1ThreatIndicator=60.10.1.119;InfobloxB1FeedName=EECN_IP;InfobloxB1FeedType=IP Address;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,abcd120807.3322.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz IP NXDOMAIN rewrite abcd120807.3322.org. [A] via eecn-ip.60.10.1.119/32""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""eecn-ip.60.10.1.119/32"",""InfobloxRPZ"":""eecn-ip.60.10.1"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""OFACSanction"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""0"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable,eecn-ip,sanctions-high,sanctions-med"",""InfobloxB1ThreatIndicator"":""60.10.1.119"",""InfobloxB1FeedName"":""EECN_IP"",""InfobloxB1FeedType"":""IP Address"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Unreachable,eecn-ip,sanctions-high,sanctions-med",EECN_IP,IP Address,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,60.10.1.119,,,,A,,,,,,,,,,,,99986,,,eecn-ip.60.10.1,eecn-ip.60.10.1.119/32,,100,0,OFACSanction,,,,,,0,Info,,OFACSanction
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:57.215 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Piracy & Copyright Theft.ftp.linear.wikaba.com.;InfobloxRPZ=CAT_Piracy & Copyright Theft;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Piracy & Copyright Theft;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Personal Pages & Blogs,CAT_Piracy & Copyright Theft,CAT_Streaming & Downloadable Audio,etiqrisk-ip;InfobloxB1ThreatIndicator=ftp.linear.wikaba.com;InfobloxB1FeedName=CAT_Piracy & Copyright Theft;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,ftp.linear.wikaba.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite ftp.linear.wikaba.com. [A] via CAT_Piracy & Copyright Theft.ftp.linear.wikaba.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Piracy & Copyright Theft.ftp.linear.wikaba.com."",""InfobloxRPZ"":""CAT_Piracy & Copyright Theft"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Piracy & Copyright Theft"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Personal Pages & Blogs,CAT_Piracy & Copyright Theft,CAT_Streaming & Downloadable Audio,etiqrisk-ip"",""InfobloxB1ThreatIndicator"":""ftp.linear.wikaba.com"",""InfobloxB1FeedName"":""CAT_Piracy & Copyright Theft"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Personal Pages & Blogs,CAT_Piracy & Copyright Theft,CAT_Streaming & Downloadable Audio,etiqrisk-ip",CAT_Piracy & Copyright Theft,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,ftp.linear.wikaba.com,,,,A,,,Piracy & Copyright Theft,,,,,,,,,99986,,,CAT_Piracy & Copyright Theft,CAT_Piracy & Copyright Theft.ftp.linear.wikaba.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:54.669 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:52.487 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,find-iphoneid-itunes.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:52.486 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,hunter.to.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""hunter.to. 300 IN SOA ns1.bdm.microsoftonline.com. azuredns-hostmaster.microsoft.com. 1 3600 300 2419200 300  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:52.486 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Personal Pages & Blogs,CAT_Web Hosting, ISP & Telco,etiqrisk-ip",,DNS,,updaisin.net16.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""updaisin.net16.net. 600 IN A 153.92.0.100  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Personal Pages & Blogs,CAT_Web Hosting, ISP & Telco,etiqrisk-ip""}",,1,1,remote_client,"APP_Uncategorized,CAT_Personal Pages & Blogs,CAT_Web Hosting, ISP & Telco,etiqrisk-ip",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:52.486 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,photograph.myfw.us.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""photograph.myfw.us. 300 IN A 108.61.203.22  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:52.485 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Pornography,eecn-ip,sanctions-high,sanctions-med",,DNS,,ftp.tokyofile.2waky.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""ftp.tokyofile.2waky.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Pornography,eecn-ip,sanctions-high,sanctions-med""}",,1,1,remote_client,"APP_Uncategorized,CAT_Pornography,eecn-ip,sanctions-high,sanctions-med",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:52.139 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Pornography.ftp.tokyofile.2waky.com.;InfobloxRPZ=CAT_Pornography;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Pornography;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Pornography,eecn-ip,sanctions-high,sanctions-med;InfobloxB1ThreatIndicator=ftp.tokyofile.2waky.com;InfobloxB1FeedName=CAT_Pornography;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,ftp.tokyofile.2waky.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite ftp.tokyofile.2waky.com. [A] via CAT_Pornography.ftp.tokyofile.2waky.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Pornography.ftp.tokyofile.2waky.com."",""InfobloxRPZ"":""CAT_Pornography"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Pornography"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Pornography,eecn-ip,sanctions-high,sanctions-med"",""InfobloxB1ThreatIndicator"":""ftp.tokyofile.2waky.com"",""InfobloxB1FeedName"":""CAT_Pornography"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Pornography,eecn-ip,sanctions-high,sanctions-med",CAT_Pornography,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,ftp.tokyofile.2waky.com,,,,A,,,Pornography,,,,,,,,,99986,,,CAT_Pornography,CAT_Pornography.ftp.tokyofile.2waky.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:52.139 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.find-iphoneid-itunes.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=find-iphoneid-itunes.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,find-iphoneid-itunes.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite find-iphoneid-itunes.com. [A] via base.find-iphoneid-itunes.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.find-iphoneid-itunes.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""find-iphoneid-itunes.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,find-iphoneid-itunes.com,,,,A,,,,,,,,,,,,99986,,,base,base.find-iphoneid-itunes.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.134 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.wcxh.mynetav.net.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=ftp.wcxh.mynetav.net;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,ftp.wcxh.mynetav.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.wcxh.mynetav.net. [A] via base.ftp.wcxh.mynetav.net.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.wcxh.mynetav.net."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""ftp.wcxh.mynetav.net"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,ftp.wcxh.mynetav.net,,,,A,,,,,,,,,,,,99986,,,base,base.ftp.wcxh.mynetav.net.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.134 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.nxead.itemdb.com.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=80;InfobloxThreatLevel=80;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,bogon,ext-base-antimalware;InfobloxB1ThreatIndicator=nxead.itemdb.com;InfobloxB1FeedName=Ext_Base_AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,nxead.itemdb.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite nxead.itemdb.com. [A] via ext-base-antimalware.nxead.itemdb.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,80,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""ext-base-antimalware.nxead.itemdb.com."",""InfobloxRPZ"":""ext-base-antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""80"",""InfobloxThreatLevel"":""80"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,bogon,ext-base-antimalware"",""InfobloxB1ThreatIndicator"":""nxead.itemdb.com"",""InfobloxB1FeedName"":""Ext_Base_AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,bogon,ext-base-antimalware",Ext_Base_AntiMalware,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,nxead.itemdb.com,,,,A,,,,,,,,,,,,99986,,,ext-base-antimalware,ext-base-antimalware.nxead.itemdb.com.,,80,80,APT_MalwareC2,,,,,,80,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.133 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.optimizedimghosting.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=optimizedimghosting.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,optimizedimghosting.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite optimizedimghosting.com. [A] via base.optimizedimghosting.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.optimizedimghosting.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""optimizedimghosting.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,optimizedimghosting.com,,,,A,,,,,,,,,,,,99986,,,base,base.optimizedimghosting.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.133 AM",Infoblox,Data Connector,2.1.3,RPZ-IP-NXDOMAIN,RPZ EVENT IP NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=bogon.0.0.0.0/32;InfobloxRPZ=bogon.0.0.0;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=Reserved;InfobloxThreatConfidence=100;InfobloxThreatLevel=0;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other,bogon;InfobloxB1ThreatIndicator=0.0.0.0;InfobloxB1FeedName=Bogon;InfobloxB1FeedType=IP Address;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,dpc.servegame.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz IP NXDOMAIN rewrite dpc.servegame.com. [A] via bogon.0.0.0.0/32""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""bogon.0.0.0.0/32"",""InfobloxRPZ"":""bogon.0.0.0"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""Reserved"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""0"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other,bogon"",""InfobloxB1ThreatIndicator"":""0.0.0.0"",""InfobloxB1FeedName"":""Bogon"",""InfobloxB1FeedType"":""IP Address"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Technology - Other,bogon",Bogon,IP Address,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,0.0.0.0,,,,A,,,,,,,,,,,,99986,,,bogon.0.0.0,bogon.0.0.0.0/32,,100,0,Reserved,,,,,,0,Info,,Reserved
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.133 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.webmailentry.jetos.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,bogon;InfobloxB1ThreatIndicator=jetos.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,ftp.webmailentry.jetos.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.webmailentry.jetos.com. [A] via base.ftp.webmailentry.jetos.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.webmailentry.jetos.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,bogon"",""InfobloxB1ThreatIndicator"":""jetos.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base,bogon",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,jetos.com,,,,A,,,,,,,,,,,,99986,,,base,base.ftp.webmailentry.jetos.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.101 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Mobile Phones",,DNS,,nk20.belowto.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689740048 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Mobile Phones""}",,0,1,remote_client,"APP_Uncategorized,CAT_Mobile Phones",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.101 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,bogon,ext-base-antimalware",,DNS,,nxead.itemdb.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,bogon,ext-base-antimalware""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,bogon,ext-base-antimalware",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.101 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,bogon",,DNS,,ftp.webmailentry.jetos.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,bogon""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base,bogon",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.101 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,ftp.wcxh.mynetav.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.100 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,optimizedimghosting.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.100 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other,bogon",,DNS,,dpc.servegame.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other,bogon""}",,0,1,remote_client,"APP_Uncategorized,CAT_Technology - Other,bogon",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:48.100 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=7;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 358 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 502 IN CNAME fg.download.windowsupdate.com.c.footprint.net.  fg.download.windowsupdate.com.c.footprint.net. 132 IN A 8.250.163.254  fg.download.windowsupdate.com.c.footprint.net. 132 IN A 8.252.73.254  fg.download.windowsupdate.com.c.footprint.net. 132 IN A 8.252.74.126  fg.download.windowsupdate.com.c.footprint.net. 132 IN A 8.250.203.254  fg.download.windowsupdate.com.c.footprint.net. 132 IN A 8.250.197.254  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""7"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,7,1,remote_client,"APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:44.109 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",,DNS,,www.adidasadd.sexidude.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:44.108 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,rcheterre.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:44.108 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,www.se.toythieves.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:44.108 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco",,DNS,,autozone.000space.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""autozone.000space.com. 86400 IN CNAME 11776.BODIS.com.  11776.BODIS.com. 5112 IN A 199.59.243.224  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco""}",,2,1,remote_client,"APP_Uncategorized,CAT_Web Hosting, ISP & Telco",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:44.108 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,base",,DNS,,mail.ssrsec.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:44.108 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,osposposp.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689740048 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:44.107 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,zurc.com.br.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com.br. 791 IN SOA a.dns.br. hostmaster.registro.br. 2023200100 1800 900 604800 900  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:44.107 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other,base",,DNS,,www.commons.onedumb.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Technology - Other,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:44.107 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,www.mailgoogle.com-recoverysupport.bid.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""bid. 900 IN SOA ns1.dns.nic.bid. admin.tldns.godaddy. 1689738963 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:44.107 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,qqfwg.top.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""top. 3600 IN SOA a.zdnscloud.com. td_dns_gtld.knet.cn. 1689739858 600 200 2491200 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:43.821 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.www.se.toythieves.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=se.toythieves.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,www.se.toythieves.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite www.se.toythieves.com. [A] via base.www.se.toythieves.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.www.se.toythieves.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""se.toythieves.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,se.toythieves.com,,,,A,,,,,,,,,,,,99986,,,base,base.www.se.toythieves.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:43.821 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.rcheterre.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=rcheterre.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,rcheterre.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite rcheterre.com. [A] via base.rcheterre.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.rcheterre.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""rcheterre.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,rcheterre.com,,,,A,,,,,,,,,,,,99986,,,base,base.rcheterre.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:43.821 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.www.adidasadd.sexidude.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base;InfobloxB1ThreatIndicator=adidasadd.sexidude.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,www.adidasadd.sexidude.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite www.adidasadd.sexidude.com. [A] via base.www.adidasadd.sexidude.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.www.adidasadd.sexidude.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base"",""InfobloxB1ThreatIndicator"":""adidasadd.sexidude.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,adidasadd.sexidude.com,,,,A,,,,,,,,,,,,99986,,,base,base.www.adidasadd.sexidude.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:43.821 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.mail.ssrsec.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,base;InfobloxB1ThreatIndicator=ssrsec.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,mail.ssrsec.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite mail.ssrsec.com. [A] via base.mail.ssrsec.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.mail.ssrsec.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,base"",""InfobloxB1ThreatIndicator"":""ssrsec.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Content Server,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,ssrsec.com,,,,A,,,,,,,,,,,,99986,,,base,base.mail.ssrsec.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:43.820 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.www.commons.onedumb.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other,base;InfobloxB1ThreatIndicator=www.commons.onedumb.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,www.commons.onedumb.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite www.commons.onedumb.com. [A] via base.www.commons.onedumb.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.www.commons.onedumb.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other,base"",""InfobloxB1ThreatIndicator"":""www.commons.onedumb.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Technology - Other,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,www.commons.onedumb.com,,,,A,,,,,,,,,,,,99986,,,base,base.www.commons.onedumb.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:41.074 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,video.yahoo.com-showvideo.gq.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""gq. 5 IN SOA a.ns.gq. info.equatorialguineadomains.com. 1689666487 10800 3600 604800 5  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:41.073 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,ext-base-antimalware",,DNS,,naver.co.in.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,ext-base-antimalware""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,ext-base-antimalware",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:40.431 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=ext-base-antimalware.naver.co.in.;InfobloxRPZ=ext-base-antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=80;InfobloxThreatLevel=80;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,ext-base-antimalware;InfobloxB1ThreatIndicator=naver.co.in;InfobloxB1FeedName=Ext_Base_AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,naver.co.in.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite naver.co.in. [A] via ext-base-antimalware.naver.co.in.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29324,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,80,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""ext-base-antimalware.naver.co.in."",""InfobloxRPZ"":""ext-base-antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""80"",""InfobloxThreatLevel"":""80"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,ext-base-antimalware"",""InfobloxB1ThreatIndicator"":""naver.co.in"",""InfobloxB1FeedName"":""Ext_Base_AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,ext-base-antimalware",Ext_Base_AntiMalware,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,naver.co.in,,,,A,,,,,,,,,,,,99986,,,ext-base-antimalware,ext-base-antimalware.naver.co.in.,,80,80,APT_MalwareC2,,,,,,80,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:36.031 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,ftp.registrations.4pu.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""ftp.registrations.4pu.com. 30 IN A 127.0.0.1  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61263,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:36.031 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,kj6c0.host.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""host. 3600 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 3000455414 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61263,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:33.070 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Religion - Other.www.fbcmerkel.com.;InfobloxRPZ=CAT_Religion - Other;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Religion - Other;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Religion - Other;InfobloxB1ThreatIndicator=www.fbcmerkel.com;InfobloxB1FeedName=CAT_Religion - Other;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,www.fbcmerkel.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite www.fbcmerkel.com. [A] via CAT_Religion - Other.www.fbcmerkel.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61263,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Religion - Other.www.fbcmerkel.com."",""InfobloxRPZ"":""CAT_Religion - Other"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Religion - Other"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Religion - Other"",""InfobloxB1ThreatIndicator"":""www.fbcmerkel.com"",""InfobloxB1FeedName"":""CAT_Religion - Other"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Religion - Other",CAT_Religion - Other,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,www.fbcmerkel.com,,,,A,,,Religion - Other,,,,,,,,,99986,,,CAT_Religion - Other,CAT_Religion - Other.www.fbcmerkel.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:33.070 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Real Estate - Other.jik.cqzhiye.com.;InfobloxRPZ=CAT_Real Estate - Other;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Real Estate - Other;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business - Other,CAT_Real Estate - Other;InfobloxB1ThreatIndicator=jik.cqzhiye.com;InfobloxB1FeedName=CAT_Real Estate - Other;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,jik.cqzhiye.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite jik.cqzhiye.com. [A] via CAT_Real Estate - Other.jik.cqzhiye.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61263,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Real Estate - Other.jik.cqzhiye.com."",""InfobloxRPZ"":""CAT_Real Estate - Other"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Real Estate - Other"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business - Other,CAT_Real Estate - Other"",""InfobloxB1ThreatIndicator"":""jik.cqzhiye.com"",""InfobloxB1FeedName"":""CAT_Real Estate - Other"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Business - Other,CAT_Real Estate - Other",CAT_Real Estate - Other,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,jik.cqzhiye.com,,,,A,,,Real Estate - Other,,,,,,,,,99986,,,CAT_Real Estate - Other,CAT_Real Estate - Other.jik.cqzhiye.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:33.028 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,hamiltion.catholicmmb.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""catholicmmb.com. 0 IN SOA ns1.gname.net. admin.gname.net. 1684244129 7200 3600 1209600 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61263,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:33.028 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business - Other,CAT_Real Estate - Other",,DNS,,jik.cqzhiye.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""jik.cqzhiye.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61263,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business - Other,CAT_Real Estate - Other""}",,1,1,remote_client,"APP_Uncategorized,CAT_Business - Other,CAT_Real Estate - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:33.028 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,lehigtapp.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689740033 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61263,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:33.027 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Religion - Other",,DNS,,www.fbcmerkel.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""www.fbcmerkel.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61263,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Religion - Other""}",,1,1,remote_client,"APP_Uncategorized,CAT_Religion - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:33.027 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,xsince.tk.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""tk. 5 IN SOA a.ns.tk. joost\.zuurbier.dot.tk. 1689739869 10800 3600 604800 5  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61263,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:33.027 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,b4382.date.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""date. 900 IN SOA ns1.dns.nic.date. admin.tldns.godaddy. 1689737990 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61263,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:29.890 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Automotive - Other",,DNS,,www.npec.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""www.npec.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Automotive - Other""}",,1,1,remote_client,"APP_Uncategorized,CAT_Automotive - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:29.338 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Automotive - Other.www.npec.com.;InfobloxRPZ=CAT_Automotive - Other;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Automotive - Other;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Automotive - Other;InfobloxB1ThreatIndicator=www.npec.com;InfobloxB1FeedName=CAT_Automotive - Other;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,www.npec.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite www.npec.com. [A] via CAT_Automotive - Other.www.npec.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Automotive - Other.www.npec.com."",""InfobloxRPZ"":""CAT_Automotive - Other"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Automotive - Other"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Automotive - Other"",""InfobloxB1ThreatIndicator"":""www.npec.com"",""InfobloxB1FeedName"":""CAT_Automotive - Other"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Automotive - Other",CAT_Automotive - Other,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,www.npec.com,,,,A,,,Automotive - Other,,,,,,,,,99986,,,CAT_Automotive - Other,CAT_Automotive - Other.www.npec.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:26.314 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Painting.rpgallerynow.info.;InfobloxRPZ=CAT_Painting;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Painting;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Painting;InfobloxB1ThreatIndicator=rpgallerynow.info;InfobloxB1FeedName=CAT_Painting;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,rpgallerynow.info.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite rpgallerynow.info. [A] via CAT_Painting.rpgallerynow.info.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Painting.rpgallerynow.info."",""InfobloxRPZ"":""CAT_Painting"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Painting"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Painting"",""InfobloxB1ThreatIndicator"":""rpgallerynow.info"",""InfobloxB1FeedName"":""CAT_Painting"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Painting",CAT_Painting,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,rpgallerynow.info,,,,A,,,Painting,,,,,,,,,99986,,,CAT_Painting,CAT_Painting.rpgallerynow.info.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:26.313 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.garlic.dyndns.pro.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon;InfobloxB1ThreatIndicator=garlic.dyndns.pro;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,ftp.garlic.dyndns.pro.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.garlic.dyndns.pro. [A] via base.ftp.garlic.dyndns.pro.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.garlic.dyndns.pro."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon"",""InfobloxB1ThreatIndicator"":""garlic.dyndns.pro"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,garlic.dyndns.pro,,,,A,,,,,,,,,,,,99986,,,base,base.ftp.garlic.dyndns.pro.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:25.591 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk",,DNS,,alosh66.linkpc.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""alosh66.linkpc.net. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,38275,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk""}",,1,1,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:25.110 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Parked & For Sale Domains.alosh66.linkpc.net.;InfobloxRPZ=CAT_Parked & For Sale Domains;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Parked & For Sale Domains;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk;InfobloxB1ThreatIndicator=alosh66.linkpc.net;InfobloxB1FeedName=CAT_Parked & For Sale Domains;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,alosh66.linkpc.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite alosh66.linkpc.net. [A] via CAT_Parked & For Sale Domains.alosh66.linkpc.net.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,38275,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Parked & For Sale Domains.alosh66.linkpc.net."",""InfobloxRPZ"":""CAT_Parked & For Sale Domains"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Parked & For Sale Domains"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk"",""InfobloxB1ThreatIndicator"":""alosh66.linkpc.net"",""InfobloxB1FeedName"":""CAT_Parked & For Sale Domains"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk",CAT_Parked & For Sale Domains,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,alosh66.linkpc.net,,,,A,,,Parked & For Sale Domains,,,,,,,,,99986,,,CAT_Parked & For Sale Domains,CAT_Parked & For Sale Domains.alosh66.linkpc.net.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:24.625 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk",,DNS,,alosh66.linkpc.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""alosh66.linkpc.net. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,16790,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk""}",,1,1,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:24.549 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Parked & For Sale Domains.alosh66.linkpc.net.;InfobloxRPZ=CAT_Parked & For Sale Domains;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Parked & For Sale Domains;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk;InfobloxB1ThreatIndicator=alosh66.linkpc.net;InfobloxB1FeedName=CAT_Parked & For Sale Domains;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,alosh66.linkpc.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite alosh66.linkpc.net. [A] via CAT_Parked & For Sale Domains.alosh66.linkpc.net.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,16790,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Parked & For Sale Domains.alosh66.linkpc.net."",""InfobloxRPZ"":""CAT_Parked & For Sale Domains"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Parked & For Sale Domains"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk"",""InfobloxB1ThreatIndicator"":""alosh66.linkpc.net"",""InfobloxB1FeedName"":""CAT_Parked & For Sale Domains"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains,antimalware,etiqrisk",CAT_Parked & For Sale Domains,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,alosh66.linkpc.net,,,,A,,,Parked & For Sale Domains,,,,,,,,,99986,,,CAT_Parked & For Sale Domains,CAT_Parked & For Sale Domains.alosh66.linkpc.net.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:22.421 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med",,DNS,,shijihulian.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,38275,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med""}",,0,1,remote_client,"APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:22.421 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,jepsen.r3u8.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""r3u8.com. 0 IN SOA ns1.dnsowl.com. hostmaster.dnsowl.com. 1689738902 7200 1800 1209600 600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,38275,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:22.421 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,mymail.com-recoveryidentifiers.bid.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""bid. 205 IN SOA ns1.dns.nic.bid. admin.tldns.godaddy. 1689738963 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,38275,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:22.420 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,books-google.accountservice.support.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""books-google.accountservice.support. 300 IN A 172.67.221.62  books-google.accountservice.support. 300 IN A 104.21.24.249  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,38275,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,2,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:22.346 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.shijihulian.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med;InfobloxB1ThreatIndicator=shijihulian.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,shijihulian.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite shijihulian.com. [A] via base.shijihulian.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,38275,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.shijihulian.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med"",""InfobloxB1ThreatIndicator"":""shijihulian.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,shijihulian.com,,,,A,,,,,,,,,,,,99986,,,base,base.shijihulian.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.936 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Painting",,DNS,,rpgallerynow.info.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpgallerynow.info. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Painting""}",,1,1,remote_client,"APP_Uncategorized,CAT_Painting",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.935 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,rapidlyserv.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689740033 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.935 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon",,DNS,,ftp.garlic.dyndns.pro.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon""}",,0,1,remote_client,"APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.935 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco",,DNS,,google.ninth.biz.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""biz. 892 IN SOA a.gtld.biz. admin.tldns.godaddy. 1689739507 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco""}",,0,1,remote_client,"APP_Uncategorized,CAT_Web Hosting, ISP & Telco",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.935 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business Software,CAT_Technology - Other",,DNS,,hyphen.dyndns.biz.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""dyndns.biz. 0 IN SOA ns1.dyndns.org. hostmaster.dyndns.org. 2570511690 10800 1800 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business Software,CAT_Technology - Other""}",,0,1,remote_client,"APP_Uncategorized,CAT_Business Software,CAT_Technology - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.935 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,lhc4422.club.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""club. 269 IN SOA ns1.dns.nic.club. admin.tldns.godaddy. 1689738901 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.934 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,recoverycodeconfirm.bid.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""bid. 525 IN SOA ns1.dns.nic.bid. admin.tldns.godaddy. 1689738963 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,51323,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.934 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Information Security",,DNS,,ocsp.edge.digicert.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ocsp.edge.digicert.com. 2799 IN CNAME fp2e7a.wpc.2be4.phicdn.net.  fp2e7a.wpc.2be4.phicdn.net. 2801 IN CNAME fp2e7a.wpc.phicdn.net.  fp2e7a.wpc.phicdn.net. 2801 IN A 192.229.211.108  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,6467,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Information Security""}",,3,1,dfp,"APP_Uncategorized,CAT_Information Security",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.934 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,fp2e7a.wpc.phicdn.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wpc.phicdn.net. 488 IN SOA ns1.phicdn.net. noc.edgecast.com. 1687840161 3600 600 604800 600  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,6467,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,dfp,"APP_Uncategorized,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.934 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,fp2e7a.wpc.phicdn.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""fp2e7a.wpc.phicdn.net. 588 IN A 192.229.211.108  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,6467,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,1,1,dfp,"APP_Uncategorized,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.934 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Information Security",,DNS,,ocsp.digicert.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ocsp.digicert.com. 16360 IN CNAME ocsp.edge.digicert.com.  ocsp.edge.digicert.com. 2530 IN CNAME fp2e7a.wpc.2be4.phicdn.net.  fp2e7a.wpc.2be4.phicdn.net. 2530 IN CNAME fp2e7a.wpc.phicdn.net.  fp2e7a.wpc.phicdn.net. 2530 IN A 192.229.211.108  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,6467,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Information Security""}",,4,1,dfp,"APP_Uncategorized,CAT_Information Security",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.934 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,fp2e7a.wpc.2be4.phicdn.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""fp2e7a.wpc.2be4.phicdn.net. 3600 IN CNAME fp2e7a.wpc.phicdn.net.  fp2e7a.wpc.phicdn.net. 3600 IN A 192.229.211.108  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,6467,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,2,1,dfp,"APP_Uncategorized,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.933 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable",,DNS,,locprod2-elb-us-west-2.prod.mozaws.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""prod.mozaws.net. 264 IN SOA ns-1260.awsdns-29.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,6467,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable""}",,0,1,dfp,"APP_Uncategorized,CAT_Unreachable",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.933 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable",,DNS,,locprod2-elb-us-west-2.prod.mozaws.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""locprod2-elb-us-west-2.prod.mozaws.net. 4 IN A 52.42.53.182  locprod2-elb-us-west-2.prod.mozaws.net. 4 IN A 44.239.109.225  locprod2-elb-us-west-2.prod.mozaws.net. 4 IN A 52.24.231.34  locprod2-elb-us-west-2.prod.mozaws.net. 4 IN A 44.236.220.151  locprod2-elb-us-west-2.prod.mozaws.net. 4 IN A 54.213.11.100  locprod2-elb-us-west-2.prod.mozaws.net. 4 IN A 44.239.37.149  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,6467,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable""}",,6,1,dfp,"APP_Uncategorized,CAT_Unreachable",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:21.933 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=7;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,location.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""location.services.mozilla.com. 502 IN CNAME locprod2-elb-us-west-2.prod.mozaws.net.  locprod2-elb-us-west-2.prod.mozaws.net. 26 IN A 44.239.37.149  locprod2-elb-us-west-2.prod.mozaws.net. 26 IN A 52.24.231.34  locprod2-elb-us-west-2.prod.mozaws.net. 26 IN A 54.213.11.100  locprod2-elb-us-west-2.prod.mozaws.net. 26 IN A 44.236.220.151  locprod2-elb-us-west-2.prod.mozaws.net. 26 IN A 44.239.109.225  locprod2-elb-us-west-2.prod.mozaws.net. 26 IN A 52.42.53.182  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,6467,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""7"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,7,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:19.051 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,hg8l3u.loan.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""loan. 900 IN SOA ns1.dns.nic.loan. admin.tldns.godaddy. 1689739384 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:14.312 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,portal-office.fr.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""fr. 514 IN SOA a.nic.fr. dnsmaster.afnic.fr. 2236161754 3600 1800 3600000 600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:14.312 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,activity-confirmation-service.info.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:14.311 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,hangout.com-messagecenter.bid.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""bid. 289 IN SOA ns1.dns.nic.bid. admin.tldns.godaddy. 1689738963 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:14.311 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,p6p6.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""net. 896 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689740018 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:14.311 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,bluesync2121.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689740018 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:14.311 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,result2.com-servicescustomer.name.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""name. 3600 IN SOA ac1.nstld.com. info.verisign-grs.com. 1689740016 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:14.198 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.activity-confirmation-service.info.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_Generic;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=activity-confirmation-service.info;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,activity-confirmation-service.info.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite activity-confirmation-service.info. [A] via base.activity-confirmation-service.info.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.activity-confirmation-service.info."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_Generic"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""activity-confirmation-service.info"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,activity-confirmation-service.info,,,,A,,,,,,,,,,,,99986,,,base,base.activity-confirmation-service.info.,,0,100,APT_Generic,,,,,,100,High,APT,Generic
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:10.490 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,hgiihb.loan.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""loan. 900 IN SOA ns1.dns.nic.loan. admin.tldns.godaddy. 1689739384 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:10.490 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,base",,DNS,,mediacloudsolution.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:10.490 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",,DNS,,ftp.markjpninfos.vizvaz.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:10.490 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,hg08f9y.host.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""host. 3600 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 3000455415 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:10.490 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,mail.google.com-recoveryservice.info.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""info. 3480 IN SOA a0.info.afilias-nst.info. hostmaster.donuts.email. 1689739435 7200 900 1209600 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:10.490 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,k11jr.loan.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""loan. 900 IN SOA ns1.dns.nic.loan. admin.tldns.godaddy. 1689739384 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:09.867 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.mediacloudsolution.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,base;InfobloxB1ThreatIndicator=mediacloudsolution.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,mediacloudsolution.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite mediacloudsolution.com. [A] via base.mediacloudsolution.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.mediacloudsolution.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,base"",""InfobloxB1ThreatIndicator"":""mediacloudsolution.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Content Server,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,mediacloudsolution.com,,,,A,,,,,,,,,,,,99986,,,base,base.mediacloudsolution.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:09.866 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.markjpninfos.vizvaz.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base;InfobloxB1ThreatIndicator=markjpninfos.vizvaz.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,ftp.markjpninfos.vizvaz.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.markjpninfos.vizvaz.com. [A] via base.ftp.markjpninfos.vizvaz.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.markjpninfos.vizvaz.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base"",""InfobloxB1ThreatIndicator"":""markjpninfos.vizvaz.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,markjpninfos.vizvaz.com,,,,A,,,,,,,,,,,,99986,,,base,base.ftp.markjpninfos.vizvaz.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:06.187 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,v4ccm.website.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""website. 3600 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 3000470743 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:06.187 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,r5h1y.trade.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""trade. 844 IN SOA ns1.dns.nic.trade. admin.tldns.godaddy. 1689733327 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:06.186 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Pornography,base",,DNS,,oa.2waky.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Pornography,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Pornography,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:06.186 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,emailfound.info.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""info. 3310 IN SOA a0.info.afilias-nst.info. hostmaster.donuts.email. 1689739435 7200 900 1209600 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:06.186 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,ftp.scarlet-witch.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:06.186 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,www.fu.epac.to.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:06.185 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base",,DNS,,www.register.ourhobby.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:05.730 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.oa.2waky.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Pornography,base;InfobloxB1ThreatIndicator=oa.2waky.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,oa.2waky.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite oa.2waky.com. [A] via base.oa.2waky.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.oa.2waky.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Pornography,base"",""InfobloxB1ThreatIndicator"":""oa.2waky.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Pornography,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,oa.2waky.com,,,,A,,,,,,,,,,,,99986,,,base,base.oa.2waky.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:05.729 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.www.fu.epac.to.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=fu.epac.to;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,www.fu.epac.to.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite www.fu.epac.to. [A] via base.www.fu.epac.to.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.www.fu.epac.to."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""fu.epac.to"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,fu.epac.to,,,,A,,,,,,,,,,,,99986,,,base,base.www.fu.epac.to.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:05.729 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.www.register.ourhobby.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base;InfobloxB1ThreatIndicator=www.register.ourhobby.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,www.register.ourhobby.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite www.register.ourhobby.com. [A] via base.www.register.ourhobby.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.www.register.ourhobby.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base"",""InfobloxB1ThreatIndicator"":""www.register.ourhobby.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,www.register.ourhobby.com,,,,A,,,,,,,,,,,,99986,,,base,base.www.register.ourhobby.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:05.729 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.scarlet-witch.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=scarlet-witch.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,ftp.scarlet-witch.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.scarlet-witch.com. [A] via base.ftp.scarlet-witch.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.scarlet-witch.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""scarlet-witch.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,scarlet-witch.com,,,,A,,,,,,,,,,,,99986,,,base,base.ftp.scarlet-witch.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:01.167 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,afkarehroshan.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689740018 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:01.167 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,ua-freedom.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689739998 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:01.167 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Information Security",,DNS,,usa-mail.scieron.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""scieron.com. 1800 IN SOA alexia.ns.cloudflare.com. dns.cloudflare.com. 2314636889 10000 2400 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Information Security""}",,0,1,remote_client,"APP_Uncategorized,CAT_Information Security",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:01.167 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,radiorig.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""radiorig.com. 62400 IN A 52.20.84.62  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:01.167 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,trendeigheone.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689739998 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:01.167 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,rvq2k.trade.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""trade. 563 IN SOA ns1.dns.nic.trade. admin.tldns.godaddy. 1689733327 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:14:01.167 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,s3fof.club.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""club. 900 IN SOA ns1.dns.nic.club. admin.tldns.godaddy. 1689739516 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:57.961 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 14 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 14 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 14 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 14 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 14 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 14 IN AAAA 2001:67c:1562::23  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,37636,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:55.822 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,2sk91.space.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""space. 3083 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 3000470213 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:55.821 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,hg8p7q.tech.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""tech. 3204 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 354536 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:55.821 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,udp.jjevil.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:55.821 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base",,DNS,,cloudmicrosoft.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:55.821 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,accounts.google-caches.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:55.747 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.udp.jjevil.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=udp.jjevil.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,udp.jjevil.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite udp.jjevil.com. [A] via base.udp.jjevil.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.udp.jjevil.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""udp.jjevil.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,udp.jjevil.com,,,,A,,,,,,,,,,,,99986,,,base,base.udp.jjevil.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:55.747 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.accounts.google-caches.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=google-caches.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,accounts.google-caches.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite accounts.google-caches.com. [A] via base.accounts.google-caches.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.accounts.google-caches.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""google-caches.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,google-caches.com,,,,A,,,,,,,,,,,,99986,,,base,base.accounts.google-caches.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:55.747 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.cloudmicrosoft.net.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base;InfobloxB1ThreatIndicator=cloudmicrosoft.net;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,cloudmicrosoft.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite cloudmicrosoft.net. [A] via base.cloudmicrosoft.net.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.cloudmicrosoft.net."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base"",""InfobloxB1ThreatIndicator"":""cloudmicrosoft.net"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,cloudmicrosoft.net,,,,A,,,,,,,,,,,,99986,,,base,base.cloudmicrosoft.net.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:52.214 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon",,DNS,,ftp.imap.onmypc.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon""}",,0,1,remote_client,"APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:52.214 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Advocacy Groups & Trade Associations,CAT_Entertainment Venues & Events,CAT_Social & Affiliation Organizations",,DNS,,editorswa.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""editorswa.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Advocacy Groups & Trade Associations,CAT_Entertainment Venues & Events,CAT_Social & Affiliation Organizations""}",,1,1,remote_client,"APP_Uncategorized,CAT_Advocacy Groups & Trade Associations,CAT_Entertainment Venues & Events,CAT_Social & Affiliation Organizations",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:52.214 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Construction",,DNS,,www.gholghola.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""www.gholghola.com. 14400 IN CNAME gholghola.com.  gholghola.com. 14400 IN A 220.158.232.16  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Construction""}",,2,1,remote_client,"APP_Uncategorized,CAT_Construction",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:52.214 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,northropgrumman.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""northropgrumman.net. 3600 IN SOA dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1619140941 43200 3600 604800 3601  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:52.214 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,msupdates.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""msupdates.com. 10800 IN CNAME traff-6.hugedomains.com.  traff-6.hugedomains.com. 120 IN CNAME hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com.  hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com. 12 IN A 18.119.154.66  hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com. 12 IN A 3.140.13.188  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,4,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:52.214 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,jobscenters.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:52.214 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Peer-to-Peer,CAT_Web Hosting, ISP & Telco,etiqrisk-ip",,DNS,,kaqinsiji.dnset.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""kaqinsiji.dnset.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Peer-to-Peer,CAT_Web Hosting, ISP & Telco,etiqrisk-ip""}",,1,1,remote_client,"APP_Uncategorized,CAT_Peer-to-Peer,CAT_Web Hosting, ISP & Telco,etiqrisk-ip",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:52.213 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,yourservers.blog-pixnet.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:52.213 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,etiqrisk-ip",,DNS,,www.registration2.instanthq.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""www.registration2.instanthq.com. 30 IN A 204.16.169.54  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,etiqrisk-ip""}",,1,1,remote_client,"APP_Uncategorized,CAT_Web Hosting, ISP & Telco,etiqrisk-ip",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:51.743 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.imap.onmypc.net.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon;InfobloxB1ThreatIndicator=imap.onmypc.net;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,ftp.imap.onmypc.net.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.imap.onmypc.net. [A] via base.ftp.imap.onmypc.net.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.imap.onmypc.net."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon"",""InfobloxB1ThreatIndicator"":""imap.onmypc.net"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,imap.onmypc.net,,,,A,,,,,,,,,,,,99986,,,base,base.ftp.imap.onmypc.net.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:51.743 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Advocacy Groups & Trade Associations.editorswa.com.;InfobloxRPZ=CAT_Advocacy Groups & Trade Associations;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Advocacy Groups & Trade Associations;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Advocacy Groups & Trade Associations,CAT_Entertainment Venues & Events,CAT_Social & Affiliation Organizations;InfobloxB1ThreatIndicator=editorswa.com;InfobloxB1FeedName=CAT_Advocacy Groups & Trade Associations;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,editorswa.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite editorswa.com. [A] via CAT_Advocacy Groups & Trade Associations.editorswa.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Advocacy Groups & Trade Associations.editorswa.com."",""InfobloxRPZ"":""CAT_Advocacy Groups & Trade Associations"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Advocacy Groups & Trade Associations"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Advocacy Groups & Trade Associations,CAT_Entertainment Venues & Events,CAT_Social & Affiliation Organizations"",""InfobloxB1ThreatIndicator"":""editorswa.com"",""InfobloxB1FeedName"":""CAT_Advocacy Groups & Trade Associations"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Advocacy Groups & Trade Associations,CAT_Entertainment Venues & Events,CAT_Social & Affiliation Organizations",CAT_Advocacy Groups & Trade Associations,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,editorswa.com,,,,A,,,Advocacy Groups & Trade Associations,,,,,,,,,99986,,,CAT_Advocacy Groups & Trade Associations,CAT_Advocacy Groups & Trade Associations.editorswa.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:51.742 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Peer-to-Peer.kaqinsiji.dnset.com.;InfobloxRPZ=CAT_Peer-to-Peer;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Peer-to-Peer;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Peer-to-Peer,CAT_Web Hosting, ISP & Telco,etiqrisk-ip;InfobloxB1ThreatIndicator=kaqinsiji.dnset.com;InfobloxB1FeedName=CAT_Peer-to-Peer;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,kaqinsiji.dnset.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite kaqinsiji.dnset.com. [A] via CAT_Peer-to-Peer.kaqinsiji.dnset.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Peer-to-Peer.kaqinsiji.dnset.com."",""InfobloxRPZ"":""CAT_Peer-to-Peer"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Peer-to-Peer"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Peer-to-Peer,CAT_Web Hosting, ISP & Telco,etiqrisk-ip"",""InfobloxB1ThreatIndicator"":""kaqinsiji.dnset.com"",""InfobloxB1FeedName"":""CAT_Peer-to-Peer"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Peer-to-Peer,CAT_Web Hosting, ISP & Telco,etiqrisk-ip",CAT_Peer-to-Peer,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,kaqinsiji.dnset.com,,,,A,,,Peer-to-Peer,,,,,,,,,99986,,,CAT_Peer-to-Peer,CAT_Peer-to-Peer.kaqinsiji.dnset.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:51.742 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.yourservers.blog-pixnet.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=yourservers.blog-pixnet.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,yourservers.blog-pixnet.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite yourservers.blog-pixnet.com. [A] via base.yourservers.blog-pixnet.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.yourservers.blog-pixnet.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""yourservers.blog-pixnet.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,yourservers.blog-pixnet.com,,,,A,,,,,,,,,,,,99986,,,base,base.yourservers.blog-pixnet.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:51.742 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.jobscenters.org.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=jobscenters.org;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,jobscenters.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite jobscenters.org. [A] via base.jobscenters.org.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.jobscenters.org."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""jobscenters.org"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,jobscenters.org,,,,A,,,,,,,,,,,,99986,,,base,base.jobscenters.org.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:48.578 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains,base",,DNS,,microos.jumpingcrab.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:48.578 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,walla.link.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""walla.link. 80750 IN A 46.38.249.145  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:48.577 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,bogon",,DNS,,ftp.windowsstores.organiccrap.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,bogon""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base,bogon",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:48.577 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Defender Antivirus,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,checkappexec.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""checkappexec.microsoft.com. 2414 IN CNAME wd-prod-ss.trafficmanager.net.  wd-prod-ss.trafficmanager.net. 293 IN CNAME wd-prod-ss-us-east-2-fe.eastus.cloudapp.azure.com.  wd-prod-ss-us-east-2-fe.eastus.cloudapp.azure.com. 9 IN A 20.120.56.233  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Microsoft Defender Antivirus,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,3,1,remote_client,"APP_Microsoft Defender Antivirus,CAT_Business Software,CAT_Productivity,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:48.577 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,files.serveusers.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:48.577 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,daddy.gostudyantivirus.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689739998 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:48.001 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.microos.jumpingcrab.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains,base;InfobloxB1ThreatIndicator=jumpingcrab.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,microos.jumpingcrab.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite microos.jumpingcrab.com. [A] via base.microos.jumpingcrab.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.microos.jumpingcrab.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains,base"",""InfobloxB1ThreatIndicator"":""jumpingcrab.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,jumpingcrab.com,,,,A,,,,,,,,,,,,99986,,,base,base.microos.jumpingcrab.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:48.001 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.files.serveusers.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=files.serveusers.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,files.serveusers.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite files.serveusers.com. [A] via base.files.serveusers.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.files.serveusers.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""files.serveusers.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,files.serveusers.com,,,,A,,,,,,,,,,,,99986,,,base,base.files.serveusers.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:48.001 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-NXDOMAIN,RPZ EVENT QNAME NXDOMAIN,8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.windowsstores.organiccrap.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,bogon;InfobloxB1ThreatIndicator=windowsstores.organiccrap.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,ftp.windowsstores.organiccrap.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.windowsstores.organiccrap.com. [A] via base.ftp.windowsstores.organiccrap.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,42427,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,Sentinel-Demo-CDC,OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.windowsstores.organiccrap.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,bogon"",""InfobloxB1ThreatIndicator"":""windowsstores.organiccrap.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,remote_client,"APP_Uncategorized,CAT_Uncategorized,base,bogon",Base,FQDN,BloxOne Endpoint,,,Block,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,windowsstores.organiccrap.com,,,,A,,,,,,,,,,,,99986,,,base,base.ftp.windowsstores.organiccrap.com.,,0,100,APT_MalwareC2,,,,,,100,High,APT,MalwareC2
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:47.435 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Defender Antivirus,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,checkappexec.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""checkappexec.microsoft.com. 424 IN CNAME wd-prod-ss.trafficmanager.net.  wd-prod-ss.trafficmanager.net. 281 IN CNAME wd-prod-ss-us-east-2-fe.eastus.cloudapp.azure.com.  wd-prod-ss-us-east-2-fe.eastus.cloudapp.azure.com. 9 IN A 20.120.56.233  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,52119,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Microsoft Defender Antivirus,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,3,1,remote_client,"APP_Microsoft Defender Antivirus,CAT_Business Software,CAT_Productivity,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:37.150 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;Vbx9pTDdTtSIdPLerhTLqr3ZEwsK+0sXra4mAn5khgSFyknINBGeVKYIqF3LJxYzmmlqzk06xFP3nMbM4iGrUuZmrnZbGRArUc1OXrE0vzaBio3B8CXrYBD+GZQIEOt0rH85SEem/WdMlNBvX3GYbCrwUckmxx1Rq1+4FltG+cs=  . 32768 4096 OPT "";InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,ns2.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns2.infoblox.com. 2112 IN A 38.108.181.211  ns2.infoblox.com. 2112 IN RRSIG A 8 3 3600 20230722152046 20230718142920 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,25014,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""Vbx9pTDdTtSIdPLerhTLqr3ZEwsK+0sXra4mAn5khgSFyknINBGeVKYIqF3LJxYzmmlqzk06xFP3nMbM4iGrUuZmrnZbGRArUc1OXrE0vzaBio3B8CXrYBD+GZQIEOt0rH85SEem/WdMlNBvX3GYbCrwUckmxx1Rq1+4FltG+cs"":""  . 32768 4096 OPT \"""",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,"  . 32768 4096 OPT """,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:37.150 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;baYR42SOW46H9tIJsvvgoIpoy/O2bJbxaIPxCwuVRmr3N+w4Fb3KYX5t7G9c/9W9vVgC8fdZnYUfvKc9lNVI6tC3w4t+8ylCPGcfP4SRvEPPozQkYXmvm1rdHyL+Fg74OWgXvW/rOo5rtBbCbBxsfAJdDPQaDOPIyEaMAtzlObE=  . 32768 4096 OPT "";InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,ns7.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns7.infoblox.com. 3133 IN A 3.211.162.1  ns7.infoblox.com. 3133 IN RRSIG A 8 3 3600 20230722062600 20230718062455 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,25014,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""baYR42SOW46H9tIJsvvgoIpoy/O2bJbxaIPxCwuVRmr3N+w4Fb3KYX5t7G9c/9W9vVgC8fdZnYUfvKc9lNVI6tC3w4t+8ylCPGcfP4SRvEPPozQkYXmvm1rdHyL+Fg74OWgXvW/rOo5rtBbCbBxsfAJdDPQaDOPIyEaMAtzlObE"":""  . 32768 4096 OPT \"""",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}","  . 32768 4096 OPT """,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:37.149 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN NS NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=NS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 0 IN NS ns3.infoblox.com.  tme.infoblox.com. 0 IN NS ns8.infoblox.com.  tme.infoblox.com. 0 IN NS ns4.infoblox.com.  tme.infoblox.com. 0 IN NS ns7.infoblox.com.  tme.infoblox.com. 0 IN NS ns2.infoblox.com.  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,25014,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""NS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,5,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,NS,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:32.651 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 45 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 45 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 45 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 45 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 45 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 45 IN AAAA 2620:2d:4000:1::2b  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,25014,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:28.968 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns2.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns2.infoblox.com. 2112 IN A 38.108.181.211  . 219643 IN NS m.root-servers.net.  . 219643 IN NS a.root-servers.net.  . 219643 IN NS l.root-servers.net.  . 219643 IN NS i.root-servers.net.  . 219643 IN NS g.root-servers.net.  . 219643 IN NS b.root-servers.net.  . 219643 IN NS e.root-servers.net.  . 219643 IN NS f.root-servers.net.  . 219643 IN NS d.root-servers.net.  . 219643 IN NS h.root-servers.net.  . 219643 IN NS j.root-servers.net.  . 219643 IN NS k.root-servers.net.  . 219643 IN NS c.root-servers.net.  a.root-servers.net. 219643 IN A 198.41.0.4  b.root-servers.net. 219643 IN A 199.9.14.201  c.root-servers.net. 219643 IN A 192.33.4.12  d.root-servers.net. 219643 IN A 199.7.91.13  e.root-servers.net. 219643 IN A 192.203.230.10  f.root-servers.net. 219643 IN A 192.5.5.241  g.root-servers.net. 219643 IN A 192.112.36.4  h.root-servers.net. 219643 IN A 198.97.190.53  i.root-servers.net. 219643 IN A 192.36.148.17  j.root-servers.net. 219643 IN A 192.58.128.30  k.root-servers.net. 219643 IN A 193.0.14.129  l.root-servers.net. 219643 IN A 199.7.83.42  m.root-servers.net. 219643 IN A 202.12.27.33  a.root-servers.net. 219643 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,54545,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:28.968 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN NS NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=NS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 0 IN NS ns7.infoblox.com.  tme.infoblox.com. 0 IN NS ns2.infoblox.com.  tme.infoblox.com. 0 IN NS ns3.infoblox.com.  tme.infoblox.com. 0 IN NS ns4.infoblox.com.  tme.infoblox.com. 0 IN NS ns8.infoblox.com.""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,55247,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""NS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,5,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,NS,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:28.967 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns7.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns7.infoblox.com. 3133 IN A 3.211.162.1  . 219643 IN NS c.root-servers.net.  . 219643 IN NS i.root-servers.net.  . 219643 IN NS h.root-servers.net.  . 219643 IN NS b.root-servers.net.  . 219643 IN NS f.root-servers.net.  . 219643 IN NS d.root-servers.net.  . 219643 IN NS g.root-servers.net.  . 219643 IN NS e.root-servers.net.  . 219643 IN NS a.root-servers.net.  . 219643 IN NS m.root-servers.net.  . 219643 IN NS l.root-servers.net.  . 219643 IN NS j.root-servers.net.  . 219643 IN NS k.root-servers.net.  a.root-servers.net. 219643 IN A 198.41.0.4  b.root-servers.net. 219643 IN A 199.9.14.201  c.root-servers.net. 219643 IN A 192.33.4.12  d.root-servers.net. 219643 IN A 199.7.91.13  e.root-servers.net. 219643 IN A 192.203.230.10  f.root-servers.net. 219643 IN A 192.5.5.241  g.root-servers.net. 219643 IN A 192.112.36.4  h.root-servers.net. 219643 IN A 198.97.190.53  i.root-servers.net. 219643 IN A 192.36.148.17  j.root-servers.net. 219643 IN A 192.58.128.30  k.root-servers.net. 219643 IN A 193.0.14.129  l.root-servers.net. 219643 IN A 199.7.83.42  m.root-servers.net. 219643 IN A 202.12.27.33  a.root-servers.net. 219643 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,56590,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:28.424 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns2.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns2.infoblox.com. 2112 IN A 38.108.181.211  . 219643 IN NS m.root-servers.net.  . 219643 IN NS a.root-servers.net.  . 219643 IN NS l.root-servers.net.  . 219643 IN NS i.root-servers.net.  . 219643 IN NS g.root-servers.net.  . 219643 IN NS b.root-servers.net.  . 219643 IN NS e.root-servers.net.  . 219643 IN NS f.root-servers.net.  . 219643 IN NS d.root-servers.net.  . 219643 IN NS h.root-servers.net.  . 219643 IN NS j.root-servers.net.  . 219643 IN NS k.root-servers.net.  . 219643 IN NS c.root-servers.net.  a.root-servers.net. 219643 IN A 198.41.0.4  b.root-servers.net. 219643 IN A 199.9.14.201  c.root-servers.net. 219643 IN A 192.33.4.12  d.root-servers.net. 219643 IN A 199.7.91.13  e.root-servers.net. 219643 IN A 192.203.230.10  f.root-servers.net. 219643 IN A 192.5.5.241  g.root-servers.net. 219643 IN A 192.112.36.4  h.root-servers.net. 219643 IN A 198.97.190.53  i.root-servers.net. 219643 IN A 192.36.148.17  j.root-servers.net. 219643 IN A 192.58.128.30  k.root-servers.net. 219643 IN A 193.0.14.129  l.root-servers.net. 219643 IN A 199.7.83.42  m.root-servers.net. 219643 IN A 202.12.27.33  a.root-servers.net. 219643 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,54545,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:28.424 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns7.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns7.infoblox.com. 3133 IN A 3.211.162.1  . 219643 IN NS c.root-servers.net.  . 219643 IN NS i.root-servers.net.  . 219643 IN NS h.root-servers.net.  . 219643 IN NS b.root-servers.net.  . 219643 IN NS f.root-servers.net.  . 219643 IN NS d.root-servers.net.  . 219643 IN NS g.root-servers.net.  . 219643 IN NS e.root-servers.net.  . 219643 IN NS a.root-servers.net.  . 219643 IN NS m.root-servers.net.  . 219643 IN NS l.root-servers.net.  . 219643 IN NS j.root-servers.net.  . 219643 IN NS k.root-servers.net.  a.root-servers.net. 219643 IN A 198.41.0.4  b.root-servers.net. 219643 IN A 199.9.14.201  c.root-servers.net. 219643 IN A 192.33.4.12  d.root-servers.net. 219643 IN A 199.7.91.13  e.root-servers.net. 219643 IN A 192.203.230.10  f.root-servers.net. 219643 IN A 192.5.5.241  g.root-servers.net. 219643 IN A 192.112.36.4  h.root-servers.net. 219643 IN A 198.97.190.53  i.root-servers.net. 219643 IN A 192.36.148.17  j.root-servers.net. 219643 IN A 192.58.128.30  k.root-servers.net. 219643 IN A 193.0.14.129  l.root-servers.net. 219643 IN A 199.7.83.42  m.root-servers.net. 219643 IN A 202.12.27.33  a.root-servers.net. 219643 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,56590,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:28.424 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN NS NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=NS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 0 IN NS ns7.infoblox.com.  tme.infoblox.com. 0 IN NS ns2.infoblox.com.  tme.infoblox.com. 0 IN NS ns3.infoblox.com.  tme.infoblox.com. 0 IN NS ns4.infoblox.com.  tme.infoblox.com. 0 IN NS ns8.infoblox.com.""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,55247,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""NS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,5,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,NS,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:28.423 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 45 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 45 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 45 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 45 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 45 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 45 IN AAAA 2620:2d:4000:1::2b  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,57917,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:01.370 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;J5aqktuEZUMQ/0RY2R+HO1a+gSFKaBJM8X6BQ56jvFUQhd0XxkufnJg55VqMqPYusR3FF64kMN3qrCs+Ptj99vH06W6A8j7nWPPpVeroePNnW+SrRDWKZteWaO5c/nh0WTpXEzK3PeY/5A0p8CdqHZJ1Jj52h5rkUODobyzO77o=  . 32768 4096 OPT "";InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,thens.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""thens.infoblox.com. 0 IN A 38.108.181.200  thens.infoblox.com. 0 IN RRSIG A 8 3 3600 20230722185329 20230718181630 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,63346,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""J5aqktuEZUMQ/0RY2R+HO1a+gSFKaBJM8X6BQ56jvFUQhd0XxkufnJg55VqMqPYusR3FF64kMN3qrCs+Ptj99vH06W6A8j7nWPPpVeroePNnW+SrRDWKZteWaO5c/nh0WTpXEzK3PeY/5A0p8CdqHZJ1Jj52h5rkUODobyzO77o"":""  . 32768 4096 OPT \"""",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,"  . 32768 4096 OPT """,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:13:01.369 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN SOA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=SOA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,sentinel-ep-2.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 1800 IN SOA thens.infoblox.com. dns.infoblox.com. 16 10800 3600 1209600 3600  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,63346,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""SOA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,0,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,SOA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:12:54.916 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 7 IN A 185.125.190.49  connectivity-check.ubuntu.com. 7 IN A 35.224.170.84  connectivity-check.ubuntu.com. 7 IN A 34.122.121.32  connectivity-check.ubuntu.com. 7 IN A 35.232.111.17  connectivity-check.ubuntu.com. 7 IN A 185.125.190.48  connectivity-check.ubuntu.com. 7 IN A 91.189.91.48  connectivity-check.ubuntu.com. 7 IN A 91.189.91.49  connectivity-check.ubuntu.com. 7 IN A 185.125.190.17  connectivity-check.ubuntu.com. 7 IN A 185.125.190.18  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,63346,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:12:51.046 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Shareware & Freeware",,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""services.mozilla.com. 821 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,63346,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Shareware & Freeware""}",,0,1,dfp,"APP_Uncategorized,CAT_Shareware & Freeware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:12:48.630 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Shareware & Freeware",,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""contile.services.mozilla.com. 40 IN A 34.117.237.239  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,63346,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Shareware & Freeware""}",,1,1,dfp,"APP_Uncategorized,CAT_Shareware & Freeware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:12:24.581 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:12:22.166 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Portal Sites",,DNS,,assets.msn.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""assets.msn.com. 7675 IN CNAME assets.msn.com.edgekey.net.  assets.msn.com.edgekey.net. 238 IN CNAME e28578.d.akamaiedge.net.  e28578.d.akamaiedge.net. 8 IN A 23.223.242.24  e28578.d.akamaiedge.net. 8 IN A 23.223.242.10  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,47310,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Portal Sites""}",,4,1,remote_client,"APP_Uncategorized,CAT_Portal Sites",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:12:22.165 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Portal Sites",,DNS,,cdn.content.prod.cms.msn.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""cdn.content.prod.cms.msn.com. 18202 IN CNAME cdn.content.prod.cms.msn.com.edgekey.net.  cdn.content.prod.cms.msn.com.edgekey.net. 612 IN CNAME e10663.dscg.akamaiedge.net.  e10663.dscg.akamaiedge.net. 0 IN A 23.56.194.13  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,47310,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Portal Sites""}",,3,1,remote_client,"APP_Uncategorized,CAT_Portal Sites",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:12:18.839 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Google Safe Browsing,CAT_Content Server",,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 112 IN AAAA 2607:f8b0:4005:80f::200a  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,12487,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Google Safe Browsing,CAT_Content Server""}",,1,1,dfp,"APP_Google Safe Browsing,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:12:18.838 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Google Safe Browsing,CAT_Content Server",,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 24 IN A 142.250.191.42  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,12487,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Google Safe Browsing,CAT_Content Server""}",,1,1,dfp,"APP_Google Safe Browsing,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:12:13.840 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 112 IN AAAA 2607:f8b0:4005:80f::200a  . 219720 IN NS c.root-servers.net.  . 219720 IN NS b.root-servers.net.  . 219720 IN NS l.root-servers.net.  . 219720 IN NS j.root-servers.net.  . 219720 IN NS h.root-servers.net.  . 219720 IN NS d.root-servers.net.  . 219720 IN NS e.root-servers.net.  . 219720 IN NS g.root-servers.net.  . 219720 IN NS f.root-servers.net.  . 219720 IN NS i.root-servers.net.  . 219720 IN NS k.root-servers.net.  . 219720 IN NS a.root-servers.net.  . 219720 IN NS m.root-servers.net.  a.root-servers.net. 219720 IN A 198.41.0.4  b.root-servers.net. 219720 IN A 199.9.14.201  c.root-servers.net. 219720 IN A 192.33.4.12  d.root-servers.net. 219720 IN A 199.7.91.13  e.root-servers.net. 219720 IN A 192.203.230.10  f.root-servers.net. 219720 IN A 192.5.5.241  g.root-servers.net. 219720 IN A 192.112.36.4  h.root-servers.net. 219720 IN A 198.97.190.53  i.root-servers.net. 219720 IN A 192.36.148.17  j.root-servers.net. 219720 IN A 192.58.128.30  k.root-servers.net. 219720 IN A 193.0.14.129  l.root-servers.net. 219720 IN A 199.7.83.42  m.root-servers.net. 219720 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,56446,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:12:13.840 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 24 IN A 142.250.191.42  . 219720 IN NS j.root-servers.net.  . 219720 IN NS f.root-servers.net.  . 219720 IN NS i.root-servers.net.  . 219720 IN NS a.root-servers.net.  . 219720 IN NS b.root-servers.net.  . 219720 IN NS e.root-servers.net.  . 219720 IN NS k.root-servers.net.  . 219720 IN NS l.root-servers.net.  . 219720 IN NS d.root-servers.net.  . 219720 IN NS c.root-servers.net.  . 219720 IN NS h.root-servers.net.  . 219720 IN NS g.root-servers.net.  . 219720 IN NS m.root-servers.net.  a.root-servers.net. 219720 IN A 198.41.0.4  b.root-servers.net. 219720 IN A 199.9.14.201  c.root-servers.net. 219720 IN A 192.33.4.12  d.root-servers.net. 219720 IN A 199.7.91.13  e.root-servers.net. 219720 IN A 192.203.230.10  f.root-servers.net. 219720 IN A 192.5.5.241  g.root-servers.net. 219720 IN A 192.112.36.4  h.root-servers.net. 219720 IN A 198.97.190.53  i.root-servers.net. 219720 IN A 192.36.148.17  j.root-servers.net. 219720 IN A 192.58.128.30  k.root-servers.net. 219720 IN A 193.0.14.129  l.root-servers.net. 219720 IN A 199.7.83.42  m.root-servers.net. 219720 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,52589,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:11:58.815 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,wpad.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wpad.tme.infoblox.com. 3000 IN A 208.50.179.11  . 239272 IN NS b.root-servers.net.  . 239272 IN NS e.root-servers.net.  . 239272 IN NS a.root-servers.net.  . 239272 IN NS k.root-servers.net.  . 239272 IN NS d.root-servers.net.  . 239272 IN NS m.root-servers.net.  . 239272 IN NS l.root-servers.net.  . 239272 IN NS c.root-servers.net.  . 239272 IN NS h.root-servers.net.  . 239272 IN NS f.root-servers.net.  . 239272 IN NS i.root-servers.net.  . 239272 IN NS j.root-servers.net.  . 239272 IN NS g.root-servers.net.  a.root-servers.net. 239272 IN A 198.41.0.4  b.root-servers.net. 239272 IN A 199.9.14.201  c.root-servers.net. 239272 IN A 192.33.4.12  d.root-servers.net. 239272 IN A 199.7.91.13  e.root-servers.net. 239272 IN A 192.203.230.10  f.root-servers.net. 239272 IN A 192.5.5.241  g.root-servers.net. 239272 IN A 192.112.36.4  h.root-servers.net. 239272 IN A 198.97.190.53  i.root-servers.net. 239272 IN A 192.36.148.17  j.root-servers.net. 239272 IN A 192.58.128.30  k.root-servers.net. 239272 IN A 193.0.14.129  l.root-servers.net. 239272 IN A 199.7.83.42  m.root-servers.net. 239272 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,64021,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:11:58.814 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,wpad.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wpad.tme.infoblox.com. 3000 IN A 208.50.179.11  . 239272 IN NS f.root-servers.net.  . 239272 IN NS b.root-servers.net.  . 239272 IN NS h.root-servers.net.  . 239272 IN NS c.root-servers.net.  . 239272 IN NS k.root-servers.net.  . 239272 IN NS a.root-servers.net.  . 239272 IN NS j.root-servers.net.  . 239272 IN NS d.root-servers.net.  . 239272 IN NS m.root-servers.net.  . 239272 IN NS g.root-servers.net.  . 239272 IN NS e.root-servers.net.  . 239272 IN NS l.root-servers.net.  . 239272 IN NS i.root-servers.net.  a.root-servers.net. 239272 IN A 198.41.0.4  b.root-servers.net. 239272 IN A 199.9.14.201  c.root-servers.net. 239272 IN A 192.33.4.12  d.root-servers.net. 239272 IN A 199.7.91.13  e.root-servers.net. 239272 IN A 192.203.230.10  f.root-servers.net. 239272 IN A 192.5.5.241  g.root-servers.net. 239272 IN A 192.112.36.4  h.root-servers.net. 239272 IN A 198.97.190.53  i.root-servers.net. 239272 IN A 192.36.148.17  j.root-servers.net. 239272 IN A 192.58.128.30  k.root-servers.net. 239272 IN A 193.0.14.129  l.root-servers.net. 239272 IN A 199.7.83.42  m.root-servers.net. 239272 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,55962,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:11:58.419 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,wpad.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wpad.tme.infoblox.com. 3000 IN A 208.50.179.11  . 239272 IN NS b.root-servers.net.  . 239272 IN NS e.root-servers.net.  . 239272 IN NS a.root-servers.net.  . 239272 IN NS k.root-servers.net.  . 239272 IN NS d.root-servers.net.  . 239272 IN NS m.root-servers.net.  . 239272 IN NS l.root-servers.net.  . 239272 IN NS c.root-servers.net.  . 239272 IN NS h.root-servers.net.  . 239272 IN NS f.root-servers.net.  . 239272 IN NS i.root-servers.net.  . 239272 IN NS j.root-servers.net.  . 239272 IN NS g.root-servers.net.  a.root-servers.net. 239272 IN A 198.41.0.4  b.root-servers.net. 239272 IN A 199.9.14.201  c.root-servers.net. 239272 IN A 192.33.4.12  d.root-servers.net. 239272 IN A 199.7.91.13  e.root-servers.net. 239272 IN A 192.203.230.10  f.root-servers.net. 239272 IN A 192.5.5.241  g.root-servers.net. 239272 IN A 192.112.36.4  h.root-servers.net. 239272 IN A 198.97.190.53  i.root-servers.net. 239272 IN A 192.36.148.17  j.root-servers.net. 239272 IN A 192.58.128.30  k.root-servers.net. 239272 IN A 193.0.14.129  l.root-servers.net. 239272 IN A 199.7.83.42  m.root-servers.net. 239272 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,64021,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:11:58.418 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,wpad.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wpad.tme.infoblox.com. 3000 IN A 208.50.179.11  . 239272 IN NS f.root-servers.net.  . 239272 IN NS b.root-servers.net.  . 239272 IN NS h.root-servers.net.  . 239272 IN NS c.root-servers.net.  . 239272 IN NS k.root-servers.net.  . 239272 IN NS a.root-servers.net.  . 239272 IN NS j.root-servers.net.  . 239272 IN NS d.root-servers.net.  . 239272 IN NS m.root-servers.net.  . 239272 IN NS g.root-servers.net.  . 239272 IN NS e.root-servers.net.  . 239272 IN NS l.root-servers.net.  . 239272 IN NS i.root-servers.net.  a.root-servers.net. 239272 IN A 198.41.0.4  b.root-servers.net. 239272 IN A 199.9.14.201  c.root-servers.net. 239272 IN A 192.33.4.12  d.root-servers.net. 239272 IN A 199.7.91.13  e.root-servers.net. 239272 IN A 192.203.230.10  f.root-servers.net. 239272 IN A 192.5.5.241  g.root-servers.net. 239272 IN A 192.112.36.4  h.root-servers.net. 239272 IN A 198.97.190.53  i.root-servers.net. 239272 IN A 192.36.148.17  j.root-servers.net. 239272 IN A 192.58.128.30  k.root-servers.net. 239272 IN A 193.0.14.129  l.root-servers.net. 239272 IN A 199.7.83.42  m.root-servers.net. 239272 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,55962,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:09:54.681 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:09:24.568 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN HTTPS NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=HTTPS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Google Safe Browsing,CAT_Content Server",,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""googleapis.com. 53 IN SOA ns1.google.com. dns-admin.google.com. 548957318 900 900 1800 60  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,5544,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""HTTPS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Google Safe Browsing,CAT_Content Server""}",,0,1,remote_client,"APP_Google Safe Browsing,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,HTTPS,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:09:24.092 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Google Safe Browsing,CAT_Content Server",,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 101 IN A 142.250.191.42  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29530,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Google Safe Browsing,CAT_Content Server""}",,1,1,remote_client,"APP_Google Safe Browsing,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:09:02.093 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=5;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,v10.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""v10.events.data.microsoft.com. 3 IN CNAME win-global-asimov-leafs-events-data.trafficmanager.net.  win-global-asimov-leafs-events-data.trafficmanager.net. 3 IN CNAME onedscolprdaus03.australiasoutheast.cloudapp.azure.com.  onedscolprdaus03.australiasoutheast.cloudapp.azure.com. 3 IN A 104.46.162.227  . 231062 IN NS h.root-servers.net.  . 231062 IN NS d.root-servers.net.  . 231062 IN NS a.root-servers.net.  . 231062 IN NS c.root-servers.net.  . 231062 IN NS m.root-servers.net.  . 231062 IN NS l.root-servers.net.  . 231062 IN NS b.root-servers.net.  . 231062 IN NS j.root-servers.net.  . 231062 IN NS e.root-servers.net.  . 231062 IN NS f.root-servers.net.  . 231062 IN NS i.root-servers.net.  . 231062 IN NS g.root-servers.net.  . 231062 IN NS k.root-servers.net.  a.root-servers.net. 231062 IN A 198.41.0.4  b.root-servers.net. 231062 IN A 199.9.14.201  c.root-servers.net. 231062 IN A 192.33.4.12  d.root-servers.net. 231062 IN A 199.7.91.13  e.root-servers.net. 231062 IN A 192.203.230.10""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,56081,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""5"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,5,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:09:02.093 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=5;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,v10.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""v10.events.data.microsoft.com. 3 IN CNAME win-global-asimov-leafs-events-data.trafficmanager.net.  win-global-asimov-leafs-events-data.trafficmanager.net. 3 IN CNAME onedscolprdaus03.australiasoutheast.cloudapp.azure.com.  onedscolprdaus03.australiasoutheast.cloudapp.azure.com. 3 IN A 104.46.162.227  . 231062 IN NS j.root-servers.net.  . 231062 IN NS e.root-servers.net.  . 231062 IN NS i.root-servers.net.  . 231062 IN NS b.root-servers.net.  . 231062 IN NS h.root-servers.net.  . 231062 IN NS m.root-servers.net.  . 231062 IN NS a.root-servers.net.  . 231062 IN NS k.root-servers.net.  . 231062 IN NS g.root-servers.net.  . 231062 IN NS f.root-servers.net.  . 231062 IN NS d.root-servers.net.  . 231062 IN NS c.root-servers.net.  . 231062 IN NS l.root-servers.net.  a.root-servers.net. 231062 IN A 198.41.0.4  b.root-servers.net. 231062 IN A 199.9.14.201  c.root-servers.net. 231062 IN A 192.33.4.12  d.root-servers.net. 231062 IN A 199.7.91.13  e.root-servers.net. 231062 IN A 192.203.230.10""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,56081,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""5"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,5,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:08:34.844 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 50 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 50 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 50 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 50 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 50 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 50 IN AAAA 2001:67c:1562::24  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,34101,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:54.658 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 8 IN A 185.125.190.18  connectivity-check.ubuntu.com. 8 IN A 185.125.190.17  connectivity-check.ubuntu.com. 8 IN A 185.125.190.49  connectivity-check.ubuntu.com. 8 IN A 91.189.91.48  connectivity-check.ubuntu.com. 8 IN A 185.125.190.48  connectivity-check.ubuntu.com. 8 IN A 91.189.91.49  connectivity-check.ubuntu.com. 8 IN A 34.122.121.32  connectivity-check.ubuntu.com. 8 IN A 35.232.111.17  connectivity-check.ubuntu.com. 8 IN A 35.224.170.84  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,50885,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:48.889 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,proxyserverecs-1736642167.us-east-1.elb.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 3 IN A 3.229.85.40  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 3 IN A 34.193.43.112  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 3 IN A 3.229.237.11  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 3 IN A 54.88.103.11  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50885,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,4,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:48.889 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,proxyserverecs-1736642167.us-east-1.elb.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 0 IN A 34.193.43.112  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 0 IN A 3.229.237.11  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 0 IN A 54.88.103.11  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 0 IN A 3.229.85.40  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50885,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,4,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:48.889 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,proxyserverecs-1736642167.us-east-1.elb.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""us-east-1.elb.amazonaws.com. 35 IN SOA ns-1119.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50885,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,0,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:48.888 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Online Information Management",,DNS,,spocs.getpocket.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""spocs.getpocket.com. 207 IN CNAME proxyserverecs-1736642167.us-east-1.elb.amazonaws.com.  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 3 IN A 3.229.85.40  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 3 IN A 34.193.43.112  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 3 IN A 3.229.237.11  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 3 IN A 54.88.103.11  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50885,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Online Information Management""}",,5,1,dfp,"APP_Uncategorized,CAT_Online Information Management",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:36.422 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 112 IN A 142.147.88.111  pool.ntp.org. 112 IN A 165.140.142.118  pool.ntp.org. 112 IN A 108.175.15.67  pool.ntp.org. 112 IN A 208.113.130.146  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,4658,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:35.384 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 123 IN A 205.233.73.201  pool.ntp.org. 123 IN A 23.131.160.7  pool.ntp.org. 123 IN A 108.61.73.244  pool.ntp.org. 123 IN A 209.94.190.139  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,52565,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:24.701 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:22.563 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 36 IN A 69.89.207.199  pool.ntp.org. 36 IN A 5.161.111.190  pool.ntp.org. 36 IN A 99.119.214.210  pool.ntp.org. 36 IN A 204.93.207.12  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,62938,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:20.175 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=6;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,v10.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""v10.events.data.microsoft.com. 5 IN CNAME win-global-asimov-leafs-events-data.trafficmanager.net.  win-global-asimov-leafs-events-data.trafficmanager.net. 6 IN CNAME onedscolprdcus04.centralus.cloudapp.azure.com.  onedscolprdcus04.centralus.cloudapp.azure.com. 4 IN A 52.182.143.208  . 231116 IN NS j.root-servers.net.  . 231116 IN NS k.root-servers.net.  . 231116 IN NS a.root-servers.net.  . 231116 IN NS i.root-servers.net.  . 231116 IN NS b.root-servers.net.  . 231116 IN NS e.root-servers.net.  . 231116 IN NS l.root-servers.net.  . 231116 IN NS f.root-servers.net.  . 231116 IN NS d.root-servers.net.  . 231116 IN NS h.root-servers.net.  . 231116 IN NS c.root-servers.net.  . 231116 IN NS m.root-servers.net.  . 231116 IN NS g.root-servers.net.  a.root-servers.net. 231116 IN A 198.41.0.4  b.root-servers.net. 231116 IN A 199.9.14.201  c.root-servers.net. 231116 IN A 192.33.4.12  d.root-servers.net. 231116 IN A 199.7.91.13  e.root-servers.net. 231116 IN A 192.203.230.10  f.root-servers.net. 231116 IN A 192.5.5.241""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,61487,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""6"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,6,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:19.960 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 51 IN A 5.161.213.25  pool.ntp.org. 51 IN A 168.61.215.74  pool.ntp.org. 51 IN A 216.218.254.202  pool.ntp.org. 51 IN A 5.161.111.190  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,9222,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:07:12.200 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 38 IN A 185.125.190.17  connectivity-check.ubuntu.com. 38 IN A 185.125.190.49  connectivity-check.ubuntu.com. 38 IN A 91.189.91.48  connectivity-check.ubuntu.com. 38 IN A 35.224.170.84  connectivity-check.ubuntu.com. 38 IN A 91.189.91.49  connectivity-check.ubuntu.com. 38 IN A 35.232.111.17  connectivity-check.ubuntu.com. 38 IN A 34.122.121.32  connectivity-check.ubuntu.com. 38 IN A 185.125.190.18  connectivity-check.ubuntu.com. 38 IN A 185.125.190.48  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,43534,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:20.573 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 183 IN AAAA 2607:f8b0:4005:811::200a  . 232353 IN NS i.root-servers.net.  . 232353 IN NS b.root-servers.net.  . 232353 IN NS a.root-servers.net.  . 232353 IN NS f.root-servers.net.  . 232353 IN NS e.root-servers.net.  . 232353 IN NS j.root-servers.net.  . 232353 IN NS k.root-servers.net.  . 232353 IN NS h.root-servers.net.  . 232353 IN NS g.root-servers.net.  . 232353 IN NS d.root-servers.net.  . 232353 IN NS c.root-servers.net.  . 232353 IN NS l.root-servers.net.  . 232353 IN NS m.root-servers.net.  a.root-servers.net. 232353 IN A 198.41.0.4  b.root-servers.net. 232353 IN A 199.9.14.201  c.root-servers.net. 232353 IN A 192.33.4.12  d.root-servers.net. 232353 IN A 199.7.91.13  e.root-servers.net. 232353 IN A 192.203.230.10  f.root-servers.net. 232353 IN A 192.5.5.241  g.root-servers.net. 232353 IN A 192.112.36.4  h.root-servers.net. 232353 IN A 198.97.190.53  i.root-servers.net. 232353 IN A 192.36.148.17  j.root-servers.net. 232353 IN A 192.58.128.30  k.root-servers.net. 232353 IN A 193.0.14.129  l.root-servers.net. 232353 IN A 199.7.83.42  m.root-servers.net. 232353 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51282,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:20.572 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 19 IN A 142.250.191.42  . 232353 IN NS l.root-servers.net.  . 232353 IN NS k.root-servers.net.  . 232353 IN NS e.root-servers.net.  . 232353 IN NS m.root-servers.net.  . 232353 IN NS h.root-servers.net.  . 232353 IN NS b.root-servers.net.  . 232353 IN NS j.root-servers.net.  . 232353 IN NS f.root-servers.net.  . 232353 IN NS d.root-servers.net.  . 232353 IN NS c.root-servers.net.  . 232353 IN NS g.root-servers.net.  . 232353 IN NS i.root-servers.net.  . 232353 IN NS a.root-servers.net.  a.root-servers.net. 232353 IN A 198.41.0.4  b.root-servers.net. 232353 IN A 199.9.14.201  c.root-servers.net. 232353 IN A 192.33.4.12  d.root-servers.net. 232353 IN A 199.7.91.13  e.root-servers.net. 232353 IN A 192.203.230.10  f.root-servers.net. 232353 IN A 192.5.5.241  g.root-servers.net. 232353 IN A 192.112.36.4  h.root-servers.net. 232353 IN A 198.97.190.53  i.root-servers.net. 232353 IN A 192.36.148.17  j.root-servers.net. 232353 IN A 192.58.128.30  k.root-servers.net. 232353 IN A 193.0.14.129  l.root-servers.net. 232353 IN A 199.7.83.42  m.root-servers.net. 232353 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,58652,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:12.922 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 14 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 256 IN A 52.119.41.51  . 233119 IN NS k.root-servers.net.  . 233119 IN NS d.root-servers.net.  . 233119 IN NS f.root-servers.net.  . 233119 IN NS h.root-servers.net.  . 233119 IN NS m.root-servers.net.  . 233119 IN NS l.root-servers.net.  . 233119 IN NS a.root-servers.net.  . 233119 IN NS j.root-servers.net.  . 233119 IN NS e.root-servers.net.  . 233119 IN NS c.root-servers.net.  . 233119 IN NS i.root-servers.net.  . 233119 IN NS b.root-servers.net.  . 233119 IN NS g.root-servers.net.  a.root-servers.net. 233119 IN A 198.41.0.4  b.root-servers.net. 233119 IN A 199.9.14.201  c.root-servers.net. 233119 IN A 192.33.4.12  d.root-servers.net. 233119 IN A 199.7.91.13  e.root-servers.net. 233119 IN A 192.203.230.10  f.root-servers.net. 233119 IN A 192.5.5.241  g.root-servers.net. 233119 IN A 192.112.36.4  h.root-servers.net. 233119 IN A 198.97.190.53  i.root-servers.net. 233119 IN A 192.36.148.17  j.root-servers.net. 233119 IN A 192.58.128.30  k.root-servers.net. 233119 IN A 193.0.14.129  l.root-servers.net. 233119 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50192,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:12.921 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 233119 IN NS i.root-servers.net.  . 233119 IN NS h.root-servers.net.  . 233119 IN NS g.root-servers.net.  . 233119 IN NS b.root-servers.net.  . 233119 IN NS d.root-servers.net.  . 233119 IN NS e.root-servers.net.  . 233119 IN NS j.root-servers.net.  . 233119 IN NS f.root-servers.net.  . 233119 IN NS m.root-servers.net.  . 233119 IN NS l.root-servers.net.  . 233119 IN NS k.root-servers.net.  . 233119 IN NS c.root-servers.net.  . 233119 IN NS a.root-servers.net.  a.root-servers.net. 233119 IN A 198.41.0.4  b.root-servers.net. 233119 IN A 199.9.14.201  c.root-servers.net. 233119 IN A 192.33.4.12  d.root-servers.net. 233119 IN A 199.7.91.13  e.root-servers.net. 233119 IN A 192.203.230.10  f.root-servers.net. 233119 IN A 192.5.5.241  g.root-servers.net. 233119 IN A 192.112.36.4  h.root-servers.net. 233119 IN A 198.97.190.53  i.root-servers.net. 233119 IN A 192.36.148.17  j.root-servers.net. 233119 IN A 192.58.128.30  k.root-servers.net. 233119 IN A 193.0.14.129  l.root-servers.net. 233119 IN A 199.7.83.42  m.root-servers.net. 233119 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50193,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:12.921 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 57 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 60 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 60 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 60 IN A 18.233.189.178  . 233120 IN NS a.root-servers.net.  . 233120 IN NS e.root-servers.net.  . 233120 IN NS i.root-servers.net.  . 233120 IN NS g.root-servers.net.  . 233120 IN NS b.root-servers.net.  . 233120 IN NS c.root-servers.net.  . 233120 IN NS l.root-servers.net.  . 233120 IN NS k.root-servers.net.  . 233120 IN NS d.root-servers.net.  . 233120 IN NS m.root-servers.net.  . 233120 IN NS h.root-servers.net.  . 233120 IN NS j.root-servers.net.  . 233120 IN NS f.root-servers.net.  a.root-servers.net. 233120 IN A 198.41.0.4  b.root-servers.net. 233120 IN A 199.9.14.201  c.root-servers.net. 233120 IN A 192.33.4.12  d.root-servers.net. 233120 IN A 199.7.91.13  e.root-servers.net. 233120 IN A 192.203.230.10  f.root-servers.net. 233120 IN A 192.5.5.241  g.root-servers.net. 233120 IN A 192.112.36.4  h.root-servers.net. 233120 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50191,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,4,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:12.917 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 233119 IN NS i.root-servers.net.  . 233119 IN NS h.root-servers.net.  . 233119 IN NS g.root-servers.net.  . 233119 IN NS b.root-servers.net.  . 233119 IN NS d.root-servers.net.  . 233119 IN NS e.root-servers.net.  . 233119 IN NS j.root-servers.net.  . 233119 IN NS f.root-servers.net.  . 233119 IN NS m.root-servers.net.  . 233119 IN NS l.root-servers.net.  . 233119 IN NS k.root-servers.net.  . 233119 IN NS c.root-servers.net.  . 233119 IN NS a.root-servers.net.  a.root-servers.net. 233119 IN A 198.41.0.4  b.root-servers.net. 233119 IN A 199.9.14.201  c.root-servers.net. 233119 IN A 192.33.4.12  d.root-servers.net. 233119 IN A 199.7.91.13  e.root-servers.net. 233119 IN A 192.203.230.10  f.root-servers.net. 233119 IN A 192.5.5.241  g.root-servers.net. 233119 IN A 192.112.36.4  h.root-servers.net. 233119 IN A 198.97.190.53  i.root-servers.net. 233119 IN A 192.36.148.17  j.root-servers.net. 233119 IN A 192.58.128.30  k.root-servers.net. 233119 IN A 193.0.14.129  l.root-servers.net. 233119 IN A 199.7.83.42  m.root-servers.net. 233119 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50193,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:12.917 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 57 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 60 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 60 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 60 IN A 18.233.189.178  . 233120 IN NS a.root-servers.net.  . 233120 IN NS e.root-servers.net.  . 233120 IN NS i.root-servers.net.  . 233120 IN NS g.root-servers.net.  . 233120 IN NS b.root-servers.net.  . 233120 IN NS c.root-servers.net.  . 233120 IN NS l.root-servers.net.  . 233120 IN NS k.root-servers.net.  . 233120 IN NS d.root-servers.net.  . 233120 IN NS m.root-servers.net.  . 233120 IN NS h.root-servers.net.  . 233120 IN NS j.root-servers.net.  . 233120 IN NS f.root-servers.net.  a.root-servers.net. 233120 IN A 198.41.0.4  b.root-servers.net. 233120 IN A 199.9.14.201  c.root-servers.net. 233120 IN A 192.33.4.12  d.root-servers.net. 233120 IN A 199.7.91.13  e.root-servers.net. 233120 IN A 192.203.230.10  f.root-servers.net. 233120 IN A 192.5.5.241  g.root-servers.net. 233120 IN A 192.112.36.4  h.root-servers.net. 233120 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50191,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,4,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:12.917 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 14 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 256 IN A 52.119.41.51  . 233119 IN NS k.root-servers.net.  . 233119 IN NS d.root-servers.net.  . 233119 IN NS f.root-servers.net.  . 233119 IN NS h.root-servers.net.  . 233119 IN NS m.root-servers.net.  . 233119 IN NS l.root-servers.net.  . 233119 IN NS a.root-servers.net.  . 233119 IN NS j.root-servers.net.  . 233119 IN NS e.root-servers.net.  . 233119 IN NS c.root-servers.net.  . 233119 IN NS i.root-servers.net.  . 233119 IN NS b.root-servers.net.  . 233119 IN NS g.root-servers.net.  a.root-servers.net. 233119 IN A 198.41.0.4  b.root-servers.net. 233119 IN A 199.9.14.201  c.root-servers.net. 233119 IN A 192.33.4.12  d.root-servers.net. 233119 IN A 199.7.91.13  e.root-servers.net. 233119 IN A 192.203.230.10  f.root-servers.net. 233119 IN A 192.5.5.241  g.root-servers.net. 233119 IN A 192.112.36.4  h.root-servers.net. 233119 IN A 198.97.190.53  i.root-servers.net. 233119 IN A 192.36.148.17  j.root-servers.net. 233119 IN A 192.58.128.30  k.root-servers.net. 233119 IN A 193.0.14.129  l.root-servers.net. 233119 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50192,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:06.474 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Azure Cloud Services,CAT_Content Server",,DNS,,wu-bg-shim.trafficmanager.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wu-bg-shim.trafficmanager.net. 251 IN CNAME fg.download.windowsupdate.com.c.footprint.net.  fg.download.windowsupdate.com.c.footprint.net. 0 IN A 8.252.73.126  fg.download.windowsupdate.com.c.footprint.net. 0 IN A 8.252.74.126  fg.download.windowsupdate.com.c.footprint.net. 0 IN A 8.252.189.254  fg.download.windowsupdate.com.c.footprint.net. 0 IN A 8.252.191.254  fg.download.windowsupdate.com.c.footprint.net. 0 IN A 8.252.192.126  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,22410,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Azure Cloud Services,CAT_Content Server""}",,6,1,dfp,"APP_Azure Cloud Services,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:06.474 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Windows",,DNS,,client.wns.windows.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""client.wns.windows.com. 1406 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 126 IN A 13.64.180.106  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,38802,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Windows""}",,2,1,remote_client,"APP_Uncategorized,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:06.474 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,fg.download.windowsupdate.com.c.footprint.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""fg.download.windowsupdate.com.c.footprint.net. 222 IN A 8.249.11.254  fg.download.windowsupdate.com.c.footprint.net. 222 IN A 8.247.116.254  fg.download.windowsupdate.com.c.footprint.net. 222 IN A 8.252.188.254  fg.download.windowsupdate.com.c.footprint.net. 222 IN A 8.240.27.254  fg.download.windowsupdate.com.c.footprint.net. 222 IN A 8.250.203.254  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,22410,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,5,1,dfp,"APP_Uncategorized,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:06:06.473 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 978 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 504 IN CNAME cds.d2s7q6s2.hwcdn.net.  cds.d2s7q6s2.hwcdn.net. 249 IN A 209.197.3.8  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,22410,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,3,1,dfp,"APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:05:42.225 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Azure Cloud Services,CAT_Content Server",,DNS,,win-global-asimov-leafs-events-data.trafficmanager.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""win-global-asimov-leafs-events-data.trafficmanager.net. 48 IN CNAME onedscolprdeus13.eastus.cloudapp.azure.com.  onedscolprdeus13.eastus.cloudapp.azure.com. 10 IN A 52.168.117.170  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,34255,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Azure Cloud Services,CAT_Content Server""}",,2,1,dfp,"APP_Azure Cloud Services,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:05:42.225 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Azure Cloud Services,CAT_Technology - Other",,DNS,,onedscolprdeus13.eastus.cloudapp.azure.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""onedscolprdeus13.eastus.cloudapp.azure.com. 0 IN A 52.168.117.170  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,34255,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Azure Cloud Services,CAT_Technology - Other""}",,1,1,dfp,"APP_Azure Cloud Services,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:05:42.225 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Diagnostic Data,CAT_Technology - Other",,DNS,,v10.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""v10.events.data.microsoft.com. 82 IN CNAME win-global-asimov-leafs-events-data.trafficmanager.net.  win-global-asimov-leafs-events-data.trafficmanager.net. 60 IN CNAME onedscolprdeus02.eastus.cloudapp.azure.com.  onedscolprdeus02.eastus.cloudapp.azure.com. 0 IN A 20.42.65.84  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,34255,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft Diagnostic Data,CAT_Technology - Other""}",,3,1,dfp,"APP_Microsoft Diagnostic Data,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:59.615 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 32768 1232 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62407,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101""}",,1,1,dfp,"APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:59.614 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;5l6bS+O7lzxivKyu9tvqXTKVcoe0/GhUDxhyIfqooCK2ITXnU+rMZGpININqAOsCufv1KGGakAWLzuc4PCF1bw=;59tNYcyiH1CQPsbMgHY8CpTxwahTT9ngPskR308N7NXHaUlFaJLIa4hx2Vj1BaUf5WTcBuC7m59USPJ1fTHekg=;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 289 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  geo.threatdefense.infoblox.com. 289 IN RRSIG CNAME 13 4 300 20230719050935 20230719030435 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62407,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,4,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:59.614 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.233.189.178  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62407,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,3,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:59.614 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;eGy49WciKwW4iEh31YU5fo7VdCyaCCV3VxO0WJrwN0bKQhFuu8HW5JITF9dow1Wvo9FRRqr8hEHjvJZ+MqAg/w=;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,us-west-1-geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""us-west-1-geo.threatdefense.infoblox.com. 285 IN A 52.119.41.51  us-west-1-geo.threatdefense.infoblox.com. 285 IN RRSIG A 13 4 300 20230719050931 20230719030431 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62407,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:59.613 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg=  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.209.243.220  . 32768 4096 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 55 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  csp.infoblox.com. 55 IN RRSIG CNAME 8 3 60 20230723012023 20230719003621 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62407,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg"":""  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.209.243.220  . 32768 4096 OPT \"""",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,5,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,"  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 55 IN A 18.209.243.220  . 32768 4096 OPT """,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:54.826 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine';code_53='\003',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:53.266 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Shareware & Freeware",,DNS,,telemetry-incoming.r53-2.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""telemetry-incoming.r53-2.services.mozilla.com. 4 IN CNAME prod.ingestion-edge.prod.dataops.mozgcp.net.  prod.ingestion-edge.prod.dataops.mozgcp.net. 54 IN A 34.120.208.123  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62407,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Shareware & Freeware""}",,2,1,dfp,"APP_Uncategorized,CAT_Shareware & Freeware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:53.266 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable",,DNS,,prod.ingestion-edge.prod.dataops.mozgcp.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ingestion-edge.prod.dataops.mozgcp.net. 19 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62407,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable""}",,0,1,dfp,"APP_Uncategorized,CAT_Unreachable",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:53.266 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable",,DNS,,prod.ingestion-edge.prod.dataops.mozgcp.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""prod.ingestion-edge.prod.dataops.mozgcp.net. 56 IN A 34.120.208.123  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62407,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable""}",,1,1,dfp,"APP_Uncategorized,CAT_Unreachable",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:53.265 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Mozilla Firefox,CAT_Technology - Other",,DNS,,incoming.telemetry.mozilla.org.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""incoming.telemetry.mozilla.org. 58 IN CNAME telemetry-incoming.r53-2.services.mozilla.com.  telemetry-incoming.r53-2.services.mozilla.com. 177 IN CNAME prod.ingestion-edge.prod.dataops.mozgcp.net.  prod.ingestion-edge.prod.dataops.mozgcp.net. 58 IN A 34.120.208.123  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62407,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Mozilla Firefox,CAT_Technology - Other""}",,3,1,dfp,"APP_Mozilla Firefox,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:04:42.953 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,update.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""update.googleapis.com. 161 IN A 142.250.189.227  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,17286,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,1,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:03:46.797 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 43 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 43 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 43 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 43 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 43 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 43 IN AAAA 2620:2d:4000:1::22  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,18830,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:02:55.575 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 11 IN A 185.125.190.49  connectivity-check.ubuntu.com. 11 IN A 185.125.190.48  connectivity-check.ubuntu.com. 11 IN A 91.189.91.48  connectivity-check.ubuntu.com. 11 IN A 185.125.190.18  connectivity-check.ubuntu.com. 11 IN A 34.122.121.32  connectivity-check.ubuntu.com. 11 IN A 185.125.190.17  connectivity-check.ubuntu.com. 11 IN A 35.224.170.84  connectivity-check.ubuntu.com. 11 IN A 91.189.91.49  connectivity-check.ubuntu.com. 11 IN A 35.232.111.17  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,50567,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:02:24.668 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:02:04.600 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=9;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 252 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 120 IN CNAME cds.d2s7q6s2.hwcdn.net.  cds.d2s7q6s2.hwcdn.net. 102 IN A 209.197.3.8  . 240445 IN NS l.root-servers.net.  . 240445 IN NS b.root-servers.net.  . 240445 IN NS e.root-servers.net.  . 240445 IN NS a.root-servers.net.  . 240445 IN NS h.root-servers.net.  . 240445 IN NS f.root-servers.net.  . 240445 IN NS j.root-servers.net.  . 240445 IN NS c.root-servers.net.  . 240445 IN NS d.root-servers.net.  . 240445 IN NS g.root-servers.net.  . 240445 IN NS k.root-servers.net.  . 240445 IN NS i.root-servers.net.  . 240445 IN NS m.root-servers.net.  a.root-servers.net. 240445 IN A 198.41.0.4  b.root-servers.net. 240445 IN A 199.9.14.201  c.root-servers.net. 240445 IN A 192.33.4.12  d.root-servers.net. 240445 IN A 199.7.91.13  e.root-servers.net. 240445 IN A 192.203.230.10  f.root-servers.net. 240445 IN A 192.5.5.241  g.root-servers.net. 240445 IN A 192.112.36.4  h.root-servers.net. 240445 IN A 198.97.190.53  i.root-servers.net. 240445 IN A 192.36.148.17""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,61734,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""9"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,9,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 4:00:44.666 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=6;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,v10.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""v10.events.data.microsoft.com. 6 IN CNAME win-global-asimov-leafs-events-data.trafficmanager.net.  win-global-asimov-leafs-events-data.trafficmanager.net. 9 IN CNAME onedscolprdcus00.centralus.cloudapp.azure.com.  onedscolprdcus00.centralus.cloudapp.azure.com. 0 IN A 13.89.178.26  . 239690 IN NS b.root-servers.net.  . 239690 IN NS g.root-servers.net.  . 239690 IN NS c.root-servers.net.  . 239690 IN NS i.root-servers.net.  . 239690 IN NS j.root-servers.net.  . 239690 IN NS k.root-servers.net.  . 239690 IN NS e.root-servers.net.  . 239690 IN NS m.root-servers.net.  . 239690 IN NS d.root-servers.net.  . 239690 IN NS f.root-servers.net.  . 239690 IN NS h.root-servers.net.  . 239690 IN NS a.root-servers.net.  . 239690 IN NS l.root-servers.net.  a.root-servers.net. 239690 IN A 198.41.0.4  b.root-servers.net. 239690 IN A 199.9.14.201  c.root-servers.net. 239690 IN A 192.33.4.12  d.root-servers.net. 239690 IN A 199.7.91.13  e.root-servers.net. 239690 IN A 192.203.230.10  f.root-servers.net. 239690 IN A 192.5.5.241""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,64226,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""6"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,6,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:59:54.593 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine';code_53='\003',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:59:47.052 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Diagnostic Data,CAT_Technology - Other",,DNS,,v10.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""v10.events.data.microsoft.com. 51 IN CNAME win-global-asimov-leafs-events-data.trafficmanager.net.  win-global-asimov-leafs-events-data.trafficmanager.net. 56 IN CNAME onedscolprdeus04.eastus.cloudapp.azure.com.  onedscolprdeus04.eastus.cloudapp.azure.com. 6 IN A 52.168.112.67  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,52873,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Microsoft Diagnostic Data,CAT_Technology - Other""}",,3,1,remote_client,"APP_Microsoft Diagnostic Data,CAT_Technology - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:59:33.015 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 43 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 43 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 43 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 43 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 43 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 43 IN AAAA 2620:2d:4000:1::23  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,45837,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:58:34.521 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 52 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 52 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 52 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 52 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 52 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 52 IN AAAA 2620:2d:4000:1::23  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,56739,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:58:09.990 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 15 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 15 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::2a  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,39879,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:57:54.862 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 22 IN A 185.125.190.48  connectivity-check.ubuntu.com. 22 IN A 185.125.190.49  connectivity-check.ubuntu.com. 22 IN A 91.189.91.48  connectivity-check.ubuntu.com. 22 IN A 35.224.170.84  connectivity-check.ubuntu.com. 22 IN A 34.122.121.32  connectivity-check.ubuntu.com. 22 IN A 185.125.190.18  connectivity-check.ubuntu.com. 22 IN A 35.232.111.17  connectivity-check.ubuntu.com. 22 IN A 185.125.190.17  connectivity-check.ubuntu.com. 22 IN A 91.189.91.49  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,43932,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:57:48.884 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Shareware & Freeware",,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""services.mozilla.com. 61 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,43932,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Shareware & Freeware""}",,0,1,dfp,"APP_Uncategorized,CAT_Shareware & Freeware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:57:48.884 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Shareware & Freeware",,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""contile.services.mozilla.com. 376 IN A 34.117.237.239  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,43932,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Shareware & Freeware""}",,1,1,dfp,"APP_Uncategorized,CAT_Shareware & Freeware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:57:37.220 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 77 IN A 67.205.162.81  pool.ntp.org. 77 IN A 104.167.241.253  pool.ntp.org. 77 IN A 198.60.22.240  pool.ntp.org. 77 IN A 162.159.200.1  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,43825,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:57:35.579 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 118 IN A 173.214.173.170  pool.ntp.org. 118 IN A 3.140.11.117  pool.ntp.org. 118 IN A 168.61.215.74  pool.ntp.org. 118 IN A 162.159.200.1  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,49744,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:57:29.241 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 119 IN A 204.93.207.12  pool.ntp.org. 119 IN A 5.161.186.39  pool.ntp.org. 119 IN A 69.89.207.199  pool.ntp.org. 119 IN A 45.79.111.167  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,27829,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:57:26.733 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,wpad.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wpad.tme.infoblox.com. 3000 IN A 208.50.179.11  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,23126,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,1,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:57:24.666 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:57:24.265 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 68 IN A 171.66.97.126  pool.ntp.org. 68 IN A 45.83.234.123  pool.ntp.org. 68 IN A 72.46.53.234  pool.ntp.org. 68 IN A 38.17.55.196  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,8204,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:56:07.928 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Windows",,DNS,,client.wns.windows.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""client.wns.windows.com. 3283 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 32 IN A 40.83.247.108  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,20900,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Windows""}",,2,1,remote_client,"APP_Uncategorized,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:56:07.101 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,tile-service.weather.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""tile-service.weather.microsoft.com. 1919 IN CNAME wildcard.weather.microsoft.com.edgekey.net.  wildcard.weather.microsoft.com.edgekey.net. 698 IN CNAME e15275.g.akamaiedge.net.  e15275.g.akamaiedge.net. 5 IN A 104.81.80.250  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,55006,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,3,1,remote_client,"APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:56:06.455 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Windows",,DNS,,client.wns.windows.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""client.wns.windows.com. 3311 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 122 IN A 40.83.240.146  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61098,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Windows""}",,2,1,remote_client,"APP_Uncategorized,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:56:06.455 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,tile-service.weather.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""tile-service.weather.microsoft.com. 3544 IN CNAME wildcard.weather.microsoft.com.edgekey.net.  wildcard.weather.microsoft.com.edgekey.net. 114 IN CNAME e15275.g.akamaiedge.net.  e15275.g.akamaiedge.net. 3 IN A 104.81.80.250  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61098,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,3,1,remote_client,"APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:54.706 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:47.229 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;afxkEpceegnSWe/SS7odSQomBPZtrHMQeRwe3rMXYTcMskeBBcK+RsKKlR4n38SwLnnDoFmC0XS2/rz8V00mQw=;gcS6mk7UoGzoCIImIuJl4cVVdgh4zQF2plw1ajd/C0efebv2Iy6Q7pDJMhg6IRWXQqYOPWUDhj8Sm7Ld4vGGIQ=;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 226 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  geo.threatdefense.infoblox.com. 226 IN RRSIG CNAME 13 4 300 20230719045820 20230719025320 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,36723,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,4,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:47.229 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 32768 1232 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,36723,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101""}",,1,1,dfp,"APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:47.229 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;gcS6mk7UoGzoCIImIuJl4cVVdgh4zQF2plw1ajd/C0efebv2Iy6Q7pDJMhg6IRWXQqYOPWUDhj8Sm7Ld4vGGIQ=;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,us-west-1-geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""us-west-1-geo.threatdefense.infoblox.com. 226 IN A 52.119.41.51  us-west-1-geo.threatdefense.infoblox.com. 226 IN RRSIG A 13 4 300 20230719045820 20230719025320 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,36723,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:47.228 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg=  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 24 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 24 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 24 IN A 18.209.243.220  . 32768 4096 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 24 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  csp.infoblox.com. 24 IN RRSIG CNAME 8 3 60 20230723012023 20230719003621 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,36723,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg"":""  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 24 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 24 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 24 IN A 18.209.243.220  . 32768 4096 OPT \"""",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,5,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,"  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 24 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 24 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 24 IN A 18.209.243.220  . 32768 4096 OPT """,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:47.228 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 28 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 28 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 28 IN A 18.233.189.178  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,36723,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,3,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:43.418 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 226 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 226 IN A 52.119.41.51  . 220770 IN NS c.root-servers.net.  . 220770 IN NS e.root-servers.net.  . 220770 IN NS m.root-servers.net.  . 220770 IN NS a.root-servers.net.  . 220770 IN NS b.root-servers.net.  . 220770 IN NS d.root-servers.net.  . 220770 IN NS h.root-servers.net.  . 220770 IN NS k.root-servers.net.  . 220770 IN NS f.root-servers.net.  . 220770 IN NS i.root-servers.net.  . 220770 IN NS g.root-servers.net.  . 220770 IN NS j.root-servers.net.  . 220770 IN NS l.root-servers.net.  a.root-servers.net. 220770 IN A 198.41.0.4  b.root-servers.net. 220770 IN A 199.9.14.201  c.root-servers.net. 220770 IN A 192.33.4.12  d.root-servers.net. 220770 IN A 199.7.91.13  e.root-servers.net. 220770 IN A 192.203.230.10  f.root-servers.net. 220770 IN A 192.5.5.241  g.root-servers.net. 220770 IN A 192.112.36.4  h.root-servers.net. 220770 IN A 198.97.190.53  i.root-servers.net. 220770 IN A 192.36.148.17  j.root-servers.net. 220770 IN A 192.58.128.30  k.root-servers.net. 220770 IN A 193.0.14.129  l.root-servers.net. 220770 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51524,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:43.417 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 220770 IN NS g.root-servers.net.  . 220770 IN NS h.root-servers.net.  . 220770 IN NS i.root-servers.net.  . 220770 IN NS b.root-servers.net.  . 220770 IN NS d.root-servers.net.  . 220770 IN NS e.root-servers.net.  . 220770 IN NS c.root-servers.net.  . 220770 IN NS f.root-servers.net.  . 220770 IN NS m.root-servers.net.  . 220770 IN NS l.root-servers.net.  . 220770 IN NS k.root-servers.net.  . 220770 IN NS j.root-servers.net.  . 220770 IN NS a.root-servers.net.  a.root-servers.net. 220770 IN A 198.41.0.4  b.root-servers.net. 220770 IN A 199.9.14.201  c.root-servers.net. 220770 IN A 192.33.4.12  d.root-servers.net. 220770 IN A 199.7.91.13  e.root-servers.net. 220770 IN A 192.203.230.10  f.root-servers.net. 220770 IN A 192.5.5.241  g.root-servers.net. 220770 IN A 192.112.36.4  h.root-servers.net. 220770 IN A 198.97.190.53  i.root-servers.net. 220770 IN A 192.36.148.17  j.root-servers.net. 220770 IN A 192.58.128.30  k.root-servers.net. 220770 IN A 193.0.14.129  l.root-servers.net. 220770 IN A 199.7.83.42  m.root-servers.net. 220770 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51525,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:43.417 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 24 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 28 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 28 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 28 IN A 18.209.243.220  . 220771 IN NS i.root-servers.net.  . 220771 IN NS j.root-servers.net.  . 220771 IN NS k.root-servers.net.  . 220771 IN NS d.root-servers.net.  . 220771 IN NS b.root-servers.net.  . 220771 IN NS e.root-servers.net.  . 220771 IN NS c.root-servers.net.  . 220771 IN NS f.root-servers.net.  . 220771 IN NS a.root-servers.net.  . 220771 IN NS h.root-servers.net.  . 220771 IN NS m.root-servers.net.  . 220771 IN NS l.root-servers.net.  . 220771 IN NS g.root-servers.net.  a.root-servers.net. 220771 IN A 198.41.0.4  b.root-servers.net. 220771 IN A 199.9.14.201  c.root-servers.net. 220771 IN A 192.33.4.12  d.root-servers.net. 220771 IN A 199.7.91.13  e.root-servers.net. 220771 IN A 192.203.230.10  f.root-servers.net. 220771 IN A 192.5.5.241  g.root-servers.net. 220771 IN A 192.112.36.4  h.root-servers.net. 220771 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51523,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,4,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:43.060 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 220770 IN NS g.root-servers.net.  . 220770 IN NS h.root-servers.net.  . 220770 IN NS i.root-servers.net.  . 220770 IN NS b.root-servers.net.  . 220770 IN NS d.root-servers.net.  . 220770 IN NS e.root-servers.net.  . 220770 IN NS c.root-servers.net.  . 220770 IN NS f.root-servers.net.  . 220770 IN NS m.root-servers.net.  . 220770 IN NS l.root-servers.net.  . 220770 IN NS k.root-servers.net.  . 220770 IN NS j.root-servers.net.  . 220770 IN NS a.root-servers.net.  a.root-servers.net. 220770 IN A 198.41.0.4  b.root-servers.net. 220770 IN A 199.9.14.201  c.root-servers.net. 220770 IN A 192.33.4.12  d.root-servers.net. 220770 IN A 199.7.91.13  e.root-servers.net. 220770 IN A 192.203.230.10  f.root-servers.net. 220770 IN A 192.5.5.241  g.root-servers.net. 220770 IN A 192.112.36.4  h.root-servers.net. 220770 IN A 198.97.190.53  i.root-servers.net. 220770 IN A 192.36.148.17  j.root-servers.net. 220770 IN A 192.58.128.30  k.root-servers.net. 220770 IN A 193.0.14.129  l.root-servers.net. 220770 IN A 199.7.83.42  m.root-servers.net. 220770 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51525,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:43.060 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 226 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 226 IN A 52.119.41.51  . 220770 IN NS c.root-servers.net.  . 220770 IN NS e.root-servers.net.  . 220770 IN NS m.root-servers.net.  . 220770 IN NS a.root-servers.net.  . 220770 IN NS b.root-servers.net.  . 220770 IN NS d.root-servers.net.  . 220770 IN NS h.root-servers.net.  . 220770 IN NS k.root-servers.net.  . 220770 IN NS f.root-servers.net.  . 220770 IN NS i.root-servers.net.  . 220770 IN NS g.root-servers.net.  . 220770 IN NS j.root-servers.net.  . 220770 IN NS l.root-servers.net.  a.root-servers.net. 220770 IN A 198.41.0.4  b.root-servers.net. 220770 IN A 199.9.14.201  c.root-servers.net. 220770 IN A 192.33.4.12  d.root-servers.net. 220770 IN A 199.7.91.13  e.root-servers.net. 220770 IN A 192.203.230.10  f.root-servers.net. 220770 IN A 192.5.5.241  g.root-servers.net. 220770 IN A 192.112.36.4  h.root-servers.net. 220770 IN A 198.97.190.53  i.root-servers.net. 220770 IN A 192.36.148.17  j.root-servers.net. 220770 IN A 192.58.128.30  k.root-servers.net. 220770 IN A 193.0.14.129  l.root-servers.net. 220770 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51524,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:54:43.059 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 24 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 28 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 28 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 28 IN A 18.209.243.220  . 220771 IN NS i.root-servers.net.  . 220771 IN NS j.root-servers.net.  . 220771 IN NS k.root-servers.net.  . 220771 IN NS d.root-servers.net.  . 220771 IN NS b.root-servers.net.  . 220771 IN NS e.root-servers.net.  . 220771 IN NS c.root-servers.net.  . 220771 IN NS f.root-servers.net.  . 220771 IN NS a.root-servers.net.  . 220771 IN NS h.root-servers.net.  . 220771 IN NS m.root-servers.net.  . 220771 IN NS l.root-servers.net.  . 220771 IN NS g.root-servers.net.  a.root-servers.net. 220771 IN A 198.41.0.4  b.root-servers.net. 220771 IN A 199.9.14.201  c.root-servers.net. 220771 IN A 192.33.4.12  d.root-servers.net. 220771 IN A 199.7.91.13  e.root-servers.net. 220771 IN A 192.203.230.10  f.root-servers.net. 220771 IN A 192.5.5.241  g.root-servers.net. 220771 IN A 192.112.36.4  h.root-servers.net. 220771 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51523,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,4,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:53:38.965 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 55 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 55 IN AAAA 2001:67c:1562::23  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,34151,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:53:28.586 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 32 IN A 185.125.190.48  connectivity-check.ubuntu.com. 32 IN A 185.125.190.17  connectivity-check.ubuntu.com. 32 IN A 35.224.170.84  connectivity-check.ubuntu.com. 32 IN A 91.189.91.48  connectivity-check.ubuntu.com. 32 IN A 34.122.121.32  connectivity-check.ubuntu.com. 32 IN A 35.232.111.17  connectivity-check.ubuntu.com. 32 IN A 91.189.91.49  connectivity-check.ubuntu.com. 32 IN A 185.125.190.18  connectivity-check.ubuntu.com. 32 IN A 185.125.190.49  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,61824,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:53:27.999 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 55 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 55 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::2b  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,60902,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:52:52.898 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable",,DNS,,getpocket-cdn.prod.mozaws.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""getpocket-cdn.prod.mozaws.net. 149 IN CNAME prod.pocket.prod.cloudops.mozgcp.net.  prod.pocket.prod.cloudops.mozgcp.net. 228 IN A 34.120.5.221  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,61824,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable""}",,2,1,dfp,"APP_Uncategorized,CAT_Unreachable",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:52:52.898 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,getpocket.cdn.mozilla.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""getpocket.cdn.mozilla.net. 28 IN CNAME getpocket-cdn.prod.mozaws.net.  getpocket-cdn.prod.mozaws.net. 148 IN CNAME prod.pocket.prod.cloudops.mozgcp.net.  prod.pocket.prod.cloudops.mozgcp.net. 65 IN A 34.120.5.221  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,61824,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,3,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:52:52.898 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable",,DNS,,prod.pocket.prod.cloudops.mozgcp.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""prod.pocket.prod.cloudops.mozgcp.net. 693 IN AAAA 2600:1901:0:524c::  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,61824,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable""}",,1,1,dfp,"APP_Uncategorized,CAT_Unreachable",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:52:52.898 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable",,DNS,,prod.pocket.prod.cloudops.mozgcp.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""prod.pocket.prod.cloudops.mozgcp.net. 65 IN A 34.120.5.221  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,61824,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable""}",,1,1,dfp,"APP_Uncategorized,CAT_Unreachable",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:52:43.230 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,prod.pocket.prod.cloudops.mozgcp.net.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""prod.pocket.prod.cloudops.mozgcp.net. 65 IN A 34.120.5.221  . 220889 IN NS a.root-servers.net.  . 220889 IN NS c.root-servers.net.  . 220889 IN NS l.root-servers.net.  . 220889 IN NS k.root-servers.net.  . 220889 IN NS f.root-servers.net.  . 220889 IN NS g.root-servers.net.  . 220889 IN NS j.root-servers.net.  . 220889 IN NS i.root-servers.net.  . 220889 IN NS d.root-servers.net.  . 220889 IN NS h.root-servers.net.  . 220889 IN NS b.root-servers.net.  . 220889 IN NS m.root-servers.net.  . 220889 IN NS e.root-servers.net.  a.root-servers.net. 220889 IN A 198.41.0.4  b.root-servers.net. 220889 IN A 199.9.14.201  c.root-servers.net. 220889 IN A 192.33.4.12  d.root-servers.net. 220889 IN A 199.7.91.13  e.root-servers.net. 220889 IN A 192.203.230.10  f.root-servers.net. 220889 IN A 192.5.5.241  g.root-servers.net. 220889 IN A 192.112.36.4  h.root-servers.net. 220889 IN A 198.97.190.53  i.root-servers.net. 220889 IN A 192.36.148.17  j.root-servers.net. 220889 IN A 192.58.128.30  k.root-servers.net. 220889 IN A 193.0.14.129  l.root-servers.net. 220889 IN A 199.7.83.42  m.root-servers.net. 220889 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,64122,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:52:43.230 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,getpocket.cdn.mozilla.net.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""getpocket.cdn.mozilla.net. 28 IN CNAME getpocket-cdn.prod.mozaws.net.  getpocket-cdn.prod.mozaws.net. 149 IN CNAME prod.pocket.prod.cloudops.mozgcp.net.  prod.pocket.prod.cloudops.mozgcp.net. 65 IN A 34.120.5.221  . 220889 IN NS f.root-servers.net.  . 220889 IN NS l.root-servers.net.  . 220889 IN NS m.root-servers.net.  . 220889 IN NS j.root-servers.net.  . 220889 IN NS b.root-servers.net.  . 220889 IN NS e.root-servers.net.  . 220889 IN NS h.root-servers.net.  . 220889 IN NS a.root-servers.net.  . 220889 IN NS d.root-servers.net.  . 220889 IN NS g.root-servers.net.  . 220889 IN NS i.root-servers.net.  . 220889 IN NS k.root-servers.net.  . 220889 IN NS c.root-servers.net.  a.root-servers.net. 220889 IN A 198.41.0.4  b.root-servers.net. 220889 IN A 199.9.14.201  c.root-servers.net. 220889 IN A 192.33.4.12  d.root-servers.net. 220889 IN A 199.7.91.13  e.root-servers.net. 220889 IN A 192.203.230.10  f.root-servers.net. 220889 IN A 192.5.5.241  g.root-servers.net. 220889 IN A 192.112.36.4  h.root-servers.net. 220889 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50897,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:52:43.230 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 32 IN A 91.189.91.48  connectivity-check.ubuntu.com. 32 IN A 35.232.111.17  connectivity-check.ubuntu.com. 32 IN A 35.224.170.84  connectivity-check.ubuntu.com. 32 IN A 185.125.190.18  connectivity-check.ubuntu.com. 32 IN A 185.125.190.48  connectivity-check.ubuntu.com. 32 IN A 34.122.121.32  connectivity-check.ubuntu.com. 32 IN A 185.125.190.17  connectivity-check.ubuntu.com. 32 IN A 185.125.190.49  connectivity-check.ubuntu.com. 32 IN A 91.189.91.49  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,37365,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:52:43.228 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,prod.pocket.prod.cloudops.mozgcp.net.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""prod.pocket.prod.cloudops.mozgcp.net. 693 IN AAAA 2600:1901:0:524c::  . 220889 IN NS c.root-servers.net.  . 220889 IN NS j.root-servers.net.  . 220889 IN NS g.root-servers.net.  . 220889 IN NS f.root-servers.net.  . 220889 IN NS m.root-servers.net.  . 220889 IN NS b.root-servers.net.  . 220889 IN NS l.root-servers.net.  . 220889 IN NS d.root-servers.net.  . 220889 IN NS k.root-servers.net.  . 220889 IN NS h.root-servers.net.  . 220889 IN NS e.root-servers.net.  . 220889 IN NS a.root-servers.net.  . 220889 IN NS i.root-servers.net.  a.root-servers.net. 220889 IN A 198.41.0.4  b.root-servers.net. 220889 IN A 199.9.14.201  c.root-servers.net. 220889 IN A 192.33.4.12  d.root-servers.net. 220889 IN A 199.7.91.13  e.root-servers.net. 220889 IN A 192.203.230.10  f.root-servers.net. 220889 IN A 192.5.5.241  g.root-servers.net. 220889 IN A 192.112.36.4  h.root-servers.net. 220889 IN A 198.97.190.53  i.root-servers.net. 220889 IN A 192.36.148.17  j.root-servers.net. 220889 IN A 192.58.128.30  k.root-servers.net. 220889 IN A 193.0.14.129  l.root-servers.net. 220889 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51522,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:52:24.865 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:50:37.125 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Azure Cloud Services,CAT_Content Server",,DNS,,www-www.bing.com.trafficmanager.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""www-www.bing.com.trafficmanager.net. 59 IN CNAME www-bing-com.dual-a-0001.a-msedge.net.  www-bing-com.dual-a-0001.a-msedge.net. 52 IN CNAME dual-a-0001.a-msedge.net.  dual-a-0001.a-msedge.net. 52 IN A 204.79.197.200  dual-a-0001.a-msedge.net. 52 IN A 13.107.21.200  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,21262,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Azure Cloud Services,CAT_Content Server""}",,4,1,dfp,"APP_Azure Cloud Services,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:50:37.125 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Edge,CAT_Content Server",,DNS,,dual-a-0001.a-msedge.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""dual-a-0001.a-msedge.net. 50 IN A 13.107.21.200  dual-a-0001.a-msedge.net. 50 IN A 204.79.197.200  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,21262,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft Edge,CAT_Content Server""}",,2,1,dfp,"APP_Microsoft Edge,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:50:37.125 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Edge,CAT_Content Server",,DNS,,www-bing-com.dual-a-0001.a-msedge.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""www-bing-com.dual-a-0001.a-msedge.net. 52 IN CNAME dual-a-0001.a-msedge.net.  dual-a-0001.a-msedge.net. 52 IN A 13.107.21.200  dual-a-0001.a-msedge.net. 52 IN A 204.79.197.200  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,21262,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft Edge,CAT_Content Server""}",,3,1,dfp,"APP_Microsoft Edge,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:50:37.124 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Search Engines,SS_bing",,DNS,,www.bing.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""www.bing.com. 12920 IN CNAME www-www.bing.com.trafficmanager.net.  www-www.bing.com.trafficmanager.net. 50 IN CNAME www-bing-com.dual-a-0001.a-msedge.net.  www-bing-com.dual-a-0001.a-msedge.net. 50 IN CNAME dual-a-0001.a-msedge.net.  dual-a-0001.a-msedge.net. 50 IN A 204.79.197.200  dual-a-0001.a-msedge.net. 50 IN A 13.107.21.200  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,21262,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Search Engines,SS_bing""}",,5,1,dfp,"APP_Uncategorized,CAT_Search Engines,SS_bing",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:50:27.987 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=13;InfobloxArCount=7;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,www.bing.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""www.bing.com. 50 IN CNAME www-www.bing.com.trafficmanager.net.  www-www.bing.com.trafficmanager.net. 52 IN CNAME www-bing-com.dual-a-0001.a-msedge.net.  www-bing-com.dual-a-0001.a-msedge.net. 52 IN CNAME dual-a-0001.a-msedge.net.  dual-a-0001.a-msedge.net. 50 IN A 13.107.21.200  dual-a-0001.a-msedge.net. 50 IN A 204.79.197.200  . 221022 IN NS d.root-servers.net.  . 221022 IN NS i.root-servers.net.  . 221022 IN NS k.root-servers.net.  . 221022 IN NS c.root-servers.net.  . 221022 IN NS f.root-servers.net.  . 221022 IN NS b.root-servers.net.  . 221022 IN NS a.root-servers.net.  . 221022 IN NS e.root-servers.net.  . 221022 IN NS g.root-servers.net.  . 221022 IN NS m.root-servers.net.  . 221022 IN NS l.root-servers.net.  . 221022 IN NS j.root-servers.net.  . 221022 IN NS h.root-servers.net.  a.root-servers.net. 221022 IN A 198.41.0.4  b.root-servers.net. 221022 IN A 199.9.14.201  c.root-servers.net. 221022 IN A 192.33.4.12  d.root-servers.net. 221022 IN A 199.7.91.13  e.root-servers.net. 221022 IN A 192.203.230.10  f.root-servers.net. 221022 IN A 192.5.5.241  g.root-servers.net. 221022 IN A 192.112.36.4""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,49839,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""7"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,5,7,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:50:22.512 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 40 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 40 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 40 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 40 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 40 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 40 IN AAAA 2620:2d:4000:1::2b  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,58773,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:49:54.810 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:49:11.645 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=6;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,v10.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""v10.events.data.microsoft.com. 0 IN CNAME win-global-asimov-leafs-events-data.trafficmanager.net.  win-global-asimov-leafs-events-data.trafficmanager.net. 6 IN CNAME onedscolprdeus09.eastus.cloudapp.azure.com.  onedscolprdeus09.eastus.cloudapp.azure.com. 6 IN A 20.42.73.26  . 223790 IN NS j.root-servers.net.  . 223790 IN NS k.root-servers.net.  . 223790 IN NS d.root-servers.net.  . 223790 IN NS i.root-servers.net.  . 223790 IN NS h.root-servers.net.  . 223790 IN NS g.root-servers.net.  . 223790 IN NS b.root-servers.net.  . 223790 IN NS f.root-servers.net.  . 223790 IN NS c.root-servers.net.  . 223790 IN NS e.root-servers.net.  . 223790 IN NS a.root-servers.net.  . 223790 IN NS m.root-servers.net.  . 223790 IN NS l.root-servers.net.  a.root-servers.net. 223790 IN A 198.41.0.4  b.root-servers.net. 223790 IN A 199.9.14.201  c.root-servers.net. 223790 IN A 192.33.4.12  d.root-servers.net. 223790 IN A 199.7.91.13  e.root-servers.net. 223790 IN A 192.203.230.10  f.root-servers.net. 223790 IN A 192.5.5.241""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,61471,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""6"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,6,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:49:11.644 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=6;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,v10.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""v10.events.data.microsoft.com. 0 IN CNAME win-global-asimov-leafs-events-data.trafficmanager.net.  win-global-asimov-leafs-events-data.trafficmanager.net. 6 IN CNAME onedscolprdeus09.eastus.cloudapp.azure.com.  onedscolprdeus09.eastus.cloudapp.azure.com. 6 IN A 20.42.73.26  . 223790 IN NS k.root-servers.net.  . 223790 IN NS j.root-servers.net.  . 223790 IN NS m.root-servers.net.  . 223790 IN NS b.root-servers.net.  . 223790 IN NS g.root-servers.net.  . 223790 IN NS d.root-servers.net.  . 223790 IN NS a.root-servers.net.  . 223790 IN NS f.root-servers.net.  . 223790 IN NS h.root-servers.net.  . 223790 IN NS i.root-servers.net.  . 223790 IN NS c.root-servers.net.  . 223790 IN NS l.root-servers.net.  . 223790 IN NS e.root-servers.net.  a.root-servers.net. 223790 IN A 198.41.0.4  b.root-servers.net. 223790 IN A 199.9.14.201  c.root-servers.net. 223790 IN A 192.33.4.12  d.root-servers.net. 223790 IN A 199.7.91.13  e.root-servers.net. 223790 IN A 192.203.230.10  f.root-servers.net. 223790 IN A 192.5.5.241""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,61471,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""6"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,6,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:48:33.765 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 57 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 57 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 57 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 57 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 57 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 57 IN AAAA 2001:67c:1562::23  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,42619,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:48:00.954 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 34 IN A 34.122.121.32  connectivity-check.ubuntu.com. 34 IN A 91.189.91.48  connectivity-check.ubuntu.com. 34 IN A 185.125.190.18  connectivity-check.ubuntu.com. 34 IN A 91.189.91.49  connectivity-check.ubuntu.com. 34 IN A 35.232.111.17  connectivity-check.ubuntu.com. 34 IN A 185.125.190.17  connectivity-check.ubuntu.com. 34 IN A 185.125.190.49  connectivity-check.ubuntu.com. 34 IN A 35.224.170.84  connectivity-check.ubuntu.com. 34 IN A 185.125.190.48  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,39582,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:37.795 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 91 IN A 108.61.56.35  pool.ntp.org. 91 IN A 45.55.58.103  pool.ntp.org. 91 IN A 51.81.226.229  pool.ntp.org. 91 IN A 162.159.200.123  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,7562,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:37.794 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 44 IN A 134.215.114.62  pool.ntp.org. 44 IN A 216.240.36.24  pool.ntp.org. 44 IN A 73.239.145.47  pool.ntp.org. 44 IN A 173.255.192.10  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,63761,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:26.569 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 26 IN A 99.119.214.210  pool.ntp.org. 26 IN A 172.107.84.94  pool.ntp.org. 26 IN A 45.83.234.123  pool.ntp.org. 26 IN A 108.61.73.243  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,18926,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:24.690 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:23.750 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Akamai CDN,CAT_Content Server",,DNS,,e8652.dscx.akamaiedge.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""e8652.dscx.akamaiedge.net. 18 IN A 23.205.195.138  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,29186,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Akamai CDN,CAT_Content Server""}",,1,1,dfp,"APP_Akamai CDN,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:23.749 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Akamai CDN,CAT_Content Server",,DNS,,crl.root-x1.letsencrypt.org.edgekey.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""crl.root-x1.letsencrypt.org.edgekey.net. 12406 IN CNAME e8652.dscx.akamaiedge.net.  e8652.dscx.akamaiedge.net. 18 IN A 23.205.195.138  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,29186,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Akamai CDN,CAT_Content Server""}",,2,1,dfp,"APP_Akamai CDN,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:23.749 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,wpad.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wpad.tme.infoblox.com. 0 IN A 208.50.179.11  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,29186,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,1,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:23.749 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,wpad.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wpad.tme.infoblox.com. 0 IN A 208.50.179.11  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,29186,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,1,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:23.749 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Network Security",,DNS,,x1.c.lencr.org.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""x1.c.lencr.org. 53 IN CNAME crl.root-x1.letsencrypt.org.edgekey.net.  crl.root-x1.letsencrypt.org.edgekey.net. 5125 IN CNAME e8652.dscx.akamaiedge.net.  e8652.dscx.akamaiedge.net. 17 IN A 23.205.195.138  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,29186,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Network Security""}",,3,1,dfp,"APP_Uncategorized,CAT_Network Security",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:22.987 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 83 IN A 45.79.111.167  pool.ntp.org. 83 IN A 162.159.200.1  pool.ntp.org. 83 IN A 72.30.35.89  pool.ntp.org. 83 IN A 45.84.199.136  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,26074,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:15.648 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,thens.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""thens.infoblox.com. 0 IN A 38.108.181.200  . 226878 IN NS g.root-servers.net.  . 226878 IN NS e.root-servers.net.  . 226878 IN NS d.root-servers.net.  . 226878 IN NS b.root-servers.net.  . 226878 IN NS k.root-servers.net.  . 226878 IN NS m.root-servers.net.  . 226878 IN NS f.root-servers.net.  . 226878 IN NS c.root-servers.net.  . 226878 IN NS j.root-servers.net.  . 226878 IN NS a.root-servers.net.  . 226878 IN NS h.root-servers.net.  . 226878 IN NS i.root-servers.net.  . 226878 IN NS l.root-servers.net.  a.root-servers.net. 226878 IN A 198.41.0.4  b.root-servers.net. 226878 IN A 199.9.14.201  c.root-servers.net. 226878 IN A 192.33.4.12  d.root-servers.net. 226878 IN A 199.7.91.13  e.root-servers.net. 226878 IN A 192.203.230.10  f.root-servers.net. 226878 IN A 192.5.5.241  g.root-servers.net. 226878 IN A 192.112.36.4  h.root-servers.net. 226878 IN A 198.97.190.53  i.root-servers.net. 226878 IN A 192.36.148.17  j.root-servers.net. 226878 IN A 192.58.128.30  k.root-servers.net. 226878 IN A 193.0.14.129  l.root-servers.net. 226878 IN A 199.7.83.42  m.root-servers.net. 226878 IN A 202.12.27.33  a.root-servers.net. 226878 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,57892,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:15.647 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN SOA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=SOA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,sentinel-ep-2.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 10 IN SOA thens.infoblox.com. dns.infoblox.com. 16 10800 3600 1209600 3600""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,49172,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""SOA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,0,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,SOA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:05.937 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,thens.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""thens.infoblox.com. 0 IN A 38.108.181.200  . 226878 IN NS g.root-servers.net.  . 226878 IN NS e.root-servers.net.  . 226878 IN NS d.root-servers.net.  . 226878 IN NS b.root-servers.net.  . 226878 IN NS k.root-servers.net.  . 226878 IN NS m.root-servers.net.  . 226878 IN NS f.root-servers.net.  . 226878 IN NS c.root-servers.net.  . 226878 IN NS j.root-servers.net.  . 226878 IN NS a.root-servers.net.  . 226878 IN NS h.root-servers.net.  . 226878 IN NS i.root-servers.net.  . 226878 IN NS l.root-servers.net.  a.root-servers.net. 226878 IN A 198.41.0.4  b.root-servers.net. 226878 IN A 199.9.14.201  c.root-servers.net. 226878 IN A 192.33.4.12  d.root-servers.net. 226878 IN A 199.7.91.13  e.root-servers.net. 226878 IN A 192.203.230.10  f.root-servers.net. 226878 IN A 192.5.5.241  g.root-servers.net. 226878 IN A 192.112.36.4  h.root-servers.net. 226878 IN A 198.97.190.53  i.root-servers.net. 226878 IN A 192.36.148.17  j.root-servers.net. 226878 IN A 192.58.128.30  k.root-servers.net. 226878 IN A 193.0.14.129  l.root-servers.net. 226878 IN A 199.7.83.42  m.root-servers.net. 226878 IN A 202.12.27.33  a.root-servers.net. 226878 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,57892,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:47:05.937 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN SOA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=SOA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,sentinel-ep-2.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 10 IN SOA thens.infoblox.com. dns.infoblox.com. 16 10800 3600 1209600 3600""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,49172,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""SOA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,0,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,SOA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:46:08.888 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 11 IN A 185.125.190.17  connectivity-check.ubuntu.com. 11 IN A 34.122.121.32  connectivity-check.ubuntu.com. 11 IN A 35.232.111.17  connectivity-check.ubuntu.com. 11 IN A 35.224.170.84  connectivity-check.ubuntu.com. 11 IN A 91.189.91.48  connectivity-check.ubuntu.com. 11 IN A 91.189.91.49  connectivity-check.ubuntu.com. 11 IN A 185.125.190.49  connectivity-check.ubuntu.com. 11 IN A 185.125.190.48  connectivity-check.ubuntu.com. 11 IN A 185.125.190.18  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,37142,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:46:05.395 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Azure Cloud Services,CAT_Technology - Other",,DNS,,settings-prod-scus-1.southcentralus.cloudapp.azure.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""settings-prod-scus-1.southcentralus.cloudapp.azure.com. 6 IN A 52.185.211.133  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,58569,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Azure Cloud Services,CAT_Technology - Other""}",,1,1,dfp,"APP_Azure Cloud Services,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:46:05.395 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Azure Cloud Services,CAT_Content Server",,DNS,,atm-settingsfe-prod-geo2.trafficmanager.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""atm-settingsfe-prod-geo2.trafficmanager.net. 56 IN CNAME settings-prod-scus-1.southcentralus.cloudapp.azure.com.  settings-prod-scus-1.southcentralus.cloudapp.azure.com. 6 IN A 52.185.211.133  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,58569,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Azure Cloud Services,CAT_Content Server""}",,2,1,dfp,"APP_Azure Cloud Services,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:46:05.394 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Settings,CAT_Technology - Other",,DNS,,settings-win.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""settings-win.data.microsoft.com. 1643 IN CNAME atm-settingsfe-prod-geo2.trafficmanager.net.  atm-settingsfe-prod-geo2.trafficmanager.net. 60 IN CNAME settings-prod-eus2-1.eastus2.cloudapp.azure.com.  settings-prod-eus2-1.eastus2.cloudapp.azure.com. 1 IN A 52.167.249.196  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,58569,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft Settings,CAT_Technology - Other""}",,3,1,dfp,"APP_Microsoft Settings,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:45:42.933 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=7;InfobloxNsCount=13;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 71 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 119 IN CNAME wu.azureedge.net.  wu.azureedge.net. 76 IN CNAME wu.ec.azureedge.net.  wu.ec.azureedge.net. 19 IN CNAME bg.apr-52dd2-0503.edgecastdns.net.  bg.apr-52dd2-0503.edgecastdns.net. 119 IN CNAME hlb.apr-52dd2-0.edgecastdns.net.  hlb.apr-52dd2-0.edgecastdns.net. 273 IN CNAME cs11.wpc.v0cdn.net.  cs11.wpc.v0cdn.net. 3250 IN A 72.21.81.240  . 223829 IN NS k.root-servers.net.  . 223829 IN NS h.root-servers.net.  . 223829 IN NS c.root-servers.net.  . 223829 IN NS b.root-servers.net.  . 223829 IN NS a.root-servers.net.  . 223829 IN NS l.root-servers.net.  . 223829 IN NS j.root-servers.net.  . 223829 IN NS d.root-servers.net.  . 223829 IN NS m.root-servers.net.  . 223829 IN NS f.root-servers.net.  . 223829 IN NS e.root-servers.net.  . 223829 IN NS g.root-servers.net.  . 223829 IN NS i.root-servers.net.""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62570,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""7"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,7,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:45:26.985 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN HTTPS NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=HTTPS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,clientservices.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""googleapis.com. 46 IN SOA ns1.google.com. dns-admin.google.com. 548957318 900 900 1800 60  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,34585,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""HTTPS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,0,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,HTTPS,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:45:26.304 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,clientservices.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""clientservices.googleapis.com. 16 IN A 172.217.12.99  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,10999,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,1,1,remote_client,"APP_Uncategorized,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:45:08.616 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 13 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 13 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::2b  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,46991,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:54.664 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:44.019 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;DVNzWGNd1W9ZEbP8gsLVVeBK5U1Ffj7Mo+PPIcloC40wnvyLkh8Vd2sVlFqNsr99e6+dCB3cnSsgbGJy26oD+w=;PmM1QPNUQxfrJ5yGmfj9k/tn04orsiEiPQw+qPb0GpYStwdpiF1wPPRtg6XWbydXd+SjBh2RMrszIpxnWcT8vg=;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 113 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  geo.threatdefense.infoblox.com. 113 IN RRSIG CNAME 13 4 300 20230719044624 20230719024124 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,12439,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,4,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:44.019 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;a9c/mHn8hmAuMuPxjT3bHJIIVadkjNlma2bidg6D71kTZDUu9NljkbXWu48I1/Ior3MI9kFPt5XW4xpVkL0Wmg=;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,us-west-1-geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""us-west-1-geo.threatdefense.infoblox.com. 54 IN A 52.119.41.51  us-west-1-geo.threatdefense.infoblox.com. 54 IN RRSIG A 13 4 300 20230719044525 20230719024025 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,12439,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:44.019 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 32768 1232 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,12439,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101""}",,1,1,dfp,"APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:43.352 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 43 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 54 IN A 52.119.41.51  . 221374 IN NS c.root-servers.net.  . 221374 IN NS d.root-servers.net.  . 221374 IN NS l.root-servers.net.  . 221374 IN NS b.root-servers.net.  . 221374 IN NS g.root-servers.net.  . 221374 IN NS a.root-servers.net.  . 221374 IN NS m.root-servers.net.  . 221374 IN NS j.root-servers.net.  . 221374 IN NS i.root-servers.net.  . 221374 IN NS f.root-servers.net.  . 221374 IN NS e.root-servers.net.  . 221374 IN NS h.root-servers.net.  . 221374 IN NS k.root-servers.net.  a.root-servers.net. 221374 IN A 198.41.0.4  b.root-servers.net. 221374 IN A 199.9.14.201  c.root-servers.net. 221374 IN A 192.33.4.12  d.root-servers.net. 221374 IN A 199.7.91.13  e.root-servers.net. 221374 IN A 192.203.230.10  f.root-servers.net. 221374 IN A 192.5.5.241  g.root-servers.net. 221374 IN A 192.112.36.4  h.root-servers.net. 221374 IN A 198.97.190.53  i.root-servers.net. 221374 IN A 192.36.148.17  j.root-servers.net. 221374 IN A 192.58.128.30  k.root-servers.net. 221374 IN A 193.0.14.129  l.root-servers.net. 221374 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,64524,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:43.351 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 221374 IN NS m.root-servers.net.  . 221374 IN NS c.root-servers.net.  . 221374 IN NS i.root-servers.net.  . 221374 IN NS g.root-servers.net.  . 221374 IN NS f.root-servers.net.  . 221374 IN NS d.root-servers.net.  . 221374 IN NS k.root-servers.net.  . 221374 IN NS b.root-servers.net.  . 221374 IN NS l.root-servers.net.  . 221374 IN NS e.root-servers.net.  . 221374 IN NS h.root-servers.net.  . 221374 IN NS a.root-servers.net.  . 221374 IN NS j.root-servers.net.  a.root-servers.net. 221374 IN A 198.41.0.4  b.root-servers.net. 221374 IN A 199.9.14.201  c.root-servers.net. 221374 IN A 192.33.4.12  d.root-servers.net. 221374 IN A 199.7.91.13  e.root-servers.net. 221374 IN A 192.203.230.10  f.root-servers.net. 221374 IN A 192.5.5.241  g.root-servers.net. 221374 IN A 192.112.36.4  h.root-servers.net. 221374 IN A 198.97.190.53  i.root-servers.net. 221374 IN A 192.36.148.17  j.root-servers.net. 221374 IN A 192.58.128.30  k.root-servers.net. 221374 IN A 193.0.14.129  l.root-servers.net. 221374 IN A 199.7.83.42  m.root-servers.net. 221374 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,64525,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:43.155 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 43 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 54 IN A 52.119.41.51  . 221374 IN NS c.root-servers.net.  . 221374 IN NS d.root-servers.net.  . 221374 IN NS l.root-servers.net.  . 221374 IN NS b.root-servers.net.  . 221374 IN NS g.root-servers.net.  . 221374 IN NS a.root-servers.net.  . 221374 IN NS m.root-servers.net.  . 221374 IN NS j.root-servers.net.  . 221374 IN NS i.root-servers.net.  . 221374 IN NS f.root-servers.net.  . 221374 IN NS e.root-servers.net.  . 221374 IN NS h.root-servers.net.  . 221374 IN NS k.root-servers.net.  a.root-servers.net. 221374 IN A 198.41.0.4  b.root-servers.net. 221374 IN A 199.9.14.201  c.root-servers.net. 221374 IN A 192.33.4.12  d.root-servers.net. 221374 IN A 199.7.91.13  e.root-servers.net. 221374 IN A 192.203.230.10  f.root-servers.net. 221374 IN A 192.5.5.241  g.root-servers.net. 221374 IN A 192.112.36.4  h.root-servers.net. 221374 IN A 198.97.190.53  i.root-servers.net. 221374 IN A 192.36.148.17  j.root-servers.net. 221374 IN A 192.58.128.30  k.root-servers.net. 221374 IN A 193.0.14.129  l.root-servers.net. 221374 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,64524,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:43.155 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 221374 IN NS m.root-servers.net.  . 221374 IN NS c.root-servers.net.  . 221374 IN NS i.root-servers.net.  . 221374 IN NS g.root-servers.net.  . 221374 IN NS f.root-servers.net.  . 221374 IN NS d.root-servers.net.  . 221374 IN NS k.root-servers.net.  . 221374 IN NS b.root-servers.net.  . 221374 IN NS l.root-servers.net.  . 221374 IN NS e.root-servers.net.  . 221374 IN NS h.root-servers.net.  . 221374 IN NS a.root-servers.net.  . 221374 IN NS j.root-servers.net.  a.root-servers.net. 221374 IN A 198.41.0.4  b.root-servers.net. 221374 IN A 199.9.14.201  c.root-servers.net. 221374 IN A 192.33.4.12  d.root-servers.net. 221374 IN A 199.7.91.13  e.root-servers.net. 221374 IN A 192.203.230.10  f.root-servers.net. 221374 IN A 192.5.5.241  g.root-servers.net. 221374 IN A 192.112.36.4  h.root-servers.net. 221374 IN A 198.97.190.53  i.root-servers.net. 221374 IN A 192.36.148.17  j.root-servers.net. 221374 IN A 192.58.128.30  k.root-servers.net. 221374 IN A 193.0.14.129  l.root-servers.net. 221374 IN A 199.7.83.42  m.root-servers.net. 221374 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,64525,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:41.619 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 16 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 16 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 16 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 16 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 16 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 16 IN AAAA 2620:2d:4000:1::2a  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,47398,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:18.695 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 9 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 9 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 9 IN A 18.235.149.1  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,60040,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,3,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:18.695 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg=  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.235.149.1  . 32768 4096 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 17 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  csp.infoblox.com. 17 IN RRSIG CNAME 8 3 60 20230723012023 20230719003621 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,60040,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg"":""  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.235.149.1  . 32768 4096 OPT \"""",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,5,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,"  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 17 IN A 18.235.149.1  . 32768 4096 OPT """,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:18.694 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Windows",,DNS,,client.wns.windows.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""client.wns.windows.com. 484 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 259 IN A 40.83.240.146  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,29217,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Windows""}",,2,1,remote_client,"APP_Uncategorized,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:08.793 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Search Engines,SS_bing",,DNS,,www.bing.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""www.bing.com. 5867 IN CNAME www-www.bing.com.trafficmanager.net.  www-www.bing.com.trafficmanager.net. 58 IN CNAME www-bing-com.dual-a-0001.a-msedge.net.  www-bing-com.dual-a-0001.a-msedge.net. 58 IN CNAME dual-a-0001.a-msedge.net.  dual-a-0001.a-msedge.net. 58 IN A 13.107.21.200  dual-a-0001.a-msedge.net. 58 IN A 204.79.197.200  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,28436,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Search Engines,SS_bing""}",,5,1,remote_client,"APP_Uncategorized,CAT_Search Engines,SS_bing",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:08.792 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Portal Sites",,DNS,,cdn.content.prod.cms.msn.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""cdn.content.prod.cms.msn.com. 16262 IN CNAME cdn.content.prod.cms.msn.com.edgekey.net.  cdn.content.prod.cms.msn.com.edgekey.net. 659 IN CNAME e10663.dscg.akamaiedge.net.  e10663.dscg.akamaiedge.net. 16 IN A 23.216.151.88  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,28436,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Portal Sites""}",,3,1,remote_client,"APP_Uncategorized,CAT_Portal Sites",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:06.472 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Search Engines,SS_bing",,DNS,,www.bing.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""www.bing.com. 21194 IN CNAME www-www.bing.com.trafficmanager.net.  www-www.bing.com.trafficmanager.net. 1 IN CNAME www-bing-com.dual-a-0001.a-msedge.net.  www-bing-com.dual-a-0001.a-msedge.net. 51 IN CNAME dual-a-0001.a-msedge.net.  dual-a-0001.a-msedge.net. 51 IN A 13.107.21.200  dual-a-0001.a-msedge.net. 51 IN A 204.79.197.200  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,15013,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Search Engines,SS_bing""}",,5,1,remote_client,"APP_Uncategorized,CAT_Search Engines,SS_bing",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:06.471 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Portal Sites",,DNS,,cdn.content.prod.cms.msn.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""cdn.content.prod.cms.msn.com. 16895 IN CNAME cdn.content.prod.cms.msn.com.edgekey.net.  cdn.content.prod.cms.msn.com.edgekey.net. 327 IN CNAME e10663.dscg.akamaiedge.net.  e10663.dscg.akamaiedge.net. 15 IN A 23.216.151.88  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,15013,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Portal Sites""}",,3,1,remote_client,"APP_Uncategorized,CAT_Portal Sites",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:44:06.471 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Portal Sites",,DNS,,assets.msn.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""assets.msn.com. 16394 IN CNAME assets.msn.com.edgekey.net.  assets.msn.com.edgekey.net. 557 IN CNAME e28578.d.akamaiedge.net.  e28578.d.akamaiedge.net. 5 IN A 23.223.242.10  e28578.d.akamaiedge.net. 5 IN A 23.223.242.24  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,15013,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Portal Sites""}",,4,1,remote_client,"APP_Uncategorized,CAT_Portal Sites",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:43:38.425 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;baYR42SOW46H9tIJsvvgoIpoy/O2bJbxaIPxCwuVRmr3N+w4Fb3KYX5t7G9c/9W9vVgC8fdZnYUfvKc9lNVI6tC3w4t+8ylCPGcfP4SRvEPPozQkYXmvm1rdHyL+Fg74OWgXvW/rOo5rtBbCbBxsfAJdDPQaDOPIyEaMAtzlObE=  . 32768 4096 OPT "";InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,ns7.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns7.infoblox.com. 1097 IN A 3.211.162.1  ns7.infoblox.com. 1097 IN RRSIG A 8 3 3600 20230722062600 20230718062455 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,2620,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""baYR42SOW46H9tIJsvvgoIpoy/O2bJbxaIPxCwuVRmr3N+w4Fb3KYX5t7G9c/9W9vVgC8fdZnYUfvKc9lNVI6tC3w4t+8ylCPGcfP4SRvEPPozQkYXmvm1rdHyL+Fg74OWgXvW/rOo5rtBbCbBxsfAJdDPQaDOPIyEaMAtzlObE"":""  . 32768 4096 OPT \"""",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}","  . 32768 4096 OPT """,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:43:38.424 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;jLqtQui7dTvXs7BaS/r/vNClcUbaq7RGL716U0NH83ad2CR+DXgZoH0tj5FRGcHei9J8JtmHntCkYBk2DXMyNRTc7K8HWBDDVhZloU/K/S1f3y8kd9On3eyJY5tFHjV1yjO7l14fo3GOQYQMCLB/98Gruu96kZVDiJhEG73zfMY=  . 32768 4096 OPT "";InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,ns8.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns8.infoblox.com. 2847 IN A 104.40.90.56  ns8.infoblox.com. 2847 IN RRSIG A 8 3 3600 20230722135322 20230718134612 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,2620,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""jLqtQui7dTvXs7BaS/r/vNClcUbaq7RGL716U0NH83ad2CR+DXgZoH0tj5FRGcHei9J8JtmHntCkYBk2DXMyNRTc7K8HWBDDVhZloU/K/S1f3y8kd9On3eyJY5tFHjV1yjO7l14fo3GOQYQMCLB/98Gruu96kZVDiJhEG73zfMY"":""  . 32768 4096 OPT \"""",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,"  . 32768 4096 OPT """,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:43:33.797 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 0 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 0 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 0 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 0 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 0 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 0 IN AAAA 2001:67c:1562::23  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,2620,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:43:00.742 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;J5aqktuEZUMQ/0RY2R+HO1a+gSFKaBJM8X6BQ56jvFUQhd0XxkufnJg55VqMqPYusR3FF64kMN3qrCs+Ptj99vH06W6A8j7nWPPpVeroePNnW+SrRDWKZteWaO5c/nh0WTpXEzK3PeY/5A0p8CdqHZJ1Jj52h5rkUODobyzO77o=  . 32768 4096 OPT "";InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,thens.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""thens.infoblox.com. 0 IN A 38.108.181.200  thens.infoblox.com. 0 IN RRSIG A 8 3 3600 20230722185329 20230718181630 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,14713,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""J5aqktuEZUMQ/0RY2R+HO1a+gSFKaBJM8X6BQ56jvFUQhd0XxkufnJg55VqMqPYusR3FF64kMN3qrCs+Ptj99vH06W6A8j7nWPPpVeroePNnW+SrRDWKZteWaO5c/nh0WTpXEzK3PeY/5A0p8CdqHZJ1Jj52h5rkUODobyzO77o"":""  . 32768 4096 OPT \"""",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,"  . 32768 4096 OPT """,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:43:00.741 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN SOA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=SOA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,sentinel-ep-2.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 0 IN SOA thens.infoblox.com. dns.infoblox.com. 16 10800 3600 1209600 3600  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,14713,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""SOA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,0,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,SOA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:42:56.083 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 39 IN A 185.125.190.17  connectivity-check.ubuntu.com. 39 IN A 35.232.111.17  connectivity-check.ubuntu.com. 39 IN A 91.189.91.48  connectivity-check.ubuntu.com. 39 IN A 185.125.190.48  connectivity-check.ubuntu.com. 39 IN A 91.189.91.49  connectivity-check.ubuntu.com. 39 IN A 34.122.121.32  connectivity-check.ubuntu.com. 39 IN A 35.224.170.84  connectivity-check.ubuntu.com. 39 IN A 185.125.190.18  connectivity-check.ubuntu.com. 39 IN A 185.125.190.49  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,14713,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:42:48.657 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Shareware & Freeware",,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""services.mozilla.com. 355 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,14713,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Shareware & Freeware""}",,0,1,dfp,"APP_Uncategorized,CAT_Shareware & Freeware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:42:48.655 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Shareware & Freeware",,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""contile.services.mozilla.com. 110 IN A 34.117.237.239  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,14713,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Shareware & Freeware""}",,1,1,dfp,"APP_Uncategorized,CAT_Shareware & Freeware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:42:24.670 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:42:04.205 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Google Safe Browsing,CAT_Content Server",,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 297 IN AAAA 2607:f8b0:4005:811::200a  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,37958,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Google Safe Browsing,CAT_Content Server""}",,1,1,dfp,"APP_Google Safe Browsing,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:42:04.204 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Google Safe Browsing,CAT_Content Server",,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 241 IN A 142.251.32.42  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,37958,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Google Safe Browsing,CAT_Content Server""}",,1,1,dfp,"APP_Google Safe Browsing,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:41:58.932 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 241 IN A 142.251.32.42  . 221533 IN NS l.root-servers.net.  . 221533 IN NS b.root-servers.net.  . 221533 IN NS k.root-servers.net.  . 221533 IN NS h.root-servers.net.  . 221533 IN NS c.root-servers.net.  . 221533 IN NS j.root-servers.net.  . 221533 IN NS d.root-servers.net.  . 221533 IN NS g.root-servers.net.  . 221533 IN NS m.root-servers.net.  . 221533 IN NS f.root-servers.net.  . 221533 IN NS e.root-servers.net.  . 221533 IN NS a.root-servers.net.  . 221533 IN NS i.root-servers.net.  a.root-servers.net. 221533 IN A 198.41.0.4  b.root-servers.net. 221533 IN A 199.9.14.201  c.root-servers.net. 221533 IN A 192.33.4.12  d.root-servers.net. 221533 IN A 199.7.91.13  e.root-servers.net. 221533 IN A 192.203.230.10  f.root-servers.net. 221533 IN A 192.5.5.241  g.root-servers.net. 221533 IN A 192.112.36.4  h.root-servers.net. 221533 IN A 198.97.190.53  i.root-servers.net. 221533 IN A 192.36.148.17  j.root-servers.net. 221533 IN A 192.58.128.30  k.root-servers.net. 221533 IN A 193.0.14.129  l.root-servers.net. 221533 IN A 199.7.83.42  m.root-servers.net. 221533 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,64807,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:41:58.931 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 297 IN AAAA 2607:f8b0:4005:811::200a  . 221533 IN NS m.root-servers.net.  . 221533 IN NS c.root-servers.net.  . 221533 IN NS j.root-servers.net.  . 221533 IN NS a.root-servers.net.  . 221533 IN NS f.root-servers.net.  . 221533 IN NS g.root-servers.net.  . 221533 IN NS h.root-servers.net.  . 221533 IN NS i.root-servers.net.  . 221533 IN NS d.root-servers.net.  . 221533 IN NS k.root-servers.net.  . 221533 IN NS l.root-servers.net.  . 221533 IN NS e.root-servers.net.  . 221533 IN NS b.root-servers.net.  a.root-servers.net. 221533 IN A 198.41.0.4  b.root-servers.net. 221533 IN A 199.9.14.201  c.root-servers.net. 221533 IN A 192.33.4.12  d.root-servers.net. 221533 IN A 199.7.91.13  e.root-servers.net. 221533 IN A 192.203.230.10  f.root-servers.net. 221533 IN A 192.5.5.241  g.root-servers.net. 221533 IN A 192.112.36.4  h.root-servers.net. 221533 IN A 198.97.190.53  i.root-servers.net. 221533 IN A 192.36.148.17  j.root-servers.net. 221533 IN A 192.58.128.30  k.root-servers.net. 221533 IN A 193.0.14.129  l.root-servers.net. 221533 IN A 199.7.83.42  m.root-servers.net. 221533 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,49735,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:40:26.815 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Google Safe Browsing,CAT_Content Server",,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 221 IN A 142.250.191.74  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,50285,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Google Safe Browsing,CAT_Content Server""}",,1,1,remote_client,"APP_Google Safe Browsing,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:40:25.396 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN HTTPS NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=HTTPS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Google Safe Browsing,CAT_Content Server",,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""googleapis.com. 40 IN SOA ns1.google.com. dns-admin.google.com. 548957318 900 900 1800 60  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,1975,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""HTTPS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Google Safe Browsing,CAT_Content Server""}",,0,1,remote_client,"APP_Google Safe Browsing,CAT_Content Server",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,HTTPS,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:40:17.685 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 67 IN A 142.251.32.42  . 245105 IN NS j.root-servers.net.  . 245105 IN NS f.root-servers.net.  . 245105 IN NS l.root-servers.net.  . 245105 IN NS c.root-servers.net.  . 245105 IN NS i.root-servers.net.  . 245105 IN NS a.root-servers.net.  . 245105 IN NS h.root-servers.net.  . 245105 IN NS d.root-servers.net.  . 245105 IN NS g.root-servers.net.  . 245105 IN NS b.root-servers.net.  . 245105 IN NS e.root-servers.net.  . 245105 IN NS k.root-servers.net.  . 245105 IN NS m.root-servers.net.  a.root-servers.net. 245105 IN A 198.41.0.4  b.root-servers.net. 245105 IN A 199.9.14.201  c.root-servers.net. 245105 IN A 192.33.4.12  d.root-servers.net. 245105 IN A 199.7.91.13  e.root-servers.net. 245105 IN A 192.203.230.10  f.root-servers.net. 245105 IN A 192.5.5.241  g.root-servers.net. 245105 IN A 192.112.36.4  h.root-servers.net. 245105 IN A 198.97.190.53  i.root-servers.net. 245105 IN A 192.36.148.17  j.root-servers.net. 245105 IN A 192.58.128.30  k.root-servers.net. 245105 IN A 193.0.14.129  l.root-servers.net. 245105 IN A 199.7.83.42  m.root-servers.net. 245105 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,49300,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:40:17.685 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 32 IN AAAA 2607:f8b0:4005:811::200a  . 245105 IN NS l.root-servers.net.  . 245105 IN NS a.root-servers.net.  . 245105 IN NS j.root-servers.net.  . 245105 IN NS f.root-servers.net.  . 245105 IN NS d.root-servers.net.  . 245105 IN NS h.root-servers.net.  . 245105 IN NS i.root-servers.net.  . 245105 IN NS b.root-servers.net.  . 245105 IN NS k.root-servers.net.  . 245105 IN NS e.root-servers.net.  . 245105 IN NS c.root-servers.net.  . 245105 IN NS g.root-servers.net.  . 245105 IN NS m.root-servers.net.  a.root-servers.net. 245105 IN A 198.41.0.4  b.root-servers.net. 245105 IN A 199.9.14.201  c.root-servers.net. 245105 IN A 192.33.4.12  d.root-servers.net. 245105 IN A 199.7.91.13  e.root-servers.net. 245105 IN A 192.203.230.10  f.root-servers.net. 245105 IN A 192.5.5.241  g.root-servers.net. 245105 IN A 192.112.36.4  h.root-servers.net. 245105 IN A 198.97.190.53  i.root-servers.net. 245105 IN A 192.36.148.17  j.root-servers.net. 245105 IN A 192.58.128.30  k.root-servers.net. 245105 IN A 193.0.14.129  l.root-servers.net. 245105 IN A 199.7.83.42  m.root-servers.net. 245105 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50322,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:40:17.685 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,safebrowsing.googleapis.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""safebrowsing.googleapis.com. 32 IN AAAA 2607:f8b0:4005:811::200a  . 245105 IN NS i.root-servers.net.  . 245105 IN NS c.root-servers.net.  . 245105 IN NS e.root-servers.net.  . 245105 IN NS k.root-servers.net.  . 245105 IN NS f.root-servers.net.  . 245105 IN NS d.root-servers.net.  . 245105 IN NS h.root-servers.net.  . 245105 IN NS a.root-servers.net.  . 245105 IN NS b.root-servers.net.  . 245105 IN NS g.root-servers.net.  . 245105 IN NS l.root-servers.net.  . 245105 IN NS m.root-servers.net.  . 245105 IN NS j.root-servers.net.  a.root-servers.net. 245105 IN A 198.41.0.4  b.root-servers.net. 245105 IN A 199.9.14.201  c.root-servers.net. 245105 IN A 192.33.4.12  d.root-servers.net. 245105 IN A 199.7.91.13  e.root-servers.net. 245105 IN A 192.203.230.10  f.root-servers.net. 245105 IN A 192.5.5.241  g.root-servers.net. 245105 IN A 192.112.36.4  h.root-servers.net. 245105 IN A 198.97.190.53  i.root-servers.net. 245105 IN A 192.36.148.17  j.root-servers.net. 245105 IN A 192.58.128.30  k.root-servers.net. 245105 IN A 193.0.14.129  l.root-servers.net. 245105 IN A 199.7.83.42  m.root-servers.net. 245105 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50322,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:39:54.658 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:38:34.302 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 4 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 4 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 4 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 4 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 4 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 4 IN AAAA 2001:67c:1562::24  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,15533,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:38:28.147 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 4 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 4 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 4 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 4 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 4 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 4 IN AAAA 2620:2d:4000:1::2b  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,59822,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:38:12.962 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 43 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.235.149.1  . 225722 IN NS c.root-servers.net.  . 225722 IN NS i.root-servers.net.  . 225722 IN NS d.root-servers.net.  . 225722 IN NS k.root-servers.net.  . 225722 IN NS f.root-servers.net.  . 225722 IN NS m.root-servers.net.  . 225722 IN NS g.root-servers.net.  . 225722 IN NS b.root-servers.net.  . 225722 IN NS a.root-servers.net.  . 225722 IN NS e.root-servers.net.  . 225722 IN NS l.root-servers.net.  . 225722 IN NS j.root-servers.net.  . 225722 IN NS h.root-servers.net.  a.root-servers.net. 225722 IN A 198.41.0.4  b.root-servers.net. 225722 IN A 199.9.14.201  c.root-servers.net. 225722 IN A 192.33.4.12  d.root-servers.net. 225722 IN A 199.7.91.13  e.root-servers.net. 225722 IN A 192.203.230.10  f.root-servers.net. 225722 IN A 192.5.5.241  g.root-servers.net. 225722 IN A 192.112.36.4  h.root-servers.net. 225722 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,60191,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,4,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:38:12.962 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 76 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 74 IN A 52.119.41.51  . 225722 IN NS a.root-servers.net.  . 225722 IN NS h.root-servers.net.  . 225722 IN NS f.root-servers.net.  . 225722 IN NS b.root-servers.net.  . 225722 IN NS k.root-servers.net.  . 225722 IN NS d.root-servers.net.  . 225722 IN NS g.root-servers.net.  . 225722 IN NS c.root-servers.net.  . 225722 IN NS m.root-servers.net.  . 225722 IN NS l.root-servers.net.  . 225722 IN NS e.root-servers.net.  . 225722 IN NS j.root-servers.net.  . 225722 IN NS i.root-servers.net.  a.root-servers.net. 225722 IN A 198.41.0.4  b.root-servers.net. 225722 IN A 199.9.14.201  c.root-servers.net. 225722 IN A 192.33.4.12  d.root-servers.net. 225722 IN A 199.7.91.13  e.root-servers.net. 225722 IN A 192.203.230.10  f.root-servers.net. 225722 IN A 192.5.5.241  g.root-servers.net. 225722 IN A 192.112.36.4  h.root-servers.net. 225722 IN A 198.97.190.53  i.root-servers.net. 225722 IN A 192.36.148.17  j.root-servers.net. 225722 IN A 192.58.128.30  k.root-servers.net. 225722 IN A 193.0.14.129  l.root-servers.net. 225722 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,60192,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:38:12.962 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 225722 IN NS h.root-servers.net.  . 225722 IN NS l.root-servers.net.  . 225722 IN NS j.root-servers.net.  . 225722 IN NS b.root-servers.net.  . 225722 IN NS d.root-servers.net.  . 225722 IN NS e.root-servers.net.  . 225722 IN NS k.root-servers.net.  . 225722 IN NS f.root-servers.net.  . 225722 IN NS a.root-servers.net.  . 225722 IN NS i.root-servers.net.  . 225722 IN NS c.root-servers.net.  . 225722 IN NS g.root-servers.net.  . 225722 IN NS m.root-servers.net.  a.root-servers.net. 225722 IN A 198.41.0.4  b.root-servers.net. 225722 IN A 199.9.14.201  c.root-servers.net. 225722 IN A 192.33.4.12  d.root-servers.net. 225722 IN A 199.7.91.13  e.root-servers.net. 225722 IN A 192.203.230.10  f.root-servers.net. 225722 IN A 192.5.5.241  g.root-servers.net. 225722 IN A 192.112.36.4  h.root-servers.net. 225722 IN A 198.97.190.53  i.root-servers.net. 225722 IN A 192.36.148.17  j.root-servers.net. 225722 IN A 192.58.128.30  k.root-servers.net. 225722 IN A 193.0.14.129  l.root-servers.net. 225722 IN A 199.7.83.42  m.root-servers.net. 225722 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,60193,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:38:12.680 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 225722 IN NS h.root-servers.net.  . 225722 IN NS l.root-servers.net.  . 225722 IN NS j.root-servers.net.  . 225722 IN NS b.root-servers.net.  . 225722 IN NS d.root-servers.net.  . 225722 IN NS e.root-servers.net.  . 225722 IN NS k.root-servers.net.  . 225722 IN NS f.root-servers.net.  . 225722 IN NS a.root-servers.net.  . 225722 IN NS i.root-servers.net.  . 225722 IN NS c.root-servers.net.  . 225722 IN NS g.root-servers.net.  . 225722 IN NS m.root-servers.net.  a.root-servers.net. 225722 IN A 198.41.0.4  b.root-servers.net. 225722 IN A 199.9.14.201  c.root-servers.net. 225722 IN A 192.33.4.12  d.root-servers.net. 225722 IN A 199.7.91.13  e.root-servers.net. 225722 IN A 192.203.230.10  f.root-servers.net. 225722 IN A 192.5.5.241  g.root-servers.net. 225722 IN A 192.112.36.4  h.root-servers.net. 225722 IN A 198.97.190.53  i.root-servers.net. 225722 IN A 192.36.148.17  j.root-servers.net. 225722 IN A 192.58.128.30  k.root-servers.net. 225722 IN A 193.0.14.129  l.root-servers.net. 225722 IN A 199.7.83.42  m.root-servers.net. 225722 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,60193,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:38:12.680 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 76 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 74 IN A 52.119.41.51  . 225722 IN NS a.root-servers.net.  . 225722 IN NS h.root-servers.net.  . 225722 IN NS f.root-servers.net.  . 225722 IN NS b.root-servers.net.  . 225722 IN NS k.root-servers.net.  . 225722 IN NS d.root-servers.net.  . 225722 IN NS g.root-servers.net.  . 225722 IN NS c.root-servers.net.  . 225722 IN NS m.root-servers.net.  . 225722 IN NS l.root-servers.net.  . 225722 IN NS e.root-servers.net.  . 225722 IN NS j.root-servers.net.  . 225722 IN NS i.root-servers.net.  a.root-servers.net. 225722 IN A 198.41.0.4  b.root-servers.net. 225722 IN A 199.9.14.201  c.root-servers.net. 225722 IN A 192.33.4.12  d.root-servers.net. 225722 IN A 199.7.91.13  e.root-servers.net. 225722 IN A 192.203.230.10  f.root-servers.net. 225722 IN A 192.5.5.241  g.root-servers.net. 225722 IN A 192.112.36.4  h.root-servers.net. 225722 IN A 198.97.190.53  i.root-servers.net. 225722 IN A 192.36.148.17  j.root-servers.net. 225722 IN A 192.58.128.30  k.root-servers.net. 225722 IN A 193.0.14.129  l.root-servers.net. 225722 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,60192,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:38:12.680 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 43 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.235.149.1  . 225722 IN NS c.root-servers.net.  . 225722 IN NS i.root-servers.net.  . 225722 IN NS d.root-servers.net.  . 225722 IN NS k.root-servers.net.  . 225722 IN NS f.root-servers.net.  . 225722 IN NS m.root-servers.net.  . 225722 IN NS g.root-servers.net.  . 225722 IN NS b.root-servers.net.  . 225722 IN NS a.root-servers.net.  . 225722 IN NS e.root-servers.net.  . 225722 IN NS l.root-servers.net.  . 225722 IN NS j.root-servers.net.  . 225722 IN NS h.root-servers.net.  a.root-servers.net. 225722 IN A 198.41.0.4  b.root-servers.net. 225722 IN A 199.9.14.201  c.root-servers.net. 225722 IN A 192.33.4.12  d.root-servers.net. 225722 IN A 199.7.91.13  e.root-servers.net. 225722 IN A 192.203.230.10  f.root-servers.net. 225722 IN A 192.5.5.241  g.root-servers.net. 225722 IN A 192.112.36.4  h.root-servers.net. 225722 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,60191,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,4,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:54.239 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 43 IN A 35.232.111.17  connectivity-check.ubuntu.com. 43 IN A 91.189.91.49  connectivity-check.ubuntu.com. 43 IN A 185.125.190.48  connectivity-check.ubuntu.com. 43 IN A 34.122.121.32  connectivity-check.ubuntu.com. 43 IN A 185.125.190.18  connectivity-check.ubuntu.com. 43 IN A 35.224.170.84  connectivity-check.ubuntu.com. 43 IN A 185.125.190.49  connectivity-check.ubuntu.com. 43 IN A 91.189.91.48  connectivity-check.ubuntu.com. 43 IN A 185.125.190.17  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,1565,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:49.672 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,getpocket.cdn.mozilla.net.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""getpocket.cdn.mozilla.net. 1 IN CNAME getpocket-cdn.prod.mozaws.net.  getpocket-cdn.prod.mozaws.net. 71 IN CNAME prod.pocket.prod.cloudops.mozgcp.net.  prod.pocket.prod.cloudops.mozgcp.net. 505 IN A 34.120.5.221  . 228693 IN NS l.root-servers.net.  . 228693 IN NS g.root-servers.net.  . 228693 IN NS i.root-servers.net.  . 228693 IN NS e.root-servers.net.  . 228693 IN NS j.root-servers.net.  . 228693 IN NS b.root-servers.net.  . 228693 IN NS d.root-servers.net.  . 228693 IN NS m.root-servers.net.  . 228693 IN NS f.root-servers.net.  . 228693 IN NS k.root-servers.net.  . 228693 IN NS h.root-servers.net.  . 228693 IN NS c.root-servers.net.  . 228693 IN NS a.root-servers.net.  a.root-servers.net. 228693 IN A 198.41.0.4  b.root-servers.net. 228693 IN A 199.9.14.201  c.root-servers.net. 228693 IN A 192.33.4.12  d.root-servers.net. 228693 IN A 199.7.91.13  e.root-servers.net. 228693 IN A 192.203.230.10  f.root-servers.net. 228693 IN A 192.5.5.241  g.root-servers.net. 228693 IN A 192.112.36.4  h.root-servers.net. 228693 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,64659,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:49.672 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,prod.pocket.prod.cloudops.mozgcp.net.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""prod.pocket.prod.cloudops.mozgcp.net. 327 IN AAAA 2600:1901:0:524c::  . 228693 IN NS e.root-servers.net.  . 228693 IN NS k.root-servers.net.  . 228693 IN NS i.root-servers.net.  . 228693 IN NS g.root-servers.net.  . 228693 IN NS h.root-servers.net.  . 228693 IN NS d.root-servers.net.  . 228693 IN NS a.root-servers.net.  . 228693 IN NS b.root-servers.net.  . 228693 IN NS l.root-servers.net.  . 228693 IN NS f.root-servers.net.  . 228693 IN NS j.root-servers.net.  . 228693 IN NS m.root-servers.net.  . 228693 IN NS c.root-servers.net.  a.root-servers.net. 228693 IN A 198.41.0.4  b.root-servers.net. 228693 IN A 199.9.14.201  c.root-servers.net. 228693 IN A 192.33.4.12  d.root-servers.net. 228693 IN A 199.7.91.13  e.root-servers.net. 228693 IN A 192.203.230.10  f.root-servers.net. 228693 IN A 192.5.5.241  g.root-servers.net. 228693 IN A 192.112.36.4  h.root-servers.net. 228693 IN A 198.97.190.53  i.root-servers.net. 228693 IN A 192.36.148.17  j.root-servers.net. 228693 IN A 192.58.128.30  k.root-servers.net. 228693 IN A 193.0.14.129  l.root-servers.net. 228693 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,60717,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:49.672 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,prod.pocket.prod.cloudops.mozgcp.net.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""prod.pocket.prod.cloudops.mozgcp.net. 505 IN A 34.120.5.221  . 228693 IN NS d.root-servers.net.  . 228693 IN NS m.root-servers.net.  . 228693 IN NS l.root-servers.net.  . 228693 IN NS e.root-servers.net.  . 228693 IN NS g.root-servers.net.  . 228693 IN NS b.root-servers.net.  . 228693 IN NS a.root-servers.net.  . 228693 IN NS f.root-servers.net.  . 228693 IN NS j.root-servers.net.  . 228693 IN NS h.root-servers.net.  . 228693 IN NS i.root-servers.net.  . 228693 IN NS k.root-servers.net.  . 228693 IN NS c.root-servers.net.  a.root-servers.net. 228693 IN A 198.41.0.4  b.root-servers.net. 228693 IN A 199.9.14.201  c.root-servers.net. 228693 IN A 192.33.4.12  d.root-servers.net. 228693 IN A 199.7.91.13  e.root-servers.net. 228693 IN A 192.203.230.10  f.root-servers.net. 228693 IN A 192.5.5.241  g.root-servers.net. 228693 IN A 192.112.36.4  h.root-servers.net. 228693 IN A 198.97.190.53  i.root-servers.net. 228693 IN A 192.36.148.17  j.root-servers.net. 228693 IN A 192.58.128.30  k.root-servers.net. 228693 IN A 193.0.14.129  l.root-servers.net. 228693 IN A 199.7.83.42  m.root-servers.net. 228693 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,63526,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:49.672 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 59 IN A 185.125.190.17  connectivity-check.ubuntu.com. 59 IN A 91.189.91.49  connectivity-check.ubuntu.com. 59 IN A 35.224.170.84  connectivity-check.ubuntu.com. 59 IN A 185.125.190.49  connectivity-check.ubuntu.com. 59 IN A 34.122.121.32  connectivity-check.ubuntu.com. 59 IN A 91.189.91.48  connectivity-check.ubuntu.com. 59 IN A 35.232.111.17  connectivity-check.ubuntu.com. 59 IN A 185.125.190.18  connectivity-check.ubuntu.com. 59 IN A 185.125.190.48  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,45991,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:49.672 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""services.mozilla.com. 428 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,53811,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,0,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:49.672 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""contile.services.mozilla.com. 400 IN A 34.117.237.239  . 228693 IN NS a.root-servers.net.  . 228693 IN NS i.root-servers.net.  . 228693 IN NS j.root-servers.net.  . 228693 IN NS g.root-servers.net.  . 228693 IN NS f.root-servers.net.  . 228693 IN NS m.root-servers.net.  . 228693 IN NS b.root-servers.net.  . 228693 IN NS d.root-servers.net.  . 228693 IN NS l.root-servers.net.  . 228693 IN NS e.root-servers.net.  . 228693 IN NS h.root-servers.net.  . 228693 IN NS c.root-servers.net.  . 228693 IN NS k.root-servers.net.  a.root-servers.net. 228693 IN A 198.41.0.4  b.root-servers.net. 228693 IN A 199.9.14.201  c.root-servers.net. 228693 IN A 192.33.4.12  d.root-servers.net. 228693 IN A 199.7.91.13  e.root-servers.net. 228693 IN A 192.203.230.10  f.root-servers.net. 228693 IN A 192.5.5.241  g.root-servers.net. 228693 IN A 192.112.36.4  h.root-servers.net. 228693 IN A 198.97.190.53  i.root-servers.net. 228693 IN A 192.36.148.17  j.root-servers.net. 228693 IN A 192.58.128.30  k.root-servers.net. 228693 IN A 193.0.14.129  l.root-servers.net. 228693 IN A 199.7.83.42  m.root-servers.net. 228693 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,54635,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:49.671 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""contile.services.mozilla.com. 400 IN A 34.117.237.239  . 228693 IN NS m.root-servers.net.  . 228693 IN NS b.root-servers.net.  . 228693 IN NS k.root-servers.net.  . 228693 IN NS d.root-servers.net.  . 228693 IN NS c.root-servers.net.  . 228693 IN NS f.root-servers.net.  . 228693 IN NS h.root-servers.net.  . 228693 IN NS g.root-servers.net.  . 228693 IN NS i.root-servers.net.  . 228693 IN NS j.root-servers.net.  . 228693 IN NS e.root-servers.net.  . 228693 IN NS l.root-servers.net.  . 228693 IN NS a.root-servers.net.  a.root-servers.net. 228693 IN A 198.41.0.4  b.root-servers.net. 228693 IN A 199.9.14.201  c.root-servers.net. 228693 IN A 192.33.4.12  d.root-servers.net. 228693 IN A 199.7.91.13  e.root-servers.net. 228693 IN A 192.203.230.10  f.root-servers.net. 228693 IN A 192.5.5.241  g.root-servers.net. 228693 IN A 192.112.36.4  h.root-servers.net. 228693 IN A 198.97.190.53  i.root-servers.net. 228693 IN A 192.36.148.17  j.root-servers.net. 228693 IN A 192.58.128.30  k.root-servers.net. 228693 IN A 193.0.14.129  l.root-servers.net. 228693 IN A 199.7.83.42  m.root-servers.net. 228693 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,54635,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:43.765 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 43 IN A 35.224.170.84  connectivity-check.ubuntu.com. 43 IN A 35.232.111.17  connectivity-check.ubuntu.com. 43 IN A 91.189.91.48  connectivity-check.ubuntu.com. 43 IN A 91.189.91.49  connectivity-check.ubuntu.com. 43 IN A 185.125.190.18  connectivity-check.ubuntu.com. 43 IN A 34.122.121.32  connectivity-check.ubuntu.com. 43 IN A 185.125.190.48  connectivity-check.ubuntu.com. 43 IN A 185.125.190.49  connectivity-check.ubuntu.com. 43 IN A 185.125.190.17  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,49213,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:33.863 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 27 IN A 5.78.89.3  pool.ntp.org. 27 IN A 159.89.86.140  pool.ntp.org. 27 IN A 45.79.51.42  pool.ntp.org. 27 IN A 50.205.57.38  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,63196,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:33.098 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 17 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 17 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 17 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 17 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 17 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 17 IN AAAA 2620:2d:4000:1::2a  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,53795,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:31.998 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 63 IN A 66.85.78.80  pool.ntp.org. 63 IN A 162.159.200.1  pool.ntp.org. 63 IN A 140.99.199.146  pool.ntp.org. 63 IN A 5.161.111.190  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,28055,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:24.842 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_57='\377\377';code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:23.137 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 82 IN A 97.107.128.165  pool.ntp.org. 82 IN A 159.89.45.132  pool.ntp.org. 82 IN A 64.142.54.12  pool.ntp.org. 82 IN A 216.229.0.50  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,3784,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:37:13.216 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 97 IN A 23.131.160.7  pool.ntp.org. 97 IN A 142.202.190.19  pool.ntp.org. 97 IN A 162.159.200.1  pool.ntp.org. 97 IN A 129.250.35.250  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,11369,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:58.452 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,http://hiperfdhaus.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689737723 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,5930,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:52.607 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 55 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 55 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 55 IN AAAA 2620:2d:4000:1::23  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,60899,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:48.717 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Google Search,CAT_Search Engines,SS_google",,DNS,,google.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""google.com. 300 IN A 142.251.214.142  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,10620,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Google Search,CAT_Search Engines,SS_google""}",,1,1,remote_client,"APP_Google Search,CAT_Search Engines,SS_google",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:41.978 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN NS NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=NS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=13;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,""". 67089 IN NS d.root-servers.net.  . 67089 IN NS a.root-servers.net.  . 67089 IN NS b.root-servers.net.  . 67089 IN NS i.root-servers.net.  . 67089 IN NS m.root-servers.net.  . 67089 IN NS h.root-servers.net.  . 67089 IN NS c.root-servers.net.  . 67089 IN NS k.root-servers.net.  . 67089 IN NS f.root-servers.net.  . 67089 IN NS g.root-servers.net.  . 67089 IN NS j.root-servers.net.  . 67089 IN NS e.root-servers.net.  . 67089 IN NS l.root-servers.net.  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,10620,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""NS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""13"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,13,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,NS,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:32.326 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Search Engines",,DNS,,https://google.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 898 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689737693 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,14623,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Search Engines""}",,0,1,remote_client,"APP_Uncategorized,CAT_Search Engines",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:32.326 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Search Engines",,DNS,,https://google.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689737693 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,14623,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Search Engines""}",,0,1,remote_client,"APP_Uncategorized,CAT_Search Engines",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,AAAA,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:32.326 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Search Engines",,DNS,,https://google.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 897 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689737693 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,14623,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Search Engines""}",,0,1,remote_client,"APP_Uncategorized,CAT_Search Engines",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:32.326 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Search Engines",,DNS,,https://google.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689737693 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,14623,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Search Engines""}",,0,1,remote_client,"APP_Uncategorized,CAT_Search Engines",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,AAAA,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:32.325 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN PTR NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=PTR;InfobloxDNSQFlags=+AEV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,1.0.0.127.in-addr.arpa.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,14623,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""PTR"",""InfobloxDNSQFlags"":""+AEV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,PTR,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:29.160 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=9;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 196 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 78 IN CNAME cds.d2s7q6s2.hwcdn.net.  cds.d2s7q6s2.hwcdn.net. 196 IN A 209.197.3.8  . 221934 IN NS f.root-servers.net.  . 221934 IN NS b.root-servers.net.  . 221934 IN NS k.root-servers.net.  . 221934 IN NS l.root-servers.net.  . 221934 IN NS e.root-servers.net.  . 221934 IN NS a.root-servers.net.  . 221934 IN NS c.root-servers.net.  . 221934 IN NS h.root-servers.net.  . 221934 IN NS d.root-servers.net.  . 221934 IN NS j.root-servers.net.  . 221934 IN NS g.root-servers.net.  . 221934 IN NS i.root-servers.net.  . 221934 IN NS m.root-servers.net.  a.root-servers.net. 221934 IN A 198.41.0.4  b.root-servers.net. 221934 IN A 199.9.14.201  c.root-servers.net. 221934 IN A 192.33.4.12  d.root-servers.net. 221934 IN A 199.7.91.13  e.root-servers.net. 221934 IN A 192.203.230.10  f.root-servers.net. 221934 IN A 192.5.5.241  g.root-servers.net. 221934 IN A 192.112.36.4  h.root-servers.net. 221934 IN A 198.97.190.53  i.root-servers.net. 221934 IN A 192.36.148.17""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,60608,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""9"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,9,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:23.685 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_PC Support,CAT_Windows",,DNS,,cds.d2s7q6s2.hwcdn.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""cds.d2s7q6s2.hwcdn.net. 196 IN A 209.197.3.8  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,8292,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_PC Support,CAT_Windows""}",,1,1,dfp,"APP_Uncategorized,CAT_PC Support,CAT_Windows",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:23.685 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Azure Cloud Services,CAT_Content Server",,DNS,,wu-bg-shim.trafficmanager.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wu-bg-shim.trafficmanager.net. 576 IN CNAME cds.d2s7q6s2.hwcdn.net.  cds.d2s7q6s2.hwcdn.net. 78 IN A 209.197.3.8  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,8292,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Azure Cloud Services,CAT_Content Server""}",,2,1,dfp,"APP_Azure Cloud Services,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:23.684 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 2953 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 496 IN CNAME cds.d2s7q6s2.hwcdn.net.  cds.d2s7q6s2.hwcdn.net. 196 IN A 209.197.3.8  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,8292,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,3,1,dfp,"APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:11.383 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,http://jirostrogud.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689737678 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,15160,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,AAAA,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:11.383 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,http://jirostrogud.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689737678 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,15160,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,AAAA,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:11.383 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,http://jirostrogud.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689737678 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,15160,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:11.382 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN PTR NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=PTR;InfobloxDNSQFlags=+AEV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,1.0.0.127.in-addr.arpa.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,15160,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""PTR"",""InfobloxDNSQFlags"":""+AEV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,PTR,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:35:11.382 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NXDOMAIN,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,http://jirostrogud.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689737678 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,15160,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:54.968 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:44.733 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;TfcashclDU0dnofxM/W69lUQlkNn5GeR7eCEEgVLtsQYDKIoui7eDVgw4csxXJo4+rI73iQlKOnOrGyvzlogn/lBE2zjnIWjfhcjMeJFktOQQx11bfCkoDlpkk/tFX8IvdPP/Om1PoW6wRUAwx+BwzT1HkOGJcHT4mTJywu94PM=  . 32768 4096 OPT "";InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,ns4.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns4.infoblox.com. 1149 IN A 12.23.72.166  ns4.infoblox.com. 1149 IN RRSIG A 8 3 3600 20230722194328 20230718190127 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,41128,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""TfcashclDU0dnofxM/W69lUQlkNn5GeR7eCEEgVLtsQYDKIoui7eDVgw4csxXJo4+rI73iQlKOnOrGyvzlogn/lBE2zjnIWjfhcjMeJFktOQQx11bfCkoDlpkk/tFX8IvdPP/Om1PoW6wRUAwx+BwzT1HkOGJcHT4mTJywu94PM"":""  . 32768 4096 OPT \"""",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,"  . 32768 4096 OPT """,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:44.733 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;baYR42SOW46H9tIJsvvgoIpoy/O2bJbxaIPxCwuVRmr3N+w4Fb3KYX5t7G9c/9W9vVgC8fdZnYUfvKc9lNVI6tC3w4t+8ylCPGcfP4SRvEPPozQkYXmvm1rdHyL+Fg74OWgXvW/rOo5rtBbCbBxsfAJdDPQaDOPIyEaMAtzlObE=  . 32768 4096 OPT "";InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,ns7.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns7.infoblox.com. 194 IN A 3.211.162.1  ns7.infoblox.com. 194 IN RRSIG A 8 3 3600 20230722062600 20230718062455 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,41128,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""baYR42SOW46H9tIJsvvgoIpoy/O2bJbxaIPxCwuVRmr3N+w4Fb3KYX5t7G9c/9W9vVgC8fdZnYUfvKc9lNVI6tC3w4t+8ylCPGcfP4SRvEPPozQkYXmvm1rdHyL+Fg74OWgXvW/rOo5rtBbCbBxsfAJdDPQaDOPIyEaMAtzlObE"":""  . 32768 4096 OPT \"""",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}","  . 32768 4096 OPT """,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:44.495 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns7.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns7.infoblox.com. 194 IN A 3.211.162.1  . 221974 IN NS f.root-servers.net.  . 221974 IN NS m.root-servers.net.  . 221974 IN NS d.root-servers.net.  . 221974 IN NS b.root-servers.net.  . 221974 IN NS c.root-servers.net.  . 221974 IN NS e.root-servers.net.  . 221974 IN NS i.root-servers.net.  . 221974 IN NS a.root-servers.net.  . 221974 IN NS h.root-servers.net.  . 221974 IN NS g.root-servers.net.  . 221974 IN NS j.root-servers.net.  . 221974 IN NS k.root-servers.net.  . 221974 IN NS l.root-servers.net.  a.root-servers.net. 221974 IN A 198.41.0.4  b.root-servers.net. 221974 IN A 199.9.14.201  c.root-servers.net. 221974 IN A 192.33.4.12  d.root-servers.net. 221974 IN A 199.7.91.13  e.root-servers.net. 221974 IN A 192.203.230.10  f.root-servers.net. 221974 IN A 192.5.5.241  g.root-servers.net. 221974 IN A 192.112.36.4  h.root-servers.net. 221974 IN A 198.97.190.53  i.root-servers.net. 221974 IN A 192.36.148.17  j.root-servers.net. 221974 IN A 192.58.128.30  k.root-servers.net. 221974 IN A 193.0.14.129  l.root-servers.net. 221974 IN A 199.7.83.42  m.root-servers.net. 221974 IN A 202.12.27.33  a.root-servers.net. 221974 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,54062,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:44.495 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN NS NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=NS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 532 IN NS ns4.infoblox.com.  tme.infoblox.com. 532 IN NS ns7.infoblox.com.  tme.infoblox.com. 532 IN NS ns2.infoblox.com.  tme.infoblox.com. 532 IN NS ns3.infoblox.com.  tme.infoblox.com. 532 IN NS ns8.infoblox.com.""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,61778,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""NS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,5,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,NS,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:44.494 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns4.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns4.infoblox.com. 1149 IN A 12.23.72.166  . 221974 IN NS d.root-servers.net.  . 221974 IN NS a.root-servers.net.  . 221974 IN NS l.root-servers.net.  . 221974 IN NS f.root-servers.net.  . 221974 IN NS j.root-servers.net.  . 221974 IN NS h.root-servers.net.  . 221974 IN NS g.root-servers.net.  . 221974 IN NS e.root-servers.net.  . 221974 IN NS k.root-servers.net.  . 221974 IN NS c.root-servers.net.  . 221974 IN NS m.root-servers.net.  . 221974 IN NS b.root-servers.net.  . 221974 IN NS i.root-servers.net.  a.root-servers.net. 221974 IN A 198.41.0.4  b.root-servers.net. 221974 IN A 199.9.14.201  c.root-servers.net. 221974 IN A 192.33.4.12  d.root-servers.net. 221974 IN A 199.7.91.13  e.root-servers.net. 221974 IN A 192.203.230.10  f.root-servers.net. 221974 IN A 192.5.5.241  g.root-servers.net. 221974 IN A 192.112.36.4  h.root-servers.net. 221974 IN A 198.97.190.53  i.root-servers.net. 221974 IN A 192.36.148.17  j.root-servers.net. 221974 IN A 192.58.128.30  k.root-servers.net. 221974 IN A 193.0.14.129  l.root-servers.net. 221974 IN A 199.7.83.42  m.root-servers.net. 221974 IN A 202.12.27.33  a.root-servers.net. 221974 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,63328,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:43.386 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN NS NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=NS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 532 IN NS ns4.infoblox.com.  tme.infoblox.com. 532 IN NS ns7.infoblox.com.  tme.infoblox.com. 532 IN NS ns2.infoblox.com.  tme.infoblox.com. 532 IN NS ns3.infoblox.com.  tme.infoblox.com. 532 IN NS ns8.infoblox.com.""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,61778,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""NS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,5,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,NS,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:43.386 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns7.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns7.infoblox.com. 194 IN A 3.211.162.1  . 221974 IN NS f.root-servers.net.  . 221974 IN NS m.root-servers.net.  . 221974 IN NS d.root-servers.net.  . 221974 IN NS b.root-servers.net.  . 221974 IN NS c.root-servers.net.  . 221974 IN NS e.root-servers.net.  . 221974 IN NS i.root-servers.net.  . 221974 IN NS a.root-servers.net.  . 221974 IN NS h.root-servers.net.  . 221974 IN NS g.root-servers.net.  . 221974 IN NS j.root-servers.net.  . 221974 IN NS k.root-servers.net.  . 221974 IN NS l.root-servers.net.  a.root-servers.net. 221974 IN A 198.41.0.4  b.root-servers.net. 221974 IN A 199.9.14.201  c.root-servers.net. 221974 IN A 192.33.4.12  d.root-servers.net. 221974 IN A 199.7.91.13  e.root-servers.net. 221974 IN A 192.203.230.10  f.root-servers.net. 221974 IN A 192.5.5.241  g.root-servers.net. 221974 IN A 192.112.36.4  h.root-servers.net. 221974 IN A 198.97.190.53  i.root-servers.net. 221974 IN A 192.36.148.17  j.root-servers.net. 221974 IN A 192.58.128.30  k.root-servers.net. 221974 IN A 193.0.14.129  l.root-servers.net. 221974 IN A 199.7.83.42  m.root-servers.net. 221974 IN A 202.12.27.33  a.root-servers.net. 221974 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,54062,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:43.385 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns4.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns4.infoblox.com. 1149 IN A 12.23.72.166  . 221974 IN NS d.root-servers.net.  . 221974 IN NS a.root-servers.net.  . 221974 IN NS l.root-servers.net.  . 221974 IN NS f.root-servers.net.  . 221974 IN NS j.root-servers.net.  . 221974 IN NS h.root-servers.net.  . 221974 IN NS g.root-servers.net.  . 221974 IN NS e.root-servers.net.  . 221974 IN NS k.root-servers.net.  . 221974 IN NS c.root-servers.net.  . 221974 IN NS m.root-servers.net.  . 221974 IN NS b.root-servers.net.  . 221974 IN NS i.root-servers.net.  a.root-servers.net. 221974 IN A 198.41.0.4  b.root-servers.net. 221974 IN A 199.9.14.201  c.root-servers.net. 221974 IN A 192.33.4.12  d.root-servers.net. 221974 IN A 199.7.91.13  e.root-servers.net. 221974 IN A 192.203.230.10  f.root-servers.net. 221974 IN A 192.5.5.241  g.root-servers.net. 221974 IN A 192.112.36.4  h.root-servers.net. 221974 IN A 198.97.190.53  i.root-servers.net. 221974 IN A 192.36.148.17  j.root-servers.net. 221974 IN A 192.58.128.30  k.root-servers.net. 221974 IN A 193.0.14.129  l.root-servers.net. 221974 IN A 199.7.83.42  m.root-servers.net. 221974 IN A 202.12.27.33  a.root-servers.net. 221974 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,63328,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:35.015 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 10 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 10 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 10 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 10 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 10 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 10 IN AAAA 2001:67c:1562::24  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,42452,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:14.094 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN SOA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=SOA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,sentinel-ep-2.tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 0 IN SOA thens.infoblox.com. dns.infoblox.com. 16 10800 3600 1209600 3600  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,28380,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""SOA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,0,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,SOA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:14.094 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;J5aqktuEZUMQ/0RY2R+HO1a+gSFKaBJM8X6BQ56jvFUQhd0XxkufnJg55VqMqPYusR3FF64kMN3qrCs+Ptj99vH06W6A8j7nWPPpVeroePNnW+SrRDWKZteWaO5c/nh0WTpXEzK3PeY/5A0p8CdqHZJ1Jj52h5rkUODobyzO77o=  . 32768 4096 OPT "";InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,thens.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""thens.infoblox.com. 0 IN A 38.108.181.200  thens.infoblox.com. 0 IN RRSIG A 8 3 3600 20230722185329 20230718181630 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,28380,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""J5aqktuEZUMQ/0RY2R+HO1a+gSFKaBJM8X6BQ56jvFUQhd0XxkufnJg55VqMqPYusR3FF64kMN3qrCs+Ptj99vH06W6A8j7nWPPpVeroePNnW+SrRDWKZteWaO5c/nh0WTpXEzK3PeY/5A0p8CdqHZJ1Jj52h5rkUODobyzO77o"":""  . 32768 4096 OPT \"""",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,"  . 32768 4096 OPT """,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:09.189 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;tO4Mj6/NQSwd6A9Nj0MXjIxjnJKXlX6dRC43YEwDVO6IzJV+Hr18jDAWohf2A9zcjZZxoN8R7zvAkH0iuLHfJA=;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,us-west-1-geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""us-west-1-geo.threatdefense.infoblox.com. 103 IN A 52.119.41.51  us-west-1-geo.threatdefense.infoblox.com. 103 IN RRSIG A 13 4 300 20230719043533 20230719023033 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51648,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:09.189 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 32768 1232 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51648,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101""}",,1,1,dfp,"APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:09.189 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;uQS5KGiPNo2BP9ciFp2qU+XM9uO5lklm2gCcPuKKHher7fsZ7C1uDXlcFVvoD04ksRsvMAkWT+WKPRm7Uj+B2Q=;tO4Mj6/NQSwd6A9Nj0MXjIxjnJKXlX6dRC43YEwDVO6IzJV+Hr18jDAWohf2A9zcjZZxoN8R7zvAkH0iuLHfJA=;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 102 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  geo.threatdefense.infoblox.com. 102 IN RRSIG CNAME 13 4 300 20230719043533 20230719023033 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51648,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,4,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:09.188 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg=  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 50 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 50 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 50 IN A 18.233.189.178  . 32768 4096 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 53 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  csp.infoblox.com. 53 IN RRSIG CNAME 8 3 60 20230723012023 20230719003621 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51648,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg"":""  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 50 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 50 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 50 IN A 18.233.189.178  . 32768 4096 OPT \"""",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,5,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,"  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 50 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 50 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 50 IN A 18.233.189.178  . 32768 4096 OPT """,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:09.188 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 48 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 48 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 48 IN A 18.209.243.220  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51648,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,3,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:34:03.757 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 5 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 5 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 5 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 5 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 5 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 5 IN AAAA 2620:2d:4000:1::2a  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,35788,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:33:23.471 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Windows",,DNS,,client.wns.windows.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""client.wns.windows.com. 3152 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 275 IN A 13.64.180.106  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,49619,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Windows""}",,2,1,remote_client,"APP_Uncategorized,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:32:53.064 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 46 IN A 34.122.121.32  connectivity-check.ubuntu.com. 46 IN A 185.125.190.18  connectivity-check.ubuntu.com. 46 IN A 35.232.111.17  connectivity-check.ubuntu.com. 46 IN A 91.189.91.48  connectivity-check.ubuntu.com. 46 IN A 185.125.190.48  connectivity-check.ubuntu.com. 46 IN A 35.224.170.84  connectivity-check.ubuntu.com. 46 IN A 185.125.190.17  connectivity-check.ubuntu.com. 46 IN A 91.189.91.49  connectivity-check.ubuntu.com. 46 IN A 185.125.190.49  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,48241,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:32:50.031 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,proxyserverecs-1736642167.us-east-1.elb.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""us-east-1.elb.amazonaws.com. 51 IN SOA ns-1119.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,48241,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,0,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:32:50.030 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,proxyserverecs-1736642167.us-east-1.elb.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 16 IN A 3.229.85.40  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 16 IN A 34.193.43.112  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 16 IN A 54.88.103.11  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 16 IN A 3.229.237.11  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,48241,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,4,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:32:50.028 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Online Information Management",,DNS,,spocs.getpocket.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""spocs.getpocket.com. 20 IN CNAME proxyserverecs-1736642167.us-east-1.elb.amazonaws.com.  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 16 IN A 54.88.103.11  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 16 IN A 3.229.237.11  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 16 IN A 3.229.85.40  proxyserverecs-1736642167.us-east-1.elb.amazonaws.com. 16 IN A 34.193.43.112  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,48241,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Online Information Management""}",,5,1,dfp,"APP_Uncategorized,CAT_Online Information Management",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:32:24.648 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_57='\377\377';code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:30.300 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,thetacker.de.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""thetacker.de. 300 IN SOA access.ui-dns.biz. hostmaster.1und1.de. 2016042802 28800 7200 604800 300  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,14198,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,AAAA,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:30.300 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,thetacker.de.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""thetacker.de. 3600 IN A 217.160.223.116  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,14198,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:30.299 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN PTR NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=PTR;InfobloxDNSQFlags=+AEV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,1.0.0.127.in-addr.arpa.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,14198,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""PTR"",""InfobloxDNSQFlags"":""+AEV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,PTR,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:16.736 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,postater.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""postater.com. 3600 IN A 178.128.159.80  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:16.736 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,postater.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""postater.com. 1800 IN SOA ns1.digitalocean.com. hostmaster.postater.com. 1671741955 10800 3600 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,0,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,AAAA,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:16.735 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN PTR NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=PTR;InfobloxDNSQFlags=+AEV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,1.0.0.127.in-addr.arpa.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""PTR"",""InfobloxDNSQFlags"":""+AEV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,PTR,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:12.728 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med",,DNS,,sibir-estate.ru.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""sibir-estate.ru. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med""}",,1,1,remote_client,"APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:12.728 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Real Estate - Other",,DNS,,sibir-estate.ru.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""sibir-estate.ru. 10 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Real Estate - Other""}",,1,1,remote_client,"APP_Uncategorized,CAT_Real Estate - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,AAAA,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:12.655 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Real Estate - Other.sibir-estate.ru.;InfobloxRPZ=CAT_Real Estate - Other;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Real Estate - Other;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med;InfobloxB1ThreatIndicator=sibir-estate.ru;InfobloxB1FeedName=CAT_Real Estate - Other;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,sibir-estate.ru.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite sibir-estate.ru. [A] via CAT_Real Estate - Other.sibir-estate.ru.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Real Estate - Other.sibir-estate.ru."",""InfobloxRPZ"":""CAT_Real Estate - Other"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Real Estate - Other"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med"",""InfobloxB1ThreatIndicator"":""sibir-estate.ru"",""InfobloxB1FeedName"":""CAT_Real Estate - Other"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med",CAT_Real Estate - Other,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,sibir-estate.ru,,,,A,,,Real Estate - Other,,,,,,,,,99986,,,CAT_Real Estate - Other,CAT_Real Estate - Other.sibir-estate.ru.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:12.655 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=CAT_Real Estate - Other.sibir-estate.ru.;InfobloxRPZ=CAT_Real Estate - Other;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Real Estate - Other;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Real Estate - Other;InfobloxB1ThreatIndicator=sibir-estate.ru;InfobloxB1FeedName=CAT_Real Estate - Other;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,sibir-estate.ru.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite sibir-estate.ru. [AAAA] via CAT_Real Estate - Other.sibir-estate.ru.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""CAT_Real Estate - Other.sibir-estate.ru."",""InfobloxRPZ"":""CAT_Real Estate - Other"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Real Estate - Other"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Real Estate - Other"",""InfobloxB1ThreatIndicator"":""sibir-estate.ru"",""InfobloxB1FeedName"":""CAT_Real Estate - Other"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Real Estate - Other",CAT_Real Estate - Other,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,sibir-estate.ru,,,,AAAA,,,Real Estate - Other,,,,,,,,,99986,,,CAT_Real Estate - Other,CAT_Real Estate - Other.sibir-estate.ru.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:10.361 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN PTR NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=PTR;InfobloxDNSQFlags=+AEV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,1.0.0.127.in-addr.arpa.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""PTR"",""InfobloxDNSQFlags"":""+AEV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,PTR,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:06.129 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Architects,CAT_Interior Decorating",,DNS,,stonyfordestate.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""stonyfordestate.com. 10 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Architects,CAT_Interior Decorating""}",,1,1,remote_client,"APP_Uncategorized,CAT_Architects,CAT_Interior Decorating",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,AAAA,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:06.128 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Architects,CAT_Interior Decorating",,DNS,,stonyfordestate.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""stonyfordestate.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Architects,CAT_Interior Decorating""}",,1,1,remote_client,"APP_Uncategorized,CAT_Architects,CAT_Interior Decorating",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:06.128 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN PTR NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=PTR;InfobloxDNSQFlags=+AEV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,1.0.0.127.in-addr.arpa.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""PTR"",""InfobloxDNSQFlags"":""+AEV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,PTR,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:05.533 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Interior Decorating.stonyfordestate.com.;InfobloxRPZ=CAT_Interior Decorating;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Interior Decorating;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Architects,CAT_Interior Decorating;InfobloxB1ThreatIndicator=stonyfordestate.com;InfobloxB1FeedName=CAT_Interior Decorating;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,stonyfordestate.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite stonyfordestate.com. [A] via CAT_Interior Decorating.stonyfordestate.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Interior Decorating.stonyfordestate.com."",""InfobloxRPZ"":""CAT_Interior Decorating"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Interior Decorating"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Architects,CAT_Interior Decorating"",""InfobloxB1ThreatIndicator"":""stonyfordestate.com"",""InfobloxB1FeedName"":""CAT_Interior Decorating"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Architects,CAT_Interior Decorating",CAT_Interior Decorating,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,stonyfordestate.com,,,,A,,,Interior Decorating,,,,,,,,,99986,,,CAT_Interior Decorating,CAT_Interior Decorating.stonyfordestate.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:31:05.533 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=CAT_Interior Decorating.stonyfordestate.com.;InfobloxRPZ=CAT_Interior Decorating;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Interior Decorating;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Architects,CAT_Interior Decorating;InfobloxB1ThreatIndicator=stonyfordestate.com;InfobloxB1FeedName=CAT_Interior Decorating;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,stonyfordestate.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite stonyfordestate.com. [AAAA] via CAT_Interior Decorating.stonyfordestate.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""CAT_Interior Decorating.stonyfordestate.com."",""InfobloxRPZ"":""CAT_Interior Decorating"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Interior Decorating"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Architects,CAT_Interior Decorating"",""InfobloxB1ThreatIndicator"":""stonyfordestate.com"",""InfobloxB1FeedName"":""CAT_Interior Decorating"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Architects,CAT_Interior Decorating",CAT_Interior Decorating,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,stonyfordestate.com,,,,AAAA,,,Interior Decorating,,,,,,,,,99986,,,CAT_Interior Decorating,CAT_Interior Decorating.stonyfordestate.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:30:58.666 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN PTR NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=PTR;InfobloxDNSQFlags=+AEV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,1.0.0.127.in-addr.arpa.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""PTR"",""InfobloxDNSQFlags"":""+AEV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,PTR,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:30:58.666 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains",,DNS,,taco-lot.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""taco-lot.com. 10 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains""}",,1,1,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,AAAA,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:30:58.666 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains",,DNS,,taco-lot.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""taco-lot.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains""}",,1,1,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:30:58.663 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=CAT_Parked & For Sale Domains.taco-lot.com.;InfobloxRPZ=CAT_Parked & For Sale Domains;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Parked & For Sale Domains;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains;InfobloxB1ThreatIndicator=taco-lot.com;InfobloxB1FeedName=CAT_Parked & For Sale Domains;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,taco-lot.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite taco-lot.com. [AAAA] via CAT_Parked & For Sale Domains.taco-lot.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""CAT_Parked & For Sale Domains.taco-lot.com."",""InfobloxRPZ"":""CAT_Parked & For Sale Domains"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Parked & For Sale Domains"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains"",""InfobloxB1ThreatIndicator"":""taco-lot.com"",""InfobloxB1FeedName"":""CAT_Parked & For Sale Domains"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains",CAT_Parked & For Sale Domains,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,taco-lot.com,,,,AAAA,,,Parked & For Sale Domains,,,,,,,,,99986,,,CAT_Parked & For Sale Domains,CAT_Parked & For Sale Domains.taco-lot.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:30:58.662 AM",Infoblox,Data Connector,2.1.3,RPZ-QNAME-REDIRECT,RPZ EVENT QNAME REDIRECT,0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Parked & For Sale Domains.taco-lot.com.;InfobloxRPZ=CAT_Parked & For Sale Domains;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Parked & For Sale Domains;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains;InfobloxB1ThreatIndicator=taco-lot.com;InfobloxB1FeedName=CAT_Parked & For Sale Domains;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,taco-lot.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite taco-lot.com. [A] via CAT_Parked & For Sale Domains.taco-lot.com.""",,,,,,,,,,,,,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,61345,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Parked & For Sale Domains.taco-lot.com."",""InfobloxRPZ"":""CAT_Parked & For Sale Domains"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Parked & For Sale Domains"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains"",""InfobloxB1ThreatIndicator"":""taco-lot.com"",""InfobloxB1FeedName"":""CAT_Parked & For Sale Domains"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,remote_client,"APP_Uncategorized,CAT_Parked & For Sale Domains",CAT_Parked & For Sale Domains,FQDN,BloxOne Endpoint,,,Redirect,Sentinel-Security-Policy,us-west-1,Windows 10 Enterprise,taco-lot.com,,,,A,,,Parked & For Sale Domains,,,,,,,,,99986,,,CAT_Parked & For Sale Domains,CAT_Parked & For Sale Domains.taco-lot.com.,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:30:38.752 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Banking",,DNS,,unitjinbank.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""unitjinbank.com. 300 IN AAAA 2606:4700:3031::6815:122c  unitjinbank.com. 300 IN AAAA 2606:4700:3036::ac43:b460  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,41288,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Banking""}",,2,1,remote_client,"APP_Uncategorized,CAT_Banking",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,AAAA,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:30:38.751 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Banking",,DNS,,unitjinbank.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""unitjinbank.com. 300 IN A 172.67.180.96  unitjinbank.com. 300 IN A 104.21.18.44  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,41288,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Banking""}",,2,1,remote_client,"APP_Uncategorized,CAT_Banking",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:30:38.751 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN PTR NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=PTR;InfobloxDNSQFlags=+AEV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,1.0.0.127.in-addr.arpa.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,41288,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""PTR"",""InfobloxDNSQFlags"":""+AEV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,1,1,remote_client,"APP_Uncategorized,CAT_Uncategorized",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,PTR,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:29:54.937 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:29:19.944 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Diagnostic Data,CAT_Technology - Other",,DNS,,v10.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""v10.events.data.microsoft.com. 93 IN CNAME win-global-asimov-leafs-events-data.trafficmanager.net.  win-global-asimov-leafs-events-data.trafficmanager.net. 54 IN CNAME onedscolprdeus05.eastus.cloudapp.azure.com.  onedscolprdeus05.eastus.cloudapp.azure.com. 2 IN A 20.42.65.85  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,4278,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Microsoft Diagnostic Data,CAT_Technology - Other""}",,3,1,remote_client,"APP_Microsoft Diagnostic Data,CAT_Technology - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:29:18.260 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 234341 IN NS i.root-servers.net.  . 234341 IN NS h.root-servers.net.  . 234341 IN NS e.root-servers.net.  . 234341 IN NS j.root-servers.net.  . 234341 IN NS b.root-servers.net.  . 234341 IN NS c.root-servers.net.  . 234341 IN NS m.root-servers.net.  . 234341 IN NS f.root-servers.net.  . 234341 IN NS d.root-servers.net.  . 234341 IN NS l.root-servers.net.  . 234341 IN NS k.root-servers.net.  . 234341 IN NS a.root-servers.net.  . 234341 IN NS g.root-servers.net.  a.root-servers.net. 234341 IN A 198.41.0.4  b.root-servers.net. 234341 IN A 199.9.14.201  c.root-servers.net. 234341 IN A 192.33.4.12  d.root-servers.net. 234341 IN A 199.7.91.13  e.root-servers.net. 234341 IN A 192.203.230.10  f.root-servers.net. 234341 IN A 192.5.5.241  g.root-servers.net. 234341 IN A 192.112.36.4  h.root-servers.net. 234341 IN A 198.97.190.53  i.root-servers.net. 234341 IN A 192.36.148.17  j.root-servers.net. 234341 IN A 192.58.128.30  k.root-servers.net. 234341 IN A 193.0.14.129  l.root-servers.net. 234341 IN A 199.7.83.42  m.root-servers.net. 234341 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62431,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:29:18.259 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 16 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 16 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 16 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 16 IN A 18.209.243.220  . 234342 IN NS l.root-servers.net.  . 234342 IN NS c.root-servers.net.  . 234342 IN NS g.root-servers.net.  . 234342 IN NS e.root-servers.net.  . 234342 IN NS f.root-servers.net.  . 234342 IN NS b.root-servers.net.  . 234342 IN NS j.root-servers.net.  . 234342 IN NS i.root-servers.net.  . 234342 IN NS d.root-servers.net.  . 234342 IN NS k.root-servers.net.  . 234342 IN NS a.root-servers.net.  . 234342 IN NS m.root-servers.net.  . 234342 IN NS h.root-servers.net.  a.root-servers.net. 234342 IN A 198.41.0.4  b.root-servers.net. 234342 IN A 199.9.14.201  c.root-servers.net. 234342 IN A 192.33.4.12  d.root-servers.net. 234342 IN A 199.7.91.13  e.root-servers.net. 234342 IN A 192.203.230.10  f.root-servers.net. 234342 IN A 192.5.5.241  g.root-servers.net. 234342 IN A 192.112.36.4  h.root-servers.net. 234342 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62429,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,4,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:29:18.259 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 63 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 63 IN A 52.119.41.51  . 234341 IN NS l.root-servers.net.  . 234341 IN NS a.root-servers.net.  . 234341 IN NS h.root-servers.net.  . 234341 IN NS d.root-servers.net.  . 234341 IN NS b.root-servers.net.  . 234341 IN NS c.root-servers.net.  . 234341 IN NS k.root-servers.net.  . 234341 IN NS e.root-servers.net.  . 234341 IN NS i.root-servers.net.  . 234341 IN NS f.root-servers.net.  . 234341 IN NS j.root-servers.net.  . 234341 IN NS g.root-servers.net.  . 234341 IN NS m.root-servers.net.  a.root-servers.net. 234341 IN A 198.41.0.4  b.root-servers.net. 234341 IN A 199.9.14.201  c.root-servers.net. 234341 IN A 192.33.4.12  d.root-servers.net. 234341 IN A 199.7.91.13  e.root-servers.net. 234341 IN A 192.203.230.10  f.root-servers.net. 234341 IN A 192.5.5.241  g.root-servers.net. 234341 IN A 192.112.36.4  h.root-servers.net. 234341 IN A 198.97.190.53  i.root-servers.net. 234341 IN A 192.36.148.17  j.root-servers.net. 234341 IN A 192.58.128.30  k.root-servers.net. 234341 IN A 193.0.14.129  l.root-servers.net. 234341 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62430,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:29:18.142 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 234341 IN NS i.root-servers.net.  . 234341 IN NS h.root-servers.net.  . 234341 IN NS e.root-servers.net.  . 234341 IN NS j.root-servers.net.  . 234341 IN NS b.root-servers.net.  . 234341 IN NS c.root-servers.net.  . 234341 IN NS m.root-servers.net.  . 234341 IN NS f.root-servers.net.  . 234341 IN NS d.root-servers.net.  . 234341 IN NS l.root-servers.net.  . 234341 IN NS k.root-servers.net.  . 234341 IN NS a.root-servers.net.  . 234341 IN NS g.root-servers.net.  a.root-servers.net. 234341 IN A 198.41.0.4  b.root-servers.net. 234341 IN A 199.9.14.201  c.root-servers.net. 234341 IN A 192.33.4.12  d.root-servers.net. 234341 IN A 199.7.91.13  e.root-servers.net. 234341 IN A 192.203.230.10  f.root-servers.net. 234341 IN A 192.5.5.241  g.root-servers.net. 234341 IN A 192.112.36.4  h.root-servers.net. 234341 IN A 198.97.190.53  i.root-servers.net. 234341 IN A 192.36.148.17  j.root-servers.net. 234341 IN A 192.58.128.30  k.root-servers.net. 234341 IN A 193.0.14.129  l.root-servers.net. 234341 IN A 199.7.83.42  m.root-servers.net. 234341 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62431,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:29:18.142 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 16 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 16 IN A 18.233.189.178  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 16 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 16 IN A 18.209.243.220  . 234342 IN NS l.root-servers.net.  . 234342 IN NS c.root-servers.net.  . 234342 IN NS g.root-servers.net.  . 234342 IN NS e.root-servers.net.  . 234342 IN NS f.root-servers.net.  . 234342 IN NS b.root-servers.net.  . 234342 IN NS j.root-servers.net.  . 234342 IN NS i.root-servers.net.  . 234342 IN NS d.root-servers.net.  . 234342 IN NS k.root-servers.net.  . 234342 IN NS a.root-servers.net.  . 234342 IN NS m.root-servers.net.  . 234342 IN NS h.root-servers.net.  a.root-servers.net. 234342 IN A 198.41.0.4  b.root-servers.net. 234342 IN A 199.9.14.201  c.root-servers.net. 234342 IN A 192.33.4.12  d.root-servers.net. 234342 IN A 199.7.91.13  e.root-servers.net. 234342 IN A 192.203.230.10  f.root-servers.net. 234342 IN A 192.5.5.241  g.root-servers.net. 234342 IN A 192.112.36.4  h.root-servers.net. 234342 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62429,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,4,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:29:18.142 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 63 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 63 IN A 52.119.41.51  . 234341 IN NS l.root-servers.net.  . 234341 IN NS a.root-servers.net.  . 234341 IN NS h.root-servers.net.  . 234341 IN NS d.root-servers.net.  . 234341 IN NS b.root-servers.net.  . 234341 IN NS c.root-servers.net.  . 234341 IN NS k.root-servers.net.  . 234341 IN NS e.root-servers.net.  . 234341 IN NS i.root-servers.net.  . 234341 IN NS f.root-servers.net.  . 234341 IN NS j.root-servers.net.  . 234341 IN NS g.root-servers.net.  . 234341 IN NS m.root-servers.net.  a.root-servers.net. 234341 IN A 198.41.0.4  b.root-servers.net. 234341 IN A 199.9.14.201  c.root-servers.net. 234341 IN A 192.33.4.12  d.root-servers.net. 234341 IN A 199.7.91.13  e.root-servers.net. 234341 IN A 192.203.230.10  f.root-servers.net. 234341 IN A 192.5.5.241  g.root-servers.net. 234341 IN A 192.112.36.4  h.root-servers.net. 234341 IN A 198.97.190.53  i.root-servers.net. 234341 IN A 192.36.148.17  j.root-servers.net. 234341 IN A 192.58.128.30  k.root-servers.net. 234341 IN A 193.0.14.129  l.root-servers.net. 234341 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62430,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:29:18.141 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 22 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 22 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 22 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 22 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 22 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 22 IN AAAA 2001:67c:1562::24  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,49466,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:28:34.874 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Office,CAT_Technology - Other",,DNS,,self.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""self.events.data.microsoft.com. 119 IN CNAME self-events-data.trafficmanager.net.  self-events-data.trafficmanager.net. 59 IN CNAME onedscolprdwus10.westus.cloudapp.azure.com.  onedscolprdwus10.westus.cloudapp.azure.com. 0 IN A 20.189.173.11  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,8705,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Microsoft Office,CAT_Technology - Other""}",,3,1,remote_client,"APP_Microsoft Office,CAT_Technology - Other",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:28:33.619 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 13 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 13 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::2b  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,4578,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:28:07.060 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 386 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 546 IN CNAME cds.d2s7q6s2.hwcdn.net.  cds.d2s7q6s2.hwcdn.net. 246 IN A 209.197.3.8  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,45265,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,3,1,remote_client,"APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:28:07.058 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=7;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 3140 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 420 IN CNAME fg.download.windowsupdate.com.c.footprint.net.  fg.download.windowsupdate.com.c.footprint.net. 201 IN A 8.252.192.126  fg.download.windowsupdate.com.c.footprint.net. 201 IN A 8.252.189.126  fg.download.windowsupdate.com.c.footprint.net. 201 IN A 8.252.42.126  fg.download.windowsupdate.com.c.footprint.net. 201 IN A 8.250.197.254  fg.download.windowsupdate.com.c.footprint.net. 201 IN A 8.250.185.254  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,13188,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""7"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,7,1,remote_client,"APP_Microsoft Certificates,APP_Windows Update,CAT_Business Software,CAT_Productivity,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:52.272 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 51 IN A 185.125.190.18  connectivity-check.ubuntu.com. 51 IN A 185.125.190.49  connectivity-check.ubuntu.com. 51 IN A 91.189.91.49  connectivity-check.ubuntu.com. 51 IN A 91.189.91.48  connectivity-check.ubuntu.com. 51 IN A 35.224.170.84  connectivity-check.ubuntu.com. 51 IN A 35.232.111.17  connectivity-check.ubuntu.com. 51 IN A 185.125.190.17  connectivity-check.ubuntu.com. 51 IN A 34.122.121.32  connectivity-check.ubuntu.com. 51 IN A 185.125.190.48  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,35314,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:47.369 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Shareware & Freeware",,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""services.mozilla.com. 120 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,35314,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Shareware & Freeware""}",,0,1,dfp,"APP_Uncategorized,CAT_Shareware & Freeware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:47.369 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Shareware & Freeware",,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""contile.services.mozilla.com. 445 IN A 34.117.237.239  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,35314,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Shareware & Freeware""}",,1,1,dfp,"APP_Uncategorized,CAT_Shareware & Freeware",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:44.269 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=6;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,v10.events.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""v10.events.data.microsoft.com. 4 IN CNAME win-global-asimov-leafs-events-data.trafficmanager.net.  win-global-asimov-leafs-events-data.trafficmanager.net. 5 IN CNAME onedscolprdwus05.westus.cloudapp.azure.com.  onedscolprdwus05.westus.cloudapp.azure.com. 3 IN A 20.189.173.6  . 232481 IN NS k.root-servers.net.  . 232481 IN NS j.root-servers.net.  . 232481 IN NS i.root-servers.net.  . 232481 IN NS f.root-servers.net.  . 232481 IN NS g.root-servers.net.  . 232481 IN NS d.root-servers.net.  . 232481 IN NS a.root-servers.net.  . 232481 IN NS b.root-servers.net.  . 232481 IN NS e.root-servers.net.  . 232481 IN NS h.root-servers.net.  . 232481 IN NS m.root-servers.net.  . 232481 IN NS l.root-servers.net.  . 232481 IN NS c.root-servers.net.  a.root-servers.net. 232481 IN A 198.41.0.4  b.root-servers.net. 232481 IN A 199.9.14.201  c.root-servers.net. 232481 IN A 192.33.4.12  d.root-servers.net. 232481 IN A 199.7.91.13  e.root-servers.net. 232481 IN A 192.203.230.10  f.root-servers.net. 232481 IN A 192.5.5.241""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,63436,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""6"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,6,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:43.360 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 51 IN A 91.189.91.49  connectivity-check.ubuntu.com. 51 IN A 35.224.170.84  connectivity-check.ubuntu.com. 51 IN A 34.122.121.32  connectivity-check.ubuntu.com. 51 IN A 185.125.190.48  connectivity-check.ubuntu.com. 51 IN A 91.189.91.48  connectivity-check.ubuntu.com. 51 IN A 185.125.190.17  connectivity-check.ubuntu.com. 51 IN A 35.232.111.17  connectivity-check.ubuntu.com. 51 IN A 185.125.190.18  connectivity-check.ubuntu.com. 51 IN A 185.125.190.49  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,52993,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:43.360 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""contile.services.mozilla.com. 445 IN A 34.117.237.239  . 222392 IN NS g.root-servers.net.  . 222392 IN NS d.root-servers.net.  . 222392 IN NS b.root-servers.net.  . 222392 IN NS h.root-servers.net.  . 222392 IN NS j.root-servers.net.  . 222392 IN NS c.root-servers.net.  . 222392 IN NS m.root-servers.net.  . 222392 IN NS e.root-servers.net.  . 222392 IN NS a.root-servers.net.  . 222392 IN NS l.root-servers.net.  . 222392 IN NS i.root-servers.net.  . 222392 IN NS f.root-servers.net.  . 222392 IN NS k.root-servers.net.  a.root-servers.net. 222392 IN A 198.41.0.4  b.root-servers.net. 222392 IN A 199.9.14.201  c.root-servers.net. 222392 IN A 192.33.4.12  d.root-servers.net. 222392 IN A 199.7.91.13  e.root-servers.net. 222392 IN A 192.203.230.10  f.root-servers.net. 222392 IN A 192.5.5.241  g.root-servers.net. 222392 IN A 192.112.36.4  h.root-servers.net. 222392 IN A 198.97.190.53  i.root-servers.net. 222392 IN A 192.36.148.17  j.root-servers.net. 222392 IN A 192.58.128.30  k.root-servers.net. 222392 IN A 193.0.14.129  l.root-servers.net. 222392 IN A 199.7.83.42  m.root-servers.net. 222392 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,58826,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:43.359 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,contile.services.mozilla.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""services.mozilla.com. 120 IN SOA ns-679.awsdns-20.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,49428,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,0,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,1,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:37.641 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 142 IN A 5.78.71.97  pool.ntp.org. 142 IN A 99.119.214.210  pool.ntp.org. 142 IN A 73.61.36.59  pool.ntp.org. 142 IN A 208.113.130.146  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,44170,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:34.089 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 142 IN A 162.159.200.1  pool.ntp.org. 142 IN A 108.61.56.35  pool.ntp.org. 142 IN A 108.61.73.243  pool.ntp.org. 142 IN A 51.81.226.229  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,20190,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:32.276 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 35 IN A 216.229.0.50  pool.ntp.org. 35 IN A 204.93.207.12  pool.ntp.org. 35 IN A 45.79.51.42  pool.ntp.org. 35 IN A 194.116.227.255  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,59185,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:31.665 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 16 IN A 108.61.56.35  pool.ntp.org. 16 IN A 162.159.200.1  pool.ntp.org. 16 IN A 129.250.35.251  pool.ntp.org. 16 IN A 108.61.73.244  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,22674,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:27:24.696 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:26:04.781 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 15 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 15 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::2a  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,35979,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:25:10.580 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 232 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 205 IN A 52.119.41.51  . 223889 IN NS k.root-servers.net.  . 223889 IN NS c.root-servers.net.  . 223889 IN NS m.root-servers.net.  . 223889 IN NS e.root-servers.net.  . 223889 IN NS l.root-servers.net.  . 223889 IN NS a.root-servers.net.  . 223889 IN NS g.root-servers.net.  . 223889 IN NS i.root-servers.net.  . 223889 IN NS j.root-servers.net.  . 223889 IN NS f.root-servers.net.  . 223889 IN NS d.root-servers.net.  . 223889 IN NS b.root-servers.net.  . 223889 IN NS h.root-servers.net.  a.root-servers.net. 223889 IN A 198.41.0.4  b.root-servers.net. 223889 IN A 199.9.14.201  c.root-servers.net. 223889 IN A 192.33.4.12  d.root-servers.net. 223889 IN A 199.7.91.13  e.root-servers.net. 223889 IN A 192.203.230.10  f.root-servers.net. 223889 IN A 192.5.5.241  g.root-servers.net. 223889 IN A 192.112.36.4  h.root-servers.net. 223889 IN A 198.97.190.53  i.root-servers.net. 223889 IN A 192.36.148.17  j.root-servers.net. 223889 IN A 192.58.128.30  k.root-servers.net. 223889 IN A 193.0.14.129  l.root-servers.net. 223889 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50745,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:25:10.580 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 223889 IN NS e.root-servers.net.  . 223889 IN NS h.root-servers.net.  . 223889 IN NS l.root-servers.net.  . 223889 IN NS f.root-servers.net.  . 223889 IN NS b.root-servers.net.  . 223889 IN NS c.root-servers.net.  . 223889 IN NS m.root-servers.net.  . 223889 IN NS a.root-servers.net.  . 223889 IN NS k.root-servers.net.  . 223889 IN NS d.root-servers.net.  . 223889 IN NS i.root-servers.net.  . 223889 IN NS j.root-servers.net.  . 223889 IN NS g.root-servers.net.  a.root-servers.net. 223889 IN A 198.41.0.4  b.root-servers.net. 223889 IN A 199.9.14.201  c.root-servers.net. 223889 IN A 192.33.4.12  d.root-servers.net. 223889 IN A 199.7.91.13  e.root-servers.net. 223889 IN A 192.203.230.10  f.root-servers.net. 223889 IN A 192.5.5.241  g.root-servers.net. 223889 IN A 192.112.36.4  h.root-servers.net. 223889 IN A 198.97.190.53  i.root-servers.net. 223889 IN A 192.36.148.17  j.root-servers.net. 223889 IN A 192.58.128.30  k.root-servers.net. 223889 IN A 193.0.14.129  l.root-servers.net. 223889 IN A 199.7.83.42  m.root-servers.net. 223889 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50746,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:25:10.580 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 9 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 11 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 11 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 11 IN A 18.233.189.178  . 223889 IN NS e.root-servers.net.  . 223889 IN NS b.root-servers.net.  . 223889 IN NS f.root-servers.net.  . 223889 IN NS l.root-servers.net.  . 223889 IN NS h.root-servers.net.  . 223889 IN NS j.root-servers.net.  . 223889 IN NS c.root-servers.net.  . 223889 IN NS a.root-servers.net.  . 223889 IN NS d.root-servers.net.  . 223889 IN NS g.root-servers.net.  . 223889 IN NS k.root-servers.net.  . 223889 IN NS i.root-servers.net.  . 223889 IN NS m.root-servers.net.  a.root-servers.net. 223889 IN A 198.41.0.4  b.root-servers.net. 223889 IN A 199.9.14.201  c.root-servers.net. 223889 IN A 192.33.4.12  d.root-servers.net. 223889 IN A 199.7.91.13  e.root-servers.net. 223889 IN A 192.203.230.10  f.root-servers.net. 223889 IN A 192.5.5.241  g.root-servers.net. 223889 IN A 192.112.36.4  h.root-servers.net. 223889 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50744,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,4,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:25:10.367 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 21 IN A 34.122.121.32  connectivity-check.ubuntu.com. 21 IN A 91.189.91.48  connectivity-check.ubuntu.com. 21 IN A 91.189.91.49  connectivity-check.ubuntu.com. 21 IN A 35.224.170.84  connectivity-check.ubuntu.com. 21 IN A 185.125.190.48  connectivity-check.ubuntu.com. 21 IN A 35.232.111.17  connectivity-check.ubuntu.com. 21 IN A 185.125.190.18  connectivity-check.ubuntu.com. 21 IN A 185.125.190.17  connectivity-check.ubuntu.com. 21 IN A 185.125.190.49  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,46384,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:25:10.367 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=13;InfobloxArCount=12;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 232 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  us-west-1-geo.threatdefense.infoblox.com. 205 IN A 52.119.41.51  . 223889 IN NS k.root-servers.net.  . 223889 IN NS c.root-servers.net.  . 223889 IN NS m.root-servers.net.  . 223889 IN NS e.root-servers.net.  . 223889 IN NS l.root-servers.net.  . 223889 IN NS a.root-servers.net.  . 223889 IN NS g.root-servers.net.  . 223889 IN NS i.root-servers.net.  . 223889 IN NS j.root-servers.net.  . 223889 IN NS f.root-servers.net.  . 223889 IN NS d.root-servers.net.  . 223889 IN NS b.root-servers.net.  . 223889 IN NS h.root-servers.net.  a.root-servers.net. 223889 IN A 198.41.0.4  b.root-servers.net. 223889 IN A 199.9.14.201  c.root-servers.net. 223889 IN A 192.33.4.12  d.root-servers.net. 223889 IN A 199.7.91.13  e.root-servers.net. 223889 IN A 192.203.230.10  f.root-servers.net. 223889 IN A 192.5.5.241  g.root-servers.net. 223889 IN A 192.112.36.4  h.root-servers.net. 223889 IN A 198.97.190.53  i.root-servers.net. 223889 IN A 192.36.148.17  j.root-servers.net. 223889 IN A 192.58.128.30  k.root-servers.net. 223889 IN A 193.0.14.129  l.root-servers.net. 223889 IN A 199.7.83.42""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50745,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""12"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,2,12,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:25:10.366 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=13;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 223889 IN NS e.root-servers.net.  . 223889 IN NS h.root-servers.net.  . 223889 IN NS l.root-servers.net.  . 223889 IN NS f.root-servers.net.  . 223889 IN NS b.root-servers.net.  . 223889 IN NS c.root-servers.net.  . 223889 IN NS m.root-servers.net.  . 223889 IN NS a.root-servers.net.  . 223889 IN NS k.root-servers.net.  . 223889 IN NS d.root-servers.net.  . 223889 IN NS i.root-servers.net.  . 223889 IN NS j.root-servers.net.  . 223889 IN NS g.root-servers.net.  a.root-servers.net. 223889 IN A 198.41.0.4  b.root-servers.net. 223889 IN A 199.9.14.201  c.root-servers.net. 223889 IN A 192.33.4.12  d.root-servers.net. 223889 IN A 199.7.91.13  e.root-servers.net. 223889 IN A 192.203.230.10  f.root-servers.net. 223889 IN A 192.5.5.241  g.root-servers.net. 223889 IN A 192.112.36.4  h.root-servers.net. 223889 IN A 198.97.190.53  i.root-servers.net. 223889 IN A 192.36.148.17  j.root-servers.net. 223889 IN A 192.58.128.30  k.root-servers.net. 223889 IN A 193.0.14.129  l.root-servers.net. 223889 IN A 199.7.83.42  m.root-servers.net. 223889 IN A 202.12.27.33""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50746,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""13"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,13,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:25:10.366 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=13;InfobloxArCount=8;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 9 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 11 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 11 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 11 IN A 18.233.189.178  . 223889 IN NS e.root-servers.net.  . 223889 IN NS b.root-servers.net.  . 223889 IN NS f.root-servers.net.  . 223889 IN NS l.root-servers.net.  . 223889 IN NS h.root-servers.net.  . 223889 IN NS j.root-servers.net.  . 223889 IN NS c.root-servers.net.  . 223889 IN NS a.root-servers.net.  . 223889 IN NS d.root-servers.net.  . 223889 IN NS g.root-servers.net.  . 223889 IN NS k.root-servers.net.  . 223889 IN NS i.root-servers.net.  . 223889 IN NS m.root-servers.net.  a.root-servers.net. 223889 IN A 198.41.0.4  b.root-servers.net. 223889 IN A 199.9.14.201  c.root-servers.net. 223889 IN A 192.33.4.12  d.root-servers.net. 223889 IN A 199.7.91.13  e.root-servers.net. 223889 IN A 192.203.230.10  f.root-servers.net. 223889 IN A 192.5.5.241  g.root-servers.net. 223889 IN A 192.112.36.4  h.root-servers.net. 223889 IN A 198.97.190.53""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50744,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""8"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,4,8,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:24:54.707 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:24:11.827 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=7;InfobloxNsCount=13;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 152 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 135 IN CNAME wu.azureedge.net.  wu.azureedge.net. 172 IN CNAME wu.ec.azureedge.net.  wu.ec.azureedge.net. 134 IN CNAME bg.apr-52dd2-0503.edgecastdns.net.  bg.apr-52dd2-0503.edgecastdns.net. 129 IN CNAME hlb.apr-52dd2-0.edgecastdns.net.  hlb.apr-52dd2-0.edgecastdns.net. 206 IN CNAME cs11.wpc.v0cdn.net.  cs11.wpc.v0cdn.net. 1837 IN A 72.21.81.240  . 246031 IN NS i.root-servers.net.  . 246031 IN NS b.root-servers.net.  . 246031 IN NS g.root-servers.net.  . 246031 IN NS f.root-servers.net.  . 246031 IN NS h.root-servers.net.  . 246031 IN NS j.root-servers.net.  . 246031 IN NS k.root-servers.net.  . 246031 IN NS e.root-servers.net.  . 246031 IN NS c.root-servers.net.  . 246031 IN NS d.root-servers.net.  . 246031 IN NS a.root-servers.net.  . 246031 IN NS l.root-servers.net.  . 246031 IN NS m.root-servers.net.""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,62358,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""7"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,7,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:23:35.883 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 13 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 13 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 13 IN AAAA 2001:67c:1562::24  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,34806,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:23:32.068 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;bqDFbPjR8Qe3n2HXEm1/uVgNJxTM5yoqkU/ggaoKuOcM1e+oDPbRab5RoEcoPF1BHDeOOivzkZHr47YVxnF9kQ=;op/L/pAE/jgkKpXnf0Y8Q+xPQ7mLdU5AFWMtFfy5RNst0Y2IeAsXcfWRD5Gz41YlerzbsTAHiWek62ZHp3Lzww=;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""geo.threatdefense.infoblox.com. 185 IN CNAME us-west-1-geo.threatdefense.infoblox.com.  geo.threatdefense.infoblox.com. 185 IN RRSIG CNAME 13 4 300 20230719042621 20230719022121 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,34806,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,4,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:23:32.068 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN TXT NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=TXT;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,DNS,,probe.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""probe.infoblox.com. 10 IN TXT \""ABYZX9GLUYQUVWDQZIECEGAFF3NC89ZE\""  . 32768 1232 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,34806,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""TXT"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101""}",,1,1,dfp,"APP_Uncategorized,CAT_Business Software,CAT_Information Security,LIST_PROBE_209101",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,TXT,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:23:32.068 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;7tGcq8B6LwWkfWma9qnY6SR4bcfM/Mcof4wwLPgrH1QRgk5z3fLluqG0bzQipdqje5o3zzxtbravhefhlAfctg=;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,us-west-1-geo.threatdefense.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""us-west-1-geo.threatdefense.infoblox.com. 153 IN A 52.119.41.51  us-west-1-geo.threatdefense.infoblox.com. 153 IN RRSIG A 13 4 300 20230719042549 20230719022049 36142 threatdefense.infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,34806,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,2,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:23:32.068 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.233.189.178  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,34806,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,3,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:23:32.067 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg=  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.233.189.178  . 32768 4096 OPT "";InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,csp.infoblox.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""csp.infoblox.com. 43 IN CNAME wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com.  csp.infoblox.com. 43 IN RRSIG CNAME 8 3 60 20230723012023 20230719003621 3870 infoblox.com.",,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,34806,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg"":""  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.233.189.178  . 32768 4096 OPT \"""",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)""}",,5,1,dfp,,,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,"  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.209.243.220  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.235.149.1  wl-prd-1-CSP-NLB-264a749130f6d932.elb.us-east-1.amazonaws.com. 43 IN A 18.233.189.178  . 32768 4096 OPT """,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:23:17.171 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Windows",,DNS,,client.wns.windows.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""client.wns.windows.com. 2678 IN CNAME wns.notify.trafficmanager.net.  wns.notify.trafficmanager.net. 98 IN A 13.64.180.106  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,63883,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Windows""}",,2,1,remote_client,"APP_Uncategorized,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:22:54.186 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 59 IN A 34.122.121.32  connectivity-check.ubuntu.com. 59 IN A 185.125.190.48  connectivity-check.ubuntu.com. 59 IN A 185.125.190.18  connectivity-check.ubuntu.com. 59 IN A 185.125.190.49  connectivity-check.ubuntu.com. 59 IN A 185.125.190.17  connectivity-check.ubuntu.com. 59 IN A 35.232.111.17  connectivity-check.ubuntu.com. 59 IN A 35.224.170.84  connectivity-check.ubuntu.com. 59 IN A 91.189.91.48  connectivity-check.ubuntu.com. 59 IN A 91.189.91.49  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,40388,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:22:50.798 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable",,DNS,,prod.pocket.prod.cloudops.mozgcp.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""prod.pocket.prod.cloudops.mozgcp.net. 414 IN AAAA 2600:1901:0:524c::  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,40388,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable""}",,1,1,dfp,"APP_Uncategorized,CAT_Unreachable",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:22:50.798 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable",,DNS,,prod.pocket.prod.cloudops.mozgcp.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""prod.pocket.prod.cloudops.mozgcp.net. 651 IN A 34.120.5.221  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,40388,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable""}",,1,1,dfp,"APP_Uncategorized,CAT_Unreachable",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:22:50.798 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Unreachable",,DNS,,getpocket-cdn.prod.mozaws.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""getpocket-cdn.prod.mozaws.net. 50 IN CNAME prod.pocket.prod.cloudops.mozgcp.net.  prod.pocket.prod.cloudops.mozgcp.net. 651 IN A 34.120.5.221  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,40388,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Unreachable""}",,2,1,dfp,"APP_Uncategorized,CAT_Unreachable",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:22:50.795 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Technology - Other",,DNS,,getpocket.cdn.mozilla.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""getpocket.cdn.mozilla.net. 45 IN CNAME getpocket-cdn.prod.mozaws.net.  getpocket-cdn.prod.mozaws.net. 285 IN CNAME prod.pocket.prod.cloudops.mozgcp.net.  prod.pocket.prod.cloudops.mozgcp.net. 885 IN A 34.120.5.221  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,40388,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Technology - Other""}",,3,1,dfp,"APP_Uncategorized,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:22:24.858 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:21:09.617 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=7;InfobloxNsCount=13;InfobloxArCount=4;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ctldl.windowsupdate.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ctldl.windowsupdate.com. 159 IN CNAME wu-bg-shim.trafficmanager.net.  wu-bg-shim.trafficmanager.net. 172 IN CNAME fg.download.windowsupdate.com.c.footprint.net.  fg.download.windowsupdate.com.c.footprint.net. 77 IN A 8.247.116.254  fg.download.windowsupdate.com.c.footprint.net. 77 IN A 8.252.190.126  fg.download.windowsupdate.com.c.footprint.net. 77 IN A 8.252.191.254  fg.download.windowsupdate.com.c.footprint.net. 77 IN A 8.252.41.254  fg.download.windowsupdate.com.c.footprint.net. 77 IN A 8.252.188.126  . 236741 IN NS j.root-servers.net.  . 236741 IN NS k.root-servers.net.  . 236741 IN NS g.root-servers.net.  . 236741 IN NS c.root-servers.net.  . 236741 IN NS b.root-servers.net.  . 236741 IN NS d.root-servers.net.  . 236741 IN NS i.root-servers.net.  . 236741 IN NS e.root-servers.net.  . 236741 IN NS l.root-servers.net.  . 236741 IN NS h.root-servers.net.  . 236741 IN NS a.root-servers.net.  . 236741 IN NS m.root-servers.net.  . 236741 IN NS f.root-servers.net.  a.root-servers.net. 236741 IN A 198.41.0.4  b.root-servers.net. 236741 IN A 199.9.14.201  c.root-servers.net. 236741 IN A 192.33.4.12  d.root-servers.net. 236741 IN A 199.7.91.13""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,51484,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""7"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""4"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,7,4,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:21:09.616 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 42 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 42 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 42 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 42 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 42 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 42 IN AAAA 2620:2d:4000:1::2b  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,48342,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:20:15.087 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=13;InfobloxArCount=9;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,x1.c.lencr.org.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""x1.c.lencr.org. 16 IN CNAME crl.root-x1.letsencrypt.org.edgekey.net.  crl.root-x1.letsencrypt.org.edgekey.net. 16 IN CNAME e8652.dscx.akamaiedge.net.  e8652.dscx.akamaiedge.net. 18 IN A 23.63.36.125  . 234637 IN NS d.root-servers.net.  . 234637 IN NS c.root-servers.net.  . 234637 IN NS h.root-servers.net.  . 234637 IN NS e.root-servers.net.  . 234637 IN NS l.root-servers.net.  . 234637 IN NS k.root-servers.net.  . 234637 IN NS i.root-servers.net.  . 234637 IN NS g.root-servers.net.  . 234637 IN NS j.root-servers.net.  . 234637 IN NS f.root-servers.net.  . 234637 IN NS a.root-servers.net.  . 234637 IN NS m.root-servers.net.  . 234637 IN NS b.root-servers.net.  a.root-servers.net. 234637 IN A 198.41.0.4  b.root-servers.net. 234637 IN A 199.9.14.201  c.root-servers.net. 234637 IN A 192.33.4.12  d.root-servers.net. 234637 IN A 199.7.91.13  e.root-servers.net. 234637 IN A 192.203.230.10  f.root-servers.net. 234637 IN A 192.5.5.241  g.root-servers.net. 234637 IN A 192.112.36.4  h.root-servers.net. 234637 IN A 198.97.190.53  i.root-servers.net. 234637 IN A 192.36.148.17""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50158,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""9"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,3,9,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:20:08.983 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Azure Cloud Services,CAT_Content Server",,DNS,,atm-settingsfe-prod-geo2.trafficmanager.net.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""atm-settingsfe-prod-geo2.trafficmanager.net. 55 IN CNAME settings-prod-sea-2.southeastasia.cloudapp.azure.com.  settings-prod-sea-2.southeastasia.cloudapp.azure.com. 5 IN A 40.119.249.228  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,41570,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Azure Cloud Services,CAT_Content Server""}",,2,1,dfp,"APP_Azure Cloud Services,CAT_Content Server",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:20:08.983 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Azure Cloud Services,CAT_Technology - Other",,DNS,,settings-prod-sea-2.southeastasia.cloudapp.azure.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""settings-prod-sea-2.southeastasia.cloudapp.azure.com. 5 IN A 40.119.249.228  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,41570,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Azure Cloud Services,CAT_Technology - Other""}",,1,1,dfp,"APP_Azure Cloud Services,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:20:08.982 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Microsoft Settings,CAT_Technology - Other",,DNS,,settings-win.data.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""settings-win.data.microsoft.com. 3199 IN CNAME atm-settingsfe-prod-geo2.trafficmanager.net.  atm-settingsfe-prod-geo2.trafficmanager.net. 59 IN CNAME settings-prod-cin-2.centralindia.cloudapp.azure.com.  settings-prod-cin-2.centralindia.cloudapp.azure.com. 9 IN A 13.71.55.58  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,41570,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Microsoft Settings,CAT_Technology - Other""}",,3,1,dfp,"APP_Microsoft Settings,CAT_Technology - Other",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:19:54.678 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021';code_57='\377\377';code_61='\001\000PV\013\017\025',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:19:52.929 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 16 IN A 91.189.91.49  connectivity-check.ubuntu.com. 16 IN A 185.125.190.49  connectivity-check.ubuntu.com. 16 IN A 35.232.111.17  connectivity-check.ubuntu.com. 16 IN A 34.122.121.32  connectivity-check.ubuntu.com. 16 IN A 185.125.190.18  connectivity-check.ubuntu.com. 16 IN A 35.224.170.84  connectivity-check.ubuntu.com. 16 IN A 185.125.190.48  connectivity-check.ubuntu.com. 16 IN A 185.125.190.17  connectivity-check.ubuntu.com. 16 IN A 91.189.91.48  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,46347,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:19:28.375 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 20 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 20 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 20 IN AAAA 2620:2d:4000:1::22  connectivity-check.ubuntu.com. 20 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 20 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 20 IN AAAA 2620:2d:4000:1::2b  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,46177,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,6,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:19:27.598 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,tile-service.weather.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""tile-service.weather.microsoft.com. 2482 IN CNAME wildcard.weather.microsoft.com.edgekey.net.  wildcard.weather.microsoft.com.edgekey.net. 809 IN CNAME e15275.g.akamaiedge.net.  e15275.g.akamaiedge.net. 14 IN A 104.127.91.249  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,23787,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,3,1,remote_client,"APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:19:26.412 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=3;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows",,DNS,,tile-service.weather.microsoft.com.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""tile-service.weather.microsoft.com. 2048 IN CNAME wildcard.weather.microsoft.com.edgekey.net.  wildcard.weather.microsoft.com.edgekey.net. 588 IN CNAME e15275.g.akamaiedge.net.  e15275.g.akamaiedge.net. 11 IN A 104.127.91.249  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,30291,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""3"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows""}",,3,1,remote_client,"APP_Weather app,CAT_Business Software,CAT_Productivity,CAT_Windows",,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:19:20.453 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 17 IN A 35.224.170.84  connectivity-check.ubuntu.com. 17 IN A 185.125.190.17  connectivity-check.ubuntu.com. 17 IN A 34.122.121.32  connectivity-check.ubuntu.com. 17 IN A 185.125.190.48  connectivity-check.ubuntu.com. 17 IN A 91.189.91.48  connectivity-check.ubuntu.com. 17 IN A 35.232.111.17  connectivity-check.ubuntu.com. 17 IN A 91.189.91.49  connectivity-check.ubuntu.com. 17 IN A 185.125.190.18  connectivity-check.ubuntu.com. 17 IN A 185.125.190.49  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,49807,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:18:33.607 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN AAAA NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=6;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 15 IN AAAA 2001:67c:1562::24  connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::2a  connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::2b  connectivity-check.ubuntu.com. 15 IN AAAA 2001:67c:1562::23  connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::23  connectivity-check.ubuntu.com. 15 IN AAAA 2620:2d:4000:1::22  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,63728,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""6"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,6,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,AAAA,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:55.001 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,"InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=dfp;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=Sentinel-Demo-DNS+DFP+DHCP (DFP);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Linux",,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 6 IN A 185.125.190.18  connectivity-check.ubuntu.com. 6 IN A 91.189.91.49  connectivity-check.ubuntu.com. 6 IN A 91.189.91.48  connectivity-check.ubuntu.com. 6 IN A 185.125.190.49  connectivity-check.ubuntu.com. 6 IN A 185.125.190.17  connectivity-check.ubuntu.com. 6 IN A 34.122.121.32  connectivity-check.ubuntu.com. 6 IN A 35.232.111.17  connectivity-check.ubuntu.com. 6 IN A 35.224.170.84  connectivity-check.ubuntu.com. 6 IN A 185.125.190.48  . 32768 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,9501,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""dfp"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""Sentinel-Demo-DNS+DFP+DHCP (DFP)"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Linux""}",,9,1,dfp,"APP_Uncategorized,CAT_Linux",,,Sentinel-Demo-DNS+DFP+DHCP (DFP),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,us-west-1,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:43.229 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 6 IN A 35.224.170.84  connectivity-check.ubuntu.com. 6 IN A 91.189.91.49  connectivity-check.ubuntu.com. 6 IN A 91.189.91.48  connectivity-check.ubuntu.com. 6 IN A 34.122.121.32  connectivity-check.ubuntu.com. 6 IN A 35.232.111.17  connectivity-check.ubuntu.com. 6 IN A 185.125.190.49  connectivity-check.ubuntu.com. 6 IN A 185.125.190.48  connectivity-check.ubuntu.com. 6 IN A 185.125.190.17  connectivity-check.ubuntu.com. 6 IN A 185.125.190.18  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,58411,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:30.350 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 109 IN A 12.167.151.1  pool.ntp.org. 109 IN A 207.244.103.95  pool.ntp.org. 109 IN A 45.84.199.136  pool.ntp.org. 109 IN A 162.159.200.1  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,14951,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:30.350 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 109 IN A 45.84.199.136  pool.ntp.org. 109 IN A 162.159.200.1  pool.ntp.org. 109 IN A 12.167.151.1  pool.ntp.org. 109 IN A 207.244.103.95  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,36367,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:24.719 AM",Infoblox,Data Connector,2.1.3,DHCP-LEASE-UPDATE,DHCP Lease Update,1,,InfobloxHost=Sentinel-Demo-CDC;InfobloxIPSpace=ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558;InfobloxSubnet=192.168.1.0/24;InfobloxRangeStart=192.168.1.101;InfobloxRangeEnd=192.168.1.110;InfobloxLeaseOp=Update;InfobloxClientID=01:00:50:56:0b:0f:15;InfobloxDUID=;InfobloxLifetime=300;InfobloxLeaseUUID=996854be-27ab-11ec-a802-7270aef5e23e;InfobloxFingerprintPr=true;InfobloxFingerprint=Generic Linux OS;InfobloxDHCPOptions=;code_57='\377\377';code_61='\001\000PV\013\017\025';code_12='dhcp-virtual-machine';code_53='\003';code_55='\001\002\006\014\017\032\034y\003!()*w\371\374\021',,DHCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dhcp-virtual-machine,00:50:56:0b:0f:15,,,,,,,,,,192.168.1.106,,,,,"""DHCP Lease Update""",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxHost"":""Sentinel-Demo-CDC"",""InfobloxIPSpace"":""ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558"",""InfobloxSubnet"":""192.168.1.0/24"",""InfobloxRangeStart"":""192.168.1.101"",""InfobloxRangeEnd"":""192.168.1.110"",""InfobloxLeaseOp"":""Update"",""InfobloxClientID"":""01:00:50:56:0b:0f:15"",""InfobloxLifetime"":""300"",""InfobloxLeaseUUID"":""996854be-27ab-11ec-a802-7270aef5e23e"",""InfobloxFingerprintPr"":""true"",""InfobloxFingerprint"":""Generic Linux OS""}",,,,,,,,,,,,,,,,01:00:50:56:0b:0f:15,,,,,,,Generic Linux OS,TRUE,Sentinel-Demo-CDC,ipam/ip_space/a08f6046-27a6-11ec-83fd-eecc769f4558,Update,996854be-27ab-11ec-a802-7270aef5e23e,300,,,192.168.1.110,192.168.1.101,,,192.168.1.0/24,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:18.474 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 42 IN A 108.61.23.93  pool.ntp.org. 42 IN A 142.147.88.111  pool.ntp.org. 42 IN A 108.61.73.244  pool.ntp.org. 42 IN A 5.78.62.36  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,11108,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:18.283 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=4;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,pool.ntp.org.,,,,,,,,,,,,,,,,,,,,,,,,,208.50.179.13,Sentinel-Win-Main2,,,,,,,,,,,,,,,,"""pool.ntp.org. 82 IN A 162.159.200.123  pool.ntp.org. 82 IN A 142.202.190.19  pool.ntp.org. 82 IN A 73.239.145.47  pool.ntp.org. 82 IN A 64.142.54.12  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,00:50:56:01:13:0f,,,,,,,,,3725,208.50.179.13,,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""4"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,4,1,remote_client,,,,BloxOne Endpoint,,,,,us-west-1,Windows 10 Enterprise,,,IN,#NAME?,A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:15.693 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=9;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,connectivity-check.ubuntu.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.106,192.168.1.106,,,,,,,,,,,,,,,,"""connectivity-check.ubuntu.com. 42 IN A 185.125.190.49  connectivity-check.ubuntu.com. 42 IN A 91.189.91.48  connectivity-check.ubuntu.com. 42 IN A 185.125.190.17  connectivity-check.ubuntu.com. 42 IN A 35.232.111.17  connectivity-check.ubuntu.com. 42 IN A 185.125.190.18  connectivity-check.ubuntu.com. 42 IN A 185.125.190.48  connectivity-check.ubuntu.com. 42 IN A 34.122.121.32  connectivity-check.ubuntu.com. 42 IN A 35.224.170.84  connectivity-check.ubuntu.com. 42 IN A 91.189.91.49  . 0 1232 OPT """,,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:15,,,,,,,,,59737,192.168.1.106,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""9"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,9,1,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:14.030 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns3.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns3.infoblox.com. 2453 IN A 38.108.181.212  . 241271 IN NS c.root-servers.net.  . 241271 IN NS j.root-servers.net.  . 241271 IN NS a.root-servers.net.  . 241271 IN NS f.root-servers.net.  . 241271 IN NS b.root-servers.net.  . 241271 IN NS d.root-servers.net.  . 241271 IN NS g.root-servers.net.  . 241271 IN NS e.root-servers.net.  . 241271 IN NS k.root-servers.net.  . 241271 IN NS h.root-servers.net.  . 241271 IN NS m.root-servers.net.  . 241271 IN NS l.root-servers.net.  . 241271 IN NS i.root-servers.net.  a.root-servers.net. 241271 IN A 198.41.0.4  b.root-servers.net. 241271 IN A 199.9.14.201  c.root-servers.net. 241271 IN A 192.33.4.12  d.root-servers.net. 241271 IN A 199.7.91.13  e.root-servers.net. 241271 IN A 192.203.230.10  f.root-servers.net. 241271 IN A 192.5.5.241  g.root-servers.net. 241271 IN A 192.112.36.4  h.root-servers.net. 241271 IN A 198.97.190.53  i.root-servers.net. 241271 IN A 192.36.148.17  j.root-servers.net. 241271 IN A 192.58.128.30  k.root-servers.net. 241271 IN A 193.0.14.129  l.root-servers.net. 241271 IN A 199.7.83.42  m.root-servers.net. 241271 IN A 202.12.27.33  a.root-servers.net. 241271 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50197,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:14.030 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns4.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns4.infoblox.com. 2405 IN A 12.23.72.166  . 241271 IN NS k.root-servers.net.  . 241271 IN NS h.root-servers.net.  . 241271 IN NS f.root-servers.net.  . 241271 IN NS l.root-servers.net.  . 241271 IN NS e.root-servers.net.  . 241271 IN NS d.root-servers.net.  . 241271 IN NS c.root-servers.net.  . 241271 IN NS b.root-servers.net.  . 241271 IN NS g.root-servers.net.  . 241271 IN NS i.root-servers.net.  . 241271 IN NS a.root-servers.net.  . 241271 IN NS j.root-servers.net.  . 241271 IN NS m.root-servers.net.  a.root-servers.net. 241271 IN A 198.41.0.4  b.root-servers.net. 241271 IN A 199.9.14.201  c.root-servers.net. 241271 IN A 192.33.4.12  d.root-servers.net. 241271 IN A 199.7.91.13  e.root-servers.net. 241271 IN A 192.203.230.10  f.root-servers.net. 241271 IN A 192.5.5.241  g.root-servers.net. 241271 IN A 192.112.36.4  h.root-servers.net. 241271 IN A 198.97.190.53  i.root-servers.net. 241271 IN A 192.36.148.17  j.root-servers.net. 241271 IN A 192.58.128.30  k.root-servers.net. 241271 IN A 193.0.14.129  l.root-servers.net. 241271 IN A 199.7.83.42  m.root-servers.net. 241271 IN A 202.12.27.33  a.root-servers.net. 241271 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,63611,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:14.029 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN NS NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=NS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 1800 IN NS ns4.infoblox.com.  tme.infoblox.com. 1800 IN NS ns3.infoblox.com.  tme.infoblox.com. 1800 IN NS ns8.infoblox.com.  tme.infoblox.com. 1800 IN NS ns7.infoblox.com.  tme.infoblox.com. 1800 IN NS ns2.infoblox.com.""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,58434,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""NS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,5,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,NS,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:13.841 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns3.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns3.infoblox.com. 2453 IN A 38.108.181.212  . 241271 IN NS c.root-servers.net.  . 241271 IN NS j.root-servers.net.  . 241271 IN NS a.root-servers.net.  . 241271 IN NS f.root-servers.net.  . 241271 IN NS b.root-servers.net.  . 241271 IN NS d.root-servers.net.  . 241271 IN NS g.root-servers.net.  . 241271 IN NS e.root-servers.net.  . 241271 IN NS k.root-servers.net.  . 241271 IN NS h.root-servers.net.  . 241271 IN NS m.root-servers.net.  . 241271 IN NS l.root-servers.net.  . 241271 IN NS i.root-servers.net.  a.root-servers.net. 241271 IN A 198.41.0.4  b.root-servers.net. 241271 IN A 199.9.14.201  c.root-servers.net. 241271 IN A 192.33.4.12  d.root-servers.net. 241271 IN A 199.7.91.13  e.root-servers.net. 241271 IN A 192.203.230.10  f.root-servers.net. 241271 IN A 192.5.5.241  g.root-servers.net. 241271 IN A 192.112.36.4  h.root-servers.net. 241271 IN A 198.97.190.53  i.root-servers.net. 241271 IN A 192.36.148.17  j.root-servers.net. 241271 IN A 192.58.128.30  k.root-servers.net. 241271 IN A 193.0.14.129  l.root-servers.net. 241271 IN A 199.7.83.42  m.root-servers.net. 241271 IN A 202.12.27.33  a.root-servers.net. 241271 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,50197,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:13.841 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN NS NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=NS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=5;InfobloxNsCount=0;InfobloxArCount=0;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,tme.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""tme.infoblox.com. 1800 IN NS ns4.infoblox.com.  tme.infoblox.com. 1800 IN NS ns3.infoblox.com.  tme.infoblox.com. 1800 IN NS ns8.infoblox.com.  tme.infoblox.com. 1800 IN NS ns7.infoblox.com.  tme.infoblox.com. 1800 IN NS ns2.infoblox.com.""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,58434,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""NS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""5"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""0"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,5,0,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,NS,NOERROR,_default,,,,,,,,,0,,,,,,,,,,,,,,,,N/A,,
+1e1956bc-a7d2-455e-9ab1-4a9153ebf07a,"7/19/2023, 3:17:13.841 AM",Infoblox,Data Connector,2.1.3,DNS Response,DNS Response IN A NOERROR,1,,InfobloxDNSView=_default;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=13;InfobloxArCount=14;InfobloxB1Region=;InfobloxB1ConnectionType=b1ddi;InfobloxB1OPHName=Sentinel-Demo-DNS+DFP+DHCP;InfobloxB1OPHIPAddress=192.168.1.201;InfobloxB1Network=on-prem (B1DDI);InfobloxB1SrcOSVersion=;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=,,DNS,,ns4.infoblox.com.,,,,,,,,,,,,,,,,,,,,,192.168.1.201,,,,192.168.1.90,192.168.1.90,,,,,,,,,,,,,,,,"""ns4.infoblox.com. 2405 IN A 12.23.72.166  . 241271 IN NS k.root-servers.net.  . 241271 IN NS h.root-servers.net.  . 241271 IN NS f.root-servers.net.  . 241271 IN NS l.root-servers.net.  . 241271 IN NS e.root-servers.net.  . 241271 IN NS d.root-servers.net.  . 241271 IN NS c.root-servers.net.  . 241271 IN NS b.root-servers.net.  . 241271 IN NS g.root-servers.net.  . 241271 IN NS i.root-servers.net.  . 241271 IN NS a.root-servers.net.  . 241271 IN NS j.root-servers.net.  . 241271 IN NS m.root-servers.net.  a.root-servers.net. 241271 IN A 198.41.0.4  b.root-servers.net. 241271 IN A 199.9.14.201  c.root-servers.net. 241271 IN A 192.33.4.12  d.root-servers.net. 241271 IN A 199.7.91.13  e.root-servers.net. 241271 IN A 192.203.230.10  f.root-servers.net. 241271 IN A 192.5.5.241  g.root-servers.net. 241271 IN A 192.112.36.4  h.root-servers.net. 241271 IN A 198.97.190.53  i.root-servers.net. 241271 IN A 192.36.148.17  j.root-servers.net. 241271 IN A 192.58.128.30  k.root-servers.net. 241271 IN A 193.0.14.129  l.root-servers.net. 241271 IN A 199.7.83.42  m.root-servers.net. 241271 IN A 202.12.27.33  a.root-servers.net. 241271 IN AAAA 2001:503:ba3e::2:30""",,,,,,,,,,,,UDP,,,,,,,,,00:50:56:0b:0f:80,,,,,,,,,63611,192.168.1.90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Sentinel-Demo-CDC,OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSView"":""_default"",""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""13"",""InfobloxArCount"":""14"",""InfobloxB1ConnectionType"":""b1ddi"",""InfobloxB1OPHName"":""Sentinel-Demo-DNS+DFP+DHCP"",""InfobloxB1OPHIPAddress"":""192.168.1.201"",""InfobloxB1Network"":""on-prem (B1DDI)""}",,1,14,b1ddi,,,,on-prem (B1DDI),192.168.1.201,Sentinel-Demo-DNS+DFP+DHCP,,,,,,,IN,#NAME?,A,NOERROR,_default,,,,,,,,,13,,,,,,,,,,,,,,,,N/A,,
diff --git a/Sample Data/Custom/InfobloxSampleTIMatch.csv b/Sample Data/Custom/InfobloxSampleTIMatch.csv
new file mode 100644
index 00000000000..c81cb021e07
--- /dev/null
+++ b/Sample Data/Custom/InfobloxSampleTIMatch.csv	
@@ -0,0 +1,158 @@
+TenantId,"TimeGenerated [UTC]",SourceSystem,Action,ActivityGroupNames,AdditionalInformation,ApplicationId,AzureTenantId,ConfidenceScore,Description,DiamondModel,ExternalIndicatorId,"ExpirationDateTime [UTC]",IndicatorId,ThreatType,Active,KillChainActions,KillChainC2,KillChainDelivery,KillChainExploitation,KillChainReconnaissance,KillChainWeaponization,KnownFalsePositives,MalwareNames,PassiveOnly,ThreatSeverity,Tags,TrafficLightProtocolLevel,EmailEncoding,EmailLanguage,EmailRecipient,EmailSenderAddress,EmailSenderName,EmailSourceDomain,EmailSourceIpAddress,EmailSubject,EmailXMailer,"FileCompileDateTime [UTC]","FileCreatedDateTime [UTC]",FileHashType,FileHashValue,FileMutexName,FileName,FilePacker,FilePath,FileSize,FileType,DestinationDnsDomain,NetworkIP,NetworkPort,NetworkDestinationAsn,NetworkDestinationCidrBlock,NetworkDestinationIP,NetworkCidrBlock,NetworkDestinationPort,NetworkProtocol,NetworkSourceAsn,NetworkSourceCidrBlock,NetworkSourceIP,NetworkSourcePort,Url,UserAgent,IndicatorProvider,Type,TenantId1,"HitTime [UTC]",DeviceVendor,DeviceProduct,DeviceVersion,DeviceEventClassID,Activity,LogSeverity,OriginalLogSeverity,AdditionalExtensions,DeviceAction,ApplicationProtocol,EventCount,DestinationDnsDomain1,DestinationServiceName,DestinationTranslatedAddress,DestinationTranslatedPort,CommunicationDirection,DeviceDnsDomain,DeviceExternalID,DeviceFacility,DeviceInboundInterface,DeviceNtDomain,DeviceOutboundInterface,DevicePayloadId,ProcessName,DeviceTranslatedAddress,DestinationHostName,DestinationMACAddress,DestinationNTDomain,DestinationProcessId,DestinationUserPrivileges,DestinationProcessName,DestinationPort,DestinationIP,DeviceTimeZone,DestinationUserID,DestinationUserName,DeviceAddress,DeviceName,DeviceMacAddress,ProcessID,"EndTime [UTC]",ExternalID,ExtID,FileCreateTime,FileHash,FileID,FileModificationTime,FilePath1,FilePermission,FileType1,FileName1,FileSize1,ReceivedBytes,Message,OldFileCreateTime,OldFileHash,OldFileID,OldFileModificationTime,OldFileName,OldFilePath,OldFilePermission,OldFileSize,OldFileType,SentBytes,EventOutcome,Protocol,Reason,RequestURL,RequestClientApplication,RequestContext,RequestCookies,RequestMethod,ReceiptTime,SourceHostName,SourceMACAddress,SourceNTDomain,SourceDnsDomain,SourceServiceName,SourceTranslatedAddress,SourceTranslatedPort,SourceProcessId,SourceUserPrivileges,SourceProcessName,SourcePort,SourceIP,"StartTime [UTC]",SourceUserID,SourceUserName,EventType,DeviceEventCategory,DeviceCustomIPv6Address1,DeviceCustomIPv6Address1Label,DeviceCustomIPv6Address2,DeviceCustomIPv6Address2Label,DeviceCustomIPv6Address3,DeviceCustomIPv6Address3Label,DeviceCustomIPv6Address4,DeviceCustomIPv6Address4Label,DeviceCustomFloatingPoint1,DeviceCustomFloatingPoint1Label,DeviceCustomFloatingPoint2,DeviceCustomFloatingPoint2Label,DeviceCustomFloatingPoint3,DeviceCustomFloatingPoint3Label,DeviceCustomFloatingPoint4,DeviceCustomFloatingPoint4Label,DeviceCustomNumber1,FieldDeviceCustomNumber1,DeviceCustomNumber1Label,DeviceCustomNumber2,FieldDeviceCustomNumber2,DeviceCustomNumber2Label,DeviceCustomNumber3,FieldDeviceCustomNumber3,DeviceCustomNumber3Label,DeviceCustomString1,DeviceCustomString1Label,DeviceCustomString2,DeviceCustomString2Label,DeviceCustomString3,DeviceCustomString3Label,DeviceCustomString4,DeviceCustomString4Label,DeviceCustomString5,DeviceCustomString5Label,DeviceCustomString6,DeviceCustomString6Label,DeviceCustomDate1,DeviceCustomDate1Label,DeviceCustomDate2,DeviceCustomDate2Label,FlexDate1,FlexDate1Label,FlexNumber1,FlexNumber1Label,FlexNumber2,FlexNumber2Label,FlexString1,FlexString1Label,FlexString2,FlexString2Label,RemoteIP,RemotePort,MaliciousIP,ThreatSeverity1,IndicatorThreatType,ThreatDescription,ThreatConfidence,ReportReferenceLink,MaliciousIPLongitude,MaliciousIPLatitude,MaliciousIPCountry,Computer,SourceSystem1,SimplifiedDeviceAction,CollectorHostName,Type1,"_ResourceId",AdditionalExtensionsParsedNested,"A4L0ZxF74vqyLyv1ti6sL5Jj+HrAeWTPw5+u1NyQsvWfjZ63VBOBISCzHWARF0Bvzw34bpWO31l59IVzUwMjzQA9Bx6CewO4t4MmzeYZJTJTxsgrDAuoKmqf25ZE/onyN0lA0+aQpm4IUFMt61yjcLgYYZAIh2sRXHU3V6s24lo","aNk2+r0KQa5rqfFUcn+i0ykRg+9wb7f+Qt9RMc1QkrpKT8YM18ljKy5Y3NYvLxOx9+rzr55V2e1+kFkn5Pqkgr5A1yon3uT2u6+/gJt8pbzlsV4VOD2Ro0HjOV1RARppd2htjG1cWVqyAyJvO0j4nHZFrxEBPt9HlC/nxFLv07E","baYR42SOW46H9tIJsvvgoIpoy/O2bJbxaIPxCwuVRmr3N+w4Fb3KYX5t7G9c/9W9vVgC8fdZnYUfvKc9lNVI6tC3w4t+8ylCPGcfP4SRvEPPozQkYXmvm1rdHyL+Fg74OWgXvW/rOo5rtBbCbBxsfAJdDPQaDOPIyEaMAtzlObE","Bn5Hmp4Xd00qrgAnwgXN3Ct/lyrZhwn9745L0DTct/GE3AS+oSFuJtNW1SaOKlJlXYeqKCPasKzMIDF++wT6qRs6PciiCmvmmutWLr8HhHbq+M/9NfmSn4QD15PcEBnsdNbJa72pXZBd6TR93BpAdBZBOqYI0RMfCou5U+qJ75Q","BNQCb4Tyr8bNIIBX7wLZKjbEUctmR17o9x2PttkbXH49BpxXtW+uITq1eEWZNGrJfTInVK49RAnGATSypsr7WNcdbn1/xxTjMt/2w77AJ5T32VrkrUBzBTmdvaIDBNN0rhD/Pt0WNqC3r57W0UrsqoRI89yIhJwnqHVus/NIqkk","C/CRvPG3FJLK5eJPKEhenll+gWjZt9zJmYi/PeCR6Iw4JKWgHsR+1FjzFTGDDV77ofun/XZTRlGcehl3Xyji4UDCInJqiSbSoPSH9GH5TFXI/An0sVzRZ9Ypx/S1lc+vpcOflNCFX1AsneKYeYtU5Jm8O3uT574JM/I5VT4Vgx4","C3d0cRg7MfwyXU6FbXjNBNdv7071mGXTta9eqqixTZAITrzWRv2WjMpJQOSkMPM8BLZ6Qa4yzLpitW3o17YfBAgoP4LxZcOfoijl493GpAdBUmKUJOvX1fpzV8qmeFL5+ixWR09MGoSQImwjjDISSHkcKCv4xCAAocx5o/RmBy4","COaQZ9BpUbR4dczNr5e1lZ/jM4/6xap9Pkwax5q2R5tC2kyPjaR8n4xPcGXu1GR3rF3Eg8iDlMd+G+3Va4UHcS6c0FlsqAr6zLKMSYRhLJLk2OwnrKQnqOGAj2/+U50795X7wdgBobkGSBbQjSQIOpnCA3XESLVIX6csMNTwVjg","CtI55VhrRTSZqEPdCmkbDSsS14mSnlnCEJbwErNHx5sVxmdBM6izvt1pFD6HgvyV69uHH6BhAGrMuNTF6QdcuAAHhPXhmhlXc37eAkVlqUxAThUbPugPfrG+sOzsH/xZKmG0FEh+HrAUkT20MaeIw4qz9/FXqMOfLx+keATldFs","CTNr9Yr28SqOWeAxq/MtaB2+ZhR2VvsbfFENM+6zNsRk6Q4jJKQ/4s1TvNM7AjRZdqDoLe8p7oAcgQQLD31snYCrDM3YW1NwGscS7iLLB7dxG4eHpoMBhnlPDK6ko6iUSNMaiIVzK8uxHCb14AZMpI3W5hhjVbzOIez/UrbmXk0","D7+xHzufeLQHi+fIKE5CQhL+qMpKBVdG/d+BLIlMpZX8tm/S29KHSq1pIKoWpkfIsvEbMjGDHVDCEn2EA7zsHNdX/3yIXkb4Y3NH1/J83WGpe3iyjmUxrdnA/AUegpzCjIZjQ6/NRgGLCNimyzPWKXLj/r79tgrpxJuQyz2lsnQ","DEKxDnnoobgO34uv3ibthS2iRkVG0R1V0412FG9Ysq3lHr1lW/ZTkV2RgWV/ZvqpbTSv9DzHk8GpDl74hh2KHW2c1NUQIrhBtKobVWg2hSGJJhBz80opBGHvNj7GTMc+D4hKspo/uqW6S7qQSwrvtjbgJenfSwEEwqjLmAzHBFM","eQuqECspUysKswOj+1PEZSFELN/c5AFPTkdGfyPjrUrXJ0sh0urnnGQtb0meYakz3Aw744l9hGfexMS6NuX5KQQB1v9VJqxm1NhtzW1/+t3knunJ0ShM7ud92aw9VqyhbJx6xKPHh+Jf9y4dcvK2KwJvJ+ZPDqJYxhXtTEM7xa4","Ey4bdmyayFkp/Do7sE8vtCOmUmXLPeezhFUDvzay9s1Lw/w0p9YC+uf7amVJ/79kGr8O8fi2viXU0EcH5TSQJp2vbzNp/2dVmgJ/F9mpHpw1+ET7HGCHhAHZzKcC8Hx4MRuU5hmoZ0QkViQMHZlAGoAotxjoeyrmBgJxK67nIok","FAwyVlAbz9JPlJTJuKMrTJViB83QJdVcVYbE+MbGeo4ACf84ej8+g9EW4l68QFPatN0n4ntbHiPfI5arrYlhriNQr/s+2ZptiPe1WYlut38BdX8cnvbXG3HnB5zKn8MWe7h2b9pGl7AUSOSK0FBS629sd8V7ifTQir/tx2F24Lo","fQhz+qEf5Pd4TnXCIBRytRoE/mOkeZyzzQm65sk+FB+AyL5cgJII/Jw3GHxxx7stxPRDpZxDUqsKKGCaxmEKNeBu/LR3cUkoXLFY6e26uJ4Sbu2EqvvqeAy2KpCu2Zmr9B/M6LStFhaX/G/k1LxGTQCvOAy2KcSk3/48fUJCYXA","GmJasKwFmGso+09CYpXu9tMcanyVC5v9v6xz1NdH9BuSx3/PKsZlaBo7CyPM0r7lsD7KWAHOUmcDTsD3y/xbphAmc4EeLQE/BBYduuiJ6p0RQqBRCDPmQ/WANzd31InR1M9RTHvxrf59UH9qbh38xWL3ZuoX0uB0sCDumI3rM5s","GWBcNu+OPok4+JSXp0swYIxd7CvEzCtqrXMTHZn2zcuLkFPa+5sbh6UNy9zBuaCBUaQ1CM79a28IVOmsKOuv2JC5tJklZpB7g38x56Bs6L52TUYqnWU4Ffl0bTAsXieW58nscK7H6KZIRSJNmd3prR8V7clXk3BipGdem34m6Ys",InfobloxAnCount,InfobloxArCount,InfobloxB1ConnectionType,InfobloxB1DNSTags,InfobloxB1FeedName,InfobloxB1FeedType,InfobloxB1Network,InfobloxB1OPHIPAddress,InfobloxB1OPHName,InfobloxB1PolicyAction,InfobloxB1PolicyName,InfobloxB1Region,InfobloxB1SrcOSVersion,InfobloxB1ThreatIndicator,InfobloxClientID,InfobloxCSiteId,InfobloxDNSQClass,InfobloxDNSQFlags,InfobloxDNSQType,InfobloxDNSRCode,InfobloxDNSView,InfobloxDomainCat,InfobloxFingerprint,InfobloxFingerprintPr,InfobloxHost,InfobloxIPSpace,InfobloxLeaseOp,InfobloxLeaseUUID,InfobloxLifetime,InfobloxNsCount,InfobloxPolicyID,InfobloxRangeEnd,InfobloxRangeStart,InfobloxRPZ,InfobloxRPZRule,InfobloxSubnet,InfobloxThreatConfidence,InfobloxThreatLevel,InfobloxThreatProperty,"iNryMfc0gUK0WVJbwaPf2XoexrOhvIGDaPh/JyV3GnKTPCemcPxeLBQ3orzpei5/N6QfKODJIXjMPXuh8VKBaoGlW3IC3u0MFdMnOgmWfUeK+6s/QkY0X9DPpIQd9YCoQgW36u0g4BshSANiFc93H0FYAUJfPu5yMHasVvhF+CY","Io8v4LdxDsPfT1z5mZiHKIM2hZcfaYrQ0qoDxBUsD5ARsPUVceXT6nDVEajz9mk5RPUjeTTAsWNR6Onj9MtYifJNwppbQkYCcln4O0JkbQ9HqI8tTXgONMRHqxBiIQh9lLMbMSF2nIv54bt/Yld6T/RPnIJzzGYWIewxmvBQ30E","iw4Az6TebTFiMG8lrYwLHekWSdFmNi9v/xY0wg6yBe9KuxZHA2WQS3Coq5HB9z1741HFESIHybK8H5E28LbHoxTJaBrwy9WD0fQS97yBNmKQuLwRFihZ0Iua/NhX9OzuWtKwfMtvCQS5vl2xTqIOE8tiP7TztuW+hnavlW0OiDU","J5aqktuEZUMQ/0RY2R+HO1a+gSFKaBJM8X6BQ56jvFUQhd0XxkufnJg55VqMqPYusR3FF64kMN3qrCs+Ptj99vH06W6A8j7nWPPpVeroePNnW+SrRDWKZteWaO5c/nh0WTpXEzK3PeY/5A0p8CdqHZJ1Jj52h5rkUODobyzO77o",jF5uuRVGe2ZuiCozTUnefJuytEL83AtrifSQcuAdO9InbNS3DpOvomrksbHS9Rln9BMSeDsjz7lIzFsGu3vian8YRqcIJePuCxyRNw7MctdTaDVB0MDY1nYbZ2xwy1gn2VrErgvP3HMF0kMfgkoBB79D0vvS09HRKsnT0LAwKpE,"jHMV1+JOn4WdoY2d9Ij0Ws6Z3MSIm6waOvrDrvWZZ/cAzV6qqTNbQGlk+JauJULVIIsOMpx2qov+Z6U/8GZrNGR+OROQudDf/uIFzhc9gPPP2dfLwPQbL06s4TSQpvcTGSzj4z0dNXap9ik2EA80UITdNSnecxCGBF3dDcqdGDE","jLqtQui7dTvXs7BaS/r/vNClcUbaq7RGL716U0NH83ad2CR+DXgZoH0tj5FRGcHei9J8JtmHntCkYBk2DXMyNRTc7K8HWBDDVhZloU/K/S1f3y8kd9On3eyJY5tFHjV1yjO7l14fo3GOQYQMCLB/98Gruu96kZVDiJhEG73zfMY","l+bBr7f3GILOuXgFXybHKVr/VnBgxYEOoDukO8HU00CHkMlCQ3vNxvzRcgrqoy2tw+JHjM1ftuWpY1qqIB5ltghuYCT491nkx+0YFaZB8wZdoBsF+aWpVglv5Xj+8pyhiTN9z/QXeUHPCsj81zKyqiFzkdhyWC/RXpGZ7MLJuBI","Lnd3rv8VKO+lHbgSzFy1DZ5qBfzEer5+ofUgZIFVanHa6aERof9/kx0BWWJ3usLqbtABbfXe0kwyQNnCOkAfIk2GiKsB4n+J6VcsfUqnR058gCBKV4X72xYLPWELQ7kshZCDTDL27FTNL/aOBuvEvL2GLAG5DqBw/8Mn2gPV4vI","lyF02mueiX7aVxKFY3IrZN4vqYbLcEG4hWY6OSKjI+JPgkgTOlrJReeNETjSnQaIWkvCS4MPlXJ2OFAawkncfta54TaOWQzeAwcrV4vXKU2a5D3/lwjWmL7roijbFZ3YDmPLkIbF3hvmv4f2p8EF8BpPxbvba9GnTLiG9lHgDlw","n/oI6Ww/At1GScruIjpdVdU5Mv4erIwo+8pF1Sqpl/z+QGdAJEtyxV0pSOycQjfplOBeZalLS/yD3GE35ySj6k/0WKIsquP+Md6V+XrhG1/fkfZBcgmsx2KA+h4TkYo29wZciabV5S/QVUlAGzOE7HjdyFFyq1sdDh2CpjPbPgg","Nhs5NMRZcfrNO6grvjXiYbeUNrl/ybSR0udvYrngoCwXLOiwMVWulQB+sjCquGv/C2GpLapCZgUphCHN+GMhUKK4Tacfo72MdKnO/gEW8oP1h6ATlicUvlrZ9zqPB309zY///iMSgmFlILfSdr23+9Y7VDdkow9fJ8s89tKzPQw","NQJl7GSo/i7eNZkJGsc91pouQsyQh44lTZ/USFkJHyJGj4w/E7n5QlVm6adDXARrJybliF4zUlP/VYlDsyqOLPK0dMI8LaowblGX06YtVeVVJqfEv/5QSt1fzHRDNk636T6ifo/ShEQ0uTL6X+CE8DeGxQo5m4qacAgpUxAJjRU","nTAloYuYe6T/SO3y6VLwWH5k7eRs45MZ5YVKwoJRHQu71EqUNdkRBP5AK4JtNMo69o45Bgtk/+L3N/VmweZM82RWWKCBxSSJe8g2vXtWd3DW2ZhVORsIWswtxE2rnjJpQgsaKISRZHPB0iDpk48b6hT9s1/aV3LmRMzC2VwLQZg","nZBDTfcvsBUbUQO5imRM+xjs+tureoTlOBMP66CTDRrlxpjbHB6TWlxZz9MIldiIvW/q0AqaWRGzccptKmKX5IWbrNMY7h9TAm6tdqfJ0PBOqUczXFlhsJl3DFUdomkLi49ciFloPcPYhpq4giv/tG4s06MaBT41eS5RiGNKeG8","o96U2OwXxXa2EGrrEFRKG8qRFK1wukkS8Oq0CrhwiXch/UZFmKjgYnHl7AIBL7Zj81vMFWb5tHSa8QmDpntgL+qZjG07lmJKyYEQ5ksZNuXAY0khBZy+wMMaepXRLlO0F1RkStZIcq/ivE2uATiKFUzKz2xhSe5Ot7u+/hFgcgA","oFikUNScZaIinY0wl9HjOgqoy5aGPxtI1QKYDMOFFVf0tFb/SjFaYhL9b+DSpWSbV1hq0lnBy23JUKLxZ1/ecwezra+pBRAiOAutFAlH3sok1uma/Z54gXgmTTZ4UJGmAIIBYklklpypoUNNtBQxumPtvOFiqKUvpUe5XdkqGNk","PhhLgu9BCLl6szpGtbSGnuq9nE6AqHnSYGchtmPX1swKOTxCWxBbNKXeJYL+3wMHgjjsY64Igx1sZJyKqX6HgOzGZnbK0OF+Q2lIvjdYUxPCyjphTrKcfvFlBqkKXDvATGpYLwgwhV2bm35IE8KxzcbDswAHOB6gRbgGAnP93O0","PtM+KukHc8EbSZb8eLt8K21bEb/gRW/iTpnfoS5VPOddIDyfttvQIRp8yI44rMaw4iF3icTY3GJ5zYnzKeq+Wdc3SMdKfQkLEsS/WL+WP8fQi01IZLTx4CSQB+Y40Kcmp5618D2zcNbhAUiqervz5t2MLpQaaWC/qY2eJLwCvrw","qSGx3Bi7geBX9imMO5b1x+Qtj2x33SNJ4AvAT9DT3UDGXOtQO00RQpjJi3c/do2m3WZsRgHJ5qPmENwD1Dk5wtcstZs1KHXi033zcPd+8SQfjxsH2IxxCQJaKSvZlAxT0lda7VrAjeeUGhURWCkqsxwwMqFKnBax3Jr4xN0BXRk","QUVjy3DRDBssylwvgogCq1xTBkmjd4WjMWqgajSzZztcKEUB0Rq4D1XnqyAZg3QiK5Yf60sqKTXD0dpGZL77iZ/3jdV5/gV3APpLmC5pSUYw2941PB5Q5GCbNyFcQKG6f9H8v+XfNqq66sdKimjrvwhEwPWPj2VtCZhX4RCbagg","qXadfszLTER/Bp4TMAphfS4MI+0DitptODYhKJzi4sNv12gOq9mTpDINAVdgN7KagGMvvQDnSCdNEhvYOgssyNdQOS49u/2BLDl7VQR1yhCGUeynmM6ker1myzaN0NlWxL+ZnGOKYsCky9dFbhTP1idoqPTSbjdq3/8zopilCtA","r/zL3YoSrJmvBueJArVJKm8r23E4BFuein4fkactxnTUhSMMHKtU/7OpXtZ7ov3Sa6pD2VlmdwqPXrecl8mKJW6+1D36pvtph8g0I8xt3shkyt9XNyc0TIZ/pEl+mhzM/gNhXw2hjGKLNHaMhYdNVjpgbe5Y6oQy8YoIGgWQTp4","r5izwQb8EGd55LAPkF10jv4qm10pLM/PbO2uG2h4TfFdtoxQmlFQXaia981kVJ6/r/8wiR1kH5mL97u4kDHy+54iJWLg6ydy2DTO7fGdUZwKskdDWJc0kKgtDLFJQQR+9IUNKkCdPzo1jUoaX1ajGypBgy6c/v0RykL8eLBTcEY","RcjYWs9ufS16bmqFSJimEhEmV2ubcXoe9NAseY7k1SzXW34dwnn+/7yEBT2Qv+3vH4tTJf+MQqhNH5lRuIGVrmEF+R+NAuRMUIhdZBLpkyCkW/uvqPtDhwng1Lo0IoWmc17UApcXCKEsBRvdU0KW2iWBmtYbZvcwjZ7urVmdAaM","SXYisP2FIV1sFSB9zx/vnPNc1qwyDVj7ZMvSWc9X90rF0bdU/BbbdHGU5cAo6Kqy5UzxQVDgNAu+WL2vfTJMx2TxKaUOLuV9LlFza/dQ4jdh7ULhKWD/CL++pBa7ENe0LC3N+QcJVWofcMZryVs9j9zOQQUtnauLKCjo0R+Tmi8","tah45mrKavwFQXd+yYHXcZC/rPPxHTXVRCN2LUJ0zSXNQR4uaqOZWijhQPoa1vm6tJz8uPIMwC695GhtMM3JW39pZkY9bkK3IYuyjSCnRBZM7mForIPRr9BHcxGOzChW7vl0KB1un26EVr70nVqST/YVkRhOi65gAZJmczt1ouk","TfcashclDU0dnofxM/W69lUQlkNn5GeR7eCEEgVLtsQYDKIoui7eDVgw4csxXJo4+rI73iQlKOnOrGyvzlogn/lBE2zjnIWjfhcjMeJFktOQQx11bfCkoDlpkk/tFX8IvdPP/Om1PoW6wRUAwx+BwzT1HkOGJcHT4mTJywu94PM","TIBKG/eJ44uDqAsLK1AROHQjs28vbjKJIoHhky71FAgEgqwyE3vvWtxhCWnPt+lbm3FlatRxEM0fa5rggRLU824OMPmKdTmrZREIuqIK9T2w9RdTz71cXoeHbwJ1bs1a9H7ntOJpBEC7i3foP9vtG8PcMMUNlorDFfUqMEjf+E4","tr8jYWmnAWtmi/gPNGyDY2Stu/kyIkVolNBhtj6QT74lqsRXbzVafyXiJKFztjSJ52hC6Y7YPb+atlHWmfAI4ao8FiWuYp1bWuCiI/se66qiVZQZzDx5tWdSGEf0Tf1c2uIt9ZLI4tE90sXoRxPakstcH4iuldIEmKX5umqYzYk","u1bPbS0Y+9ZuzEnXKcRnK8xHgULp9hvJ7/r9eg0ur7Mhx+X4Ge5xhU/Xs8KxUaMXoAcNZ3BvcCOBnzkTlbW2pyrJ10m5Q1x4UBKEfe0yVIrJf382kDH4gZTd6miy/p/NGhI0MEK1MMqZI0bjBdst7SsJzWmjtDCvFmX9wx3vEew","UebJX9GYiBHPpE0EH3cx6BORU93gpiuzToW2zdfJz6oCXqM7SnWEmxsq1192zQcJ4zpxPDX4I3FGwMHWN2IytCVcrI59BeVWYCYJLPIGF6Qa90BnFGc8jR+TDlH/+cJzJ46nTfHwGBOYN0OZOANFlBu0lA/S4yNy0w1OtKPSGtg","uRw8Kv3TYarRD8eFO4qsDNliMAZQtG191+dfIWETyD3U2uFHjYeAtW+4aN+AfIHt+TtAl/Wx9dVzHH9HqpczVeDw8xxMrLMppKqBbkF0Xs4EfqYiFFu6RBrxigS6dk4A498gnFXfkucqHa4kCFJ+jcp/JB46u6F3whd+Sj7VyTA","Vbx9pTDdTtSIdPLerhTLqr3ZEwsK+0sXra4mAn5khgSFyknINBGeVKYIqF3LJxYzmmlqzk06xFP3nMbM4iGrUuZmrnZbGRArUc1OXrE0vzaBio3B8CXrYBD+GZQIEOt0rH85SEem/WdMlNBvX3GYbCrwUckmxx1Rq1+4FltG+cs","XAySlh/f/CkQ8y87mp2HYQnTZXbq7aJ01TCX//JcXYo7T9DWzfNd0dfdeLEVWbZctyM+pjxiyC5cS8eFd/2lEgcHcQCvEEIi5Enq4rqO5lgLx7GxrEEaAtDQWYZVaD041SysG2aEWBEpgbohPERTkjnkyckOmyvlBL7/36+ibx4","XctNu6sn66YSurOtVJYZjwuhWLPsVdcishDi1Q6kwFtccZxLnX7Im+W0ahO9pf112ic7dOFLV7vjWtOpUGZWwE/S0kKNyOLUB7LDhdJ5lqR3Bl4+1DkgNM8vbJ2NTXcO73mBD/OGl6jaD5x/WS9ui0VbA2VhDMUwqI5R1JvuLTM","Xd1yXmQ5Cmh7zGcrPLADjFiYGm6UFhtTzbEf8eXbyaQY1sr4jwdY7KWU5mIGviQ8RAZMGn9p5IhXcK8V8mVj6CLZFr/MclZz6enDO4OHQfMgRZYRHNkESl4iUOHeiqo6j7cEBs8pys2Hzll+QPbg1fDj0WirDJ5+g8jFVbE6k3A","YQBX/50zhYa470krC5q4af40PvkTXbULcaeCsl/DRKkQmo0jst1Gyx4wOsvtVLp78IP8iHo/FQqLgVgO7J52N+ZJkcON7RnIZ6KQZBpSGdB8sEW8PIRa5rlk3O9O4I24tSX9I34L/jKXHq3yYuS3GJr+GAnm/OSIW+u9Iuwx0QE","ZdgN3yV6330PHHbqB9vKB+HxXADY1zt8K8Byz9qak217EKd+XbJMLM6MQaCzd+L01dcM0mSaZFxqt5QC7VmZ7tlzQmndqBhHy4n5mkrKHcjlIeEg7nMgzXRffMz2I5/WJ9Y9os/YYggC/YCOhlLlgjzzGtO72jQw9rkja96l4IQ","ThreatLevel_Score",ThreatLevel,ThreatClass,ThreatProperty
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:37.797 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71af030-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",32F5850536B24437F1E3F1A3C0457AB26798198D52CF5D36B80197FF2B94B2CD,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.windowsstores.organiccrap.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:48.001 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.windowsstores.organiccrap.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,bogon;InfobloxB1ThreatIndicator=windowsstores.organiccrap.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"ftp.windowsstores.organiccrap.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.windowsstores.organiccrap.com. [A] via base.ftp.windowsstores.organiccrap.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.windowsstores.organiccrap.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,bogon"",""InfobloxB1ThreatIndicator"":""windowsstores.organiccrap.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,bogon",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","windowsstores.organiccrap.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.ftp.windowsstores.organiccrap.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:55.834 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb56287b-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",A232BFCEFF353DE9DDDED852A9178ECA4D404C9EA4306390455EA64D70D34799,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"files.serveusers.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:48.001 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.files.serveusers.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=files.serveusers.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"files.serveusers.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite files.serveusers.com. [A] via base.files.serveusers.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.files.serveusers.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""files.serveusers.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","files.serveusers.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.files.serveusers.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:37.797 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71af030-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",32F5850536B24437F1E3F1A3C0457AB26798198D52CF5D36B80197FF2B94B2CD,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.windowsstores.organiccrap.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:48.577 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,bogon",,DNS,,"ftp.windowsstores.organiccrap.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,bogon""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,bogon",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:55.834 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb56287b-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",A232BFCEFF353DE9DDDED852A9178ECA4D404C9EA4306390455EA64D70D34799,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"files.serveusers.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:48.577 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"files.serveusers.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:08:00.295 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"c5b845c0-7b8a-11e6-b58f-b34735885342","9/15/2036, 5:57:35.000 PM",25B84534B18DCF6801A012DA447A8B23CA7F5B28989CAC5A812650E3E53EC4AE,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"yourservers.blog-pixnet.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:51.742 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.yourservers.blog-pixnet.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=yourservers.blog-pixnet.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"yourservers.blog-pixnet.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite yourservers.blog-pixnet.com. [A] via base.yourservers.blog-pixnet.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.yourservers.blog-pixnet.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""yourservers.blog-pixnet.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","yourservers.blog-pixnet.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.yourservers.blog-pixnet.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:55.868 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e6689d56-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",1FD1E115F83D8BD1E3233BD3B6FC0A95D35C962F5F2AF351B6BBE8523375A908,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"jobscenters.org.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:51.742 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.jobscenters.org.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=jobscenters.org;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"jobscenters.org.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite jobscenters.org. [A] via base.jobscenters.org.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.jobscenters.org."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""jobscenters.org"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","jobscenters.org",,,,,A,,,,,,,,,,,,99986,,,base,"base.jobscenters.org.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:48.250 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb5676eb-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",5C6B140ED14D74A735FA49F04626BE7808DD0228DD3855BC2C01B65882EC3F9F,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.imap.onmypc.net.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:51.743 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.imap.onmypc.net.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon;InfobloxB1ThreatIndicator=imap.onmypc.net;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"ftp.imap.onmypc.net.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.imap.onmypc.net. [A] via base.ftp.imap.onmypc.net.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.imap.onmypc.net."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon"",""InfobloxB1ThreatIndicator"":""imap.onmypc.net"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","imap.onmypc.net",,,,,A,,,,,,,,,,,,99986,,,base,"base.ftp.imap.onmypc.net.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:08:00.295 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"c5b845c0-7b8a-11e6-b58f-b34735885342","9/15/2036, 5:57:35.000 PM",25B84534B18DCF6801A012DA447A8B23CA7F5B28989CAC5A812650E3E53EC4AE,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"yourservers.blog-pixnet.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:52.213 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"yourservers.blog-pixnet.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:55.868 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e6689d56-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",1FD1E115F83D8BD1E3233BD3B6FC0A95D35C962F5F2AF351B6BBE8523375A908,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"jobscenters.org.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:52.214 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"jobscenters.org.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:48.250 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb5676eb-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",5C6B140ED14D74A735FA49F04626BE7808DD0228DD3855BC2C01B65882EC3F9F,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.imap.onmypc.net.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:52.214 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon",,DNS,,"ftp.imap.onmypc.net.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:25.758 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e279618a-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",3A4BA502F022AC1F850B76B59795C0120F81317346FAAB41BD1B1F8B4C3DEE98,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"accounts.google-caches.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:55.747 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.accounts.google-caches.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=google-caches.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"accounts.google-caches.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite accounts.google-caches.com. [A] via base.accounts.google-caches.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.accounts.google-caches.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""google-caches.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","google-caches.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.accounts.google-caches.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:05:27.550 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"92d925b7-1fdc-11e7-8c34-efde9089066e","2/20/2027, 12:03:07.505 AM",3039A8835249C510DFD772B14AF3FCD60A6A4D8EB36169D1884885068EEA027D,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"cloudmicrosoft.net.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:55.747 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.cloudmicrosoft.net.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base;InfobloxB1ThreatIndicator=cloudmicrosoft.net;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"cloudmicrosoft.net.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite cloudmicrosoft.net. [A] via base.cloudmicrosoft.net.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.cloudmicrosoft.net."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base"",""InfobloxB1ThreatIndicator"":""cloudmicrosoft.net"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","cloudmicrosoft.net",,,,,A,,,,,,,,,,,,99986,,,base,"base.cloudmicrosoft.net.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:15.594 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e807a688-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",8F9AE83CC775971FD7E58F1264CBD2D246EE388BAB277BDFEB0716A439332826,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"udp.jjevil.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:55.747 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.udp.jjevil.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=udp.jjevil.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"udp.jjevil.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite udp.jjevil.com. [A] via base.udp.jjevil.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.udp.jjevil.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""udp.jjevil.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","udp.jjevil.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.udp.jjevil.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:25.758 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e279618a-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",3A4BA502F022AC1F850B76B59795C0120F81317346FAAB41BD1B1F8B4C3DEE98,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"accounts.google-caches.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:55.821 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"accounts.google-caches.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:05:27.550 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"92d925b7-1fdc-11e7-8c34-efde9089066e","2/20/2027, 12:03:07.505 AM",3039A8835249C510DFD772B14AF3FCD60A6A4D8EB36169D1884885068EEA027D,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"cloudmicrosoft.net.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:55.821 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base",,DNS,,"cloudmicrosoft.net.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:19.642 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d171147f-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",6781618F79C54D6CFDB3ECFE01A5BA803E20E7F001761C5053914B754AD5C4BE,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"hg8p7q.tech.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:55.821 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"hg8p7q.tech.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""tech. 3204 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 354536 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:15.594 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e807a688-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",8F9AE83CC775971FD7E58F1264CBD2D246EE388BAB277BDFEB0716A439332826,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"udp.jjevil.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:55.821 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"udp.jjevil.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:59.404 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d170039f-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",42F6D6D8A0C78470C389E3E70028DCA69CDB2F98DCCEC045B2120BD579B9C526,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"2sk91.space.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:13:55.822 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"2sk91.space.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""space. 3083 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 3000470213 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:05:48.424 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"6b3fd0ff-6301-11e6-817f-9f928e49a974","1/19/2038, 3:05:21.000 AM",15365A1B78C06591235128640A5646A1B1E684A4B13E3A582C497B5F46A09012,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"trendeigheone.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:01.167 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,"trendeigheone.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""com. 899 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689739998 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Content Server",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:09.400 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d1716265-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",0E0773DB0EFCC7EA350B1D94457FA0A98D4936091BC60F547377ABC774D0BF33,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"s3fof.club.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:01.167 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"s3fof.club.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""club. 900 IN SOA ns1.dns.nic.club. admin.tldns.godaddy. 1689739516 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:33.922 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d170ee19-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",595D90A4DBC8A94B7D8990E2C1BC9CCDF8583CBAD7AB528AFCBB9C2006D2FB01,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"rvq2k.trade.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:01.167 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"rvq2k.trade.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""trade. 563 IN SOA ns1.dns.nic.trade. admin.tldns.godaddy. 1689733327 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:00.414 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb565093-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",BD0EB508D89AABC3AD61F5A2EA4E2F9EE2FC6836A7F74CEA7A9582747942170B,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"www.register.ourhobby.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:05.729 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.www.register.ourhobby.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base;InfobloxB1ThreatIndicator=www.register.ourhobby.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"www.register.ourhobby.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite www.register.ourhobby.com. [A] via base.www.register.ourhobby.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.www.register.ourhobby.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base"",""InfobloxB1ThreatIndicator"":""www.register.ourhobby.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","www.register.ourhobby.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.www.register.ourhobby.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:43.993 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb560143-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",CE7EF842951019FB0A70E2F926AA88C31A5D2D56B299276F33EA5D804D8F3C04,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.scarlet-witch.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:05.729 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.scarlet-witch.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=scarlet-witch.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"ftp.scarlet-witch.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.scarlet-witch.com. [A] via base.ftp.scarlet-witch.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.scarlet-witch.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""scarlet-witch.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","scarlet-witch.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.ftp.scarlet-witch.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:56.882 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71af00f-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",E6B2A7245CC0774BFF555B79D88817A38D4DBE3E17AB485557F8F85CFCFE0545,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"www.fu.epac.to.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:05.729 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.www.fu.epac.to.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=fu.epac.to;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"www.fu.epac.to.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite www.fu.epac.to. [A] via base.www.fu.epac.to.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.www.fu.epac.to."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""fu.epac.to"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","fu.epac.to",,,,,A,,,,,,,,,,,,99986,,,base,"base.www.fu.epac.to.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:26.729 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb565076-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",D17154250CE302FEEC97EADAF56614A0C25CB949A8524B3E76F81905BEE0253D,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"oa.2waky.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:05.730 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.oa.2waky.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Pornography,base;InfobloxB1ThreatIndicator=oa.2waky.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"oa.2waky.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite oa.2waky.com. [A] via base.oa.2waky.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.oa.2waky.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Pornography,base"",""InfobloxB1ThreatIndicator"":""oa.2waky.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Pornography,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","oa.2waky.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.oa.2waky.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:00.414 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb565093-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",BD0EB508D89AABC3AD61F5A2EA4E2F9EE2FC6836A7F74CEA7A9582747942170B,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"www.register.ourhobby.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:06.185 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base",,DNS,,"www.register.ourhobby.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:43.993 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb560143-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",CE7EF842951019FB0A70E2F926AA88C31A5D2D56B299276F33EA5D804D8F3C04,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.scarlet-witch.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:06.186 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"ftp.scarlet-witch.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:56.882 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71af00f-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",E6B2A7245CC0774BFF555B79D88817A38D4DBE3E17AB485557F8F85CFCFE0545,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"www.fu.epac.to.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:06.186 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"www.fu.epac.to.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:26.729 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb565076-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",D17154250CE302FEEC97EADAF56614A0C25CB949A8524B3E76F81905BEE0253D,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"oa.2waky.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:06.186 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Pornography,base",,DNS,,"oa.2waky.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Pornography,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Pornography,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:03.567 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d1709fb7-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",886CD9B012B4998EA0282A80CE3E028423EC2AC8F5B9F965A76D738366C79D84,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"v4ccm.website.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:06.187 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"v4ccm.website.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""website. 3600 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 3000470743 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:48.200 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d170edf5-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",A693DA3F6C4A5DEF03BA8F3A8571464825F4DAD0C702B7DB96DD8AFA072B03DA,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"r5h1y.trade.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:06.187 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"r5h1y.trade.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""trade. 844 IN SOA ns1.dns.nic.trade. admin.tldns.godaddy. 1689733327 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:59.555 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71aa1ba-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",3D67E8F7BC9D3CDB56F1169300399024BAB8D18DD4982E0CFC5117B06FA87EA3,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.markjpninfos.vizvaz.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:09.866 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.markjpninfos.vizvaz.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base;InfobloxB1ThreatIndicator=markjpninfos.vizvaz.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"ftp.markjpninfos.vizvaz.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.markjpninfos.vizvaz.com. [A] via base.ftp.markjpninfos.vizvaz.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.markjpninfos.vizvaz.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base"",""InfobloxB1ThreatIndicator"":""markjpninfos.vizvaz.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","markjpninfos.vizvaz.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.ftp.markjpninfos.vizvaz.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:59.789 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"a89108e5-6b33-11e6-87ab-b3b04ab54f23","8/26/2036, 2:14:47.000 AM",0B989D4C74E26DF8A0CD563F938957614DCCBC5AF704BC1F23255983AE5A04CE,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"mediacloudsolution.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:09.867 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.mediacloudsolution.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,base;InfobloxB1ThreatIndicator=mediacloudsolution.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"mediacloudsolution.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite mediacloudsolution.com. [A] via base.mediacloudsolution.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.mediacloudsolution.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,base"",""InfobloxB1ThreatIndicator"":""mediacloudsolution.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Content Server,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","mediacloudsolution.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.mediacloudsolution.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:08:03.306 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d1709fd9-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",79C1B300FFCB9115A8CDA98258A7BA75835DAC6A160F3075D4C758D123F1FAAD,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"k11jr.loan.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:10.490 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"k11jr.loan.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""loan. 900 IN SOA ns1.dns.nic.loan. admin.tldns.godaddy. 1689739384 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:26.658 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d17162a5-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",7DE8B66C5D675911B894ECEA23B838627409A834BEFF8C031905786A412259F6,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"hg08f9y.host.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:10.490 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"hg08f9y.host.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""host. 3600 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 3000455415 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:59.555 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71aa1ba-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",3D67E8F7BC9D3CDB56F1169300399024BAB8D18DD4982E0CFC5117B06FA87EA3,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.markjpninfos.vizvaz.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:10.490 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",,DNS,,"ftp.markjpninfos.vizvaz.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:36.579 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"530af139-fc18-11e7-82f1-8dc509037e1c","1/18/2038, 6:25:05.998 AM",F6C0D6A1CF5845A53AEF2700E9DA904D67F1B1D7779122FD7AD7937AA07E73D6,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"mail.google.com-recoveryservice.info.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:10.490 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"mail.google.com-recoveryservice.info.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""info. 3480 IN SOA a0.info.afilias-nst.info. hostmaster.donuts.email. 1689739435 7200 900 1209600 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:59.789 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"a89108e5-6b33-11e6-87ab-b3b04ab54f23","8/26/2036, 2:14:47.000 AM",0B989D4C74E26DF8A0CD563F938957614DCCBC5AF704BC1F23255983AE5A04CE,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"mediacloudsolution.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:10.490 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,base",,DNS,,"mediacloudsolution.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Content Server,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:28.850 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d1716261-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",C0483A04AB7E375395B438707BF0375FA1CA8924E7675F196E707ADA6F6DC2E4,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"hgiihb.loan.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:10.490 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"hgiihb.loan.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""loan. 900 IN SOA ns1.dns.nic.loan. admin.tldns.godaddy. 1689739384 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:19.241 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_Generic",,"1c6bf94f-54db-11e9-83d0-61bce6109bb1","4/1/2039, 8:01:07.575 PM",BE61496D853ABE0ABBD2F7A7AFB29A77CF16DAE59D98C5BC2A60879D29007F75,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"activity-confirmation-service.info.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:14.198 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.activity-confirmation-service.info.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_Generic;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=activity-confirmation-service.info;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"activity-confirmation-service.info.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite activity-confirmation-service.info. [A] via base.activity-confirmation-service.info.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.activity-confirmation-service.info."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_Generic"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""activity-confirmation-service.info"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","activity-confirmation-service.info",,,,,A,,,,,,,,,,,,99986,,,base,"base.activity-confirmation-service.info.",,0,100,"APT_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:08:06.856 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"530bb4b4-fc18-11e7-82f1-8dc509037e1c","1/18/2038, 6:25:05.998 AM",A7EDED69B7A7892429755D56DAAD90319DC0FF4D3D5C8D6AF3F6575F93FEFE2A,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"result2.com-servicescustomer.name.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:14.311 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"result2.com-servicescustomer.name.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""name. 3600 IN SOA ac1.nstld.com. info.verisign-grs.com. 1689740016 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:53.612 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"6b3e982f-6301-11e6-817f-9f928e49a974","1/19/2038, 3:06:46.583 AM",DB0810687868F834120FCB9BFDC366C44D76756F8BDD2D36E253602A0B98FD04,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"bluesync2121.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:14.311 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,"bluesync2121.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689740018 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Content Server",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:41.641 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"530c7832-fc18-11e7-82f1-8dc509037e1c","1/18/2038, 6:25:05.998 AM",420AC3173BF0E24F58E90E2A47AB50F02701C3684391FFC722E1EA511D0EE61C,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"hangout.com-messagecenter.bid.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:14.311 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"hangout.com-messagecenter.bid.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""bid. 289 IN SOA ns1.dns.nic.bid. admin.tldns.godaddy. 1689738963 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:19.241 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_Generic",,"1c6bf94f-54db-11e9-83d0-61bce6109bb1","4/1/2039, 8:01:07.575 PM",BE61496D853ABE0ABBD2F7A7AFB29A77CF16DAE59D98C5BC2A60879D29007F75,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"activity-confirmation-service.info.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:14.312 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"activity-confirmation-service.info.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:31.087 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d649fa0e-fc13-11e7-82f1-8dc509037e1c","1/18/2038, 5:52:58.779 AM",EFDDE54064906E72D8F3E075A7A7FA4CC83EE6E4A59ECFEECD7324A79C241874,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"portal-office.fr.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:14.312 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"portal-office.fr.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""fr. 514 IN SOA a.nic.fr. dnsmaster.afnic.fr. 2236161754 3600 1800 3600000 600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:37.903 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d1702a34-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",3554A17A9C038EF15AE6F5619D74F597F18521518DA9ED1AE4CEC2D8FF127828,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"hg8l3u.loan.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:19.051 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"hg8l3u.loan.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""loan. 900 IN SOA ns1.dns.nic.loan. admin.tldns.godaddy. 1689739384 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,42427,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:05:38.759 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb567704-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",2CFC436DEC072702BFFE42AB4C26D2835A0F89715C56F4285EFF03063B5573E3,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.garlic.dyndns.pro.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:21.935 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon",,DNS,,"ftp.garlic.dyndns.pro.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,51323,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:53.639 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e5e9cf9c-593e-11e8-91e8-77e30fb69abe","5/16/2038, 7:25:17.240 PM",650A3C258187547D4EE3619C07D70998F123F611F9178660C9C29CB067F540BF,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"shijihulian.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:22.346 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.shijihulian.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med;InfobloxB1ThreatIndicator=shijihulian.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"shijihulian.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite shijihulian.com. [A] via base.shijihulian.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,38275,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.shijihulian.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med"",""InfobloxB1ThreatIndicator"":""shijihulian.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","shijihulian.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.shijihulian.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:21.800 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"530b6619-fc18-11e7-82f1-8dc509037e1c","1/18/2038, 6:25:05.998 AM",25B92E0031A0686A3C03D9F53FDD1B586DCD69B8D368F18BDD052FDF79D14F6A,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"books-google.accountservice.support.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:22.420 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"books-google.accountservice.support.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""books-google.accountservice.support. 300 IN A 172.67.221.62  books-google.accountservice.support. 300 IN A 104.21.24.249  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,38275,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,2,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:53.639 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e5e9cf9c-593e-11e8-91e8-77e30fb69abe","5/16/2038, 7:25:17.240 PM",650A3C258187547D4EE3619C07D70998F123F611F9178660C9C29CB067F540BF,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"shijihulian.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:22.421 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med",,DNS,,"shijihulian.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,38275,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:05:38.759 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb567704-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",2CFC436DEC072702BFFE42AB4C26D2835A0F89715C56F4285EFF03063B5573E3,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.garlic.dyndns.pro.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 4:14:26.313 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.garlic.dyndns.pro.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon;InfobloxB1ThreatIndicator=garlic.dyndns.pro;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"ftp.garlic.dyndns.pro.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.garlic.dyndns.pro. [A] via base.ftp.garlic.dyndns.pro.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,51323,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.garlic.dyndns.pro."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon"",""InfobloxB1ThreatIndicator"":""garlic.dyndns.pro"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","garlic.dyndns.pro",,,,,A,,,,,,,,,,,,99986,,,base,"base.ftp.garlic.dyndns.pro.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:37.797 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71af030-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",32F5850536B24437F1E3F1A3C0457AB26798198D52CF5D36B80197FF2B94B2CD,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.windowsstores.organiccrap.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:36.706 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.windowsstores.organiccrap.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,bogon;InfobloxB1ThreatIndicator=windowsstores.organiccrap.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"ftp.windowsstores.organiccrap.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.windowsstores.organiccrap.com. [A] via base.ftp.windowsstores.organiccrap.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,12700,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.windowsstores.organiccrap.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,bogon"",""InfobloxB1ThreatIndicator"":""windowsstores.organiccrap.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,bogon",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","windowsstores.organiccrap.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.ftp.windowsstores.organiccrap.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:55.834 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb56287b-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",A232BFCEFF353DE9DDDED852A9178ECA4D404C9EA4306390455EA64D70D34799,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"files.serveusers.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:36.707 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.files.serveusers.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=files.serveusers.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"files.serveusers.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite files.serveusers.com. [A] via base.files.serveusers.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,12700,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.files.serveusers.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""files.serveusers.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","files.serveusers.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.files.serveusers.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:55.834 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb56287b-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",A232BFCEFF353DE9DDDED852A9178ECA4D404C9EA4306390455EA64D70D34799,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"files.serveusers.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:36.788 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"files.serveusers.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,12700,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:37.797 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71af030-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",32F5850536B24437F1E3F1A3C0457AB26798198D52CF5D36B80197FF2B94B2CD,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.windowsstores.organiccrap.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:36.788 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,bogon",,DNS,,"ftp.windowsstores.organiccrap.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,12700,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,bogon""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,bogon",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:55.868 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e6689d56-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",1FD1E115F83D8BD1E3233BD3B6FC0A95D35C962F5F2AF351B6BBE8523375A908,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"jobscenters.org.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:41.577 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.jobscenters.org.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=jobscenters.org;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"jobscenters.org.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite jobscenters.org. [A] via base.jobscenters.org.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.jobscenters.org."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""jobscenters.org"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","jobscenters.org",,,,,A,,,,,,,,,,,,99986,,,base,"base.jobscenters.org.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:08:00.295 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"c5b845c0-7b8a-11e6-b58f-b34735885342","9/15/2036, 5:57:35.000 PM",25B84534B18DCF6801A012DA447A8B23CA7F5B28989CAC5A812650E3E53EC4AE,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"yourservers.blog-pixnet.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:41.577 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.yourservers.blog-pixnet.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=yourservers.blog-pixnet.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"yourservers.blog-pixnet.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite yourservers.blog-pixnet.com. [A] via base.yourservers.blog-pixnet.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.yourservers.blog-pixnet.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""yourservers.blog-pixnet.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","yourservers.blog-pixnet.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.yourservers.blog-pixnet.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:08:00.295 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"c5b845c0-7b8a-11e6-b58f-b34735885342","9/15/2036, 5:57:35.000 PM",25B84534B18DCF6801A012DA447A8B23CA7F5B28989CAC5A812650E3E53EC4AE,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"yourservers.blog-pixnet.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:42.195 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"yourservers.blog-pixnet.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:55.868 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e6689d56-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",1FD1E115F83D8BD1E3233BD3B6FC0A95D35C962F5F2AF351B6BBE8523375A908,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"jobscenters.org.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:42.195 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"jobscenters.org.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:25.758 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e279618a-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",3A4BA502F022AC1F850B76B59795C0120F81317346FAAB41BD1B1F8B4C3DEE98,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"accounts.google-caches.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:44.642 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"accounts.google-caches.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:48.250 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb5676eb-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",5C6B140ED14D74A735FA49F04626BE7808DD0228DD3855BC2C01B65882EC3F9F,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.imap.onmypc.net.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:44.642 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon",,DNS,,"ftp.imap.onmypc.net.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:05:27.550 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"92d925b7-1fdc-11e7-8c34-efde9089066e","2/20/2027, 12:03:07.505 AM",3039A8835249C510DFD772B14AF3FCD60A6A4D8EB36169D1884885068EEA027D,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"cloudmicrosoft.net.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:44.642 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base",,DNS,,"cloudmicrosoft.net.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:05:27.550 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"92d925b7-1fdc-11e7-8c34-efde9089066e","2/20/2027, 12:03:07.505 AM",3039A8835249C510DFD772B14AF3FCD60A6A4D8EB36169D1884885068EEA027D,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"cloudmicrosoft.net.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:44.801 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.cloudmicrosoft.net.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base;InfobloxB1ThreatIndicator=cloudmicrosoft.net;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"cloudmicrosoft.net.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite cloudmicrosoft.net. [A] via base.cloudmicrosoft.net.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.cloudmicrosoft.net."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base"",""InfobloxB1ThreatIndicator"":""cloudmicrosoft.net"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Malware Distribution Point,CAT_Phishing/Fraud,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","cloudmicrosoft.net",,,,,A,,,,,,,,,,,,99986,,,base,"base.cloudmicrosoft.net.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:25.758 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e279618a-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",3A4BA502F022AC1F850B76B59795C0120F81317346FAAB41BD1B1F8B4C3DEE98,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"accounts.google-caches.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:44.801 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.accounts.google-caches.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=google-caches.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"accounts.google-caches.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite accounts.google-caches.com. [A] via base.accounts.google-caches.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.accounts.google-caches.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""google-caches.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","google-caches.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.accounts.google-caches.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:48.250 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb5676eb-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",5C6B140ED14D74A735FA49F04626BE7808DD0228DD3855BC2C01B65882EC3F9F,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.imap.onmypc.net.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:44.801 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.imap.onmypc.net.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon;InfobloxB1ThreatIndicator=imap.onmypc.net;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"ftp.imap.onmypc.net.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.imap.onmypc.net. [A] via base.ftp.imap.onmypc.net.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.imap.onmypc.net."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon"",""InfobloxB1ThreatIndicator"":""imap.onmypc.net"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Streaming & Downloadable Video,base,bogon",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","imap.onmypc.net",,,,,A,,,,,,,,,,,,99986,,,base,"base.ftp.imap.onmypc.net.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:15.594 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e807a688-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",8F9AE83CC775971FD7E58F1264CBD2D246EE388BAB277BDFEB0716A439332826,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"udp.jjevil.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:47.430 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.udp.jjevil.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=udp.jjevil.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"udp.jjevil.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite udp.jjevil.com. [A] via base.udp.jjevil.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.udp.jjevil.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""udp.jjevil.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","udp.jjevil.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.udp.jjevil.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:19.642 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d171147f-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",6781618F79C54D6CFDB3ECFE01A5BA803E20E7F001761C5053914B754AD5C4BE,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"hg8p7q.tech.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:48.401 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"hg8p7q.tech.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""tech. 3479 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 354533 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:59.404 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d170039f-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",42F6D6D8A0C78470C389E3E70028DCA69CDB2F98DCCEC045B2120BD579B9C526,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"2sk91.space.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:48.402 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"2sk91.space.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""space. 3600 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 3000470210 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:15.594 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e807a688-593e-11e8-8208-cdf9bfd6ab67","5/16/2038, 7:25:17.240 PM",8F9AE83CC775971FD7E58F1264CBD2D246EE388BAB277BDFEB0716A439332826,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"udp.jjevil.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:48.402 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"udp.jjevil.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:05:48.424 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"6b3fd0ff-6301-11e6-817f-9f928e49a974","1/19/2038, 3:05:21.000 AM",15365A1B78C06591235128640A5646A1B1E684A4B13E3A582C497B5F46A09012,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"trendeigheone.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:48.402 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,"trendeigheone.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689734363 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Content Server",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:09.400 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d1716265-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",0E0773DB0EFCC7EA350B1D94457FA0A98D4936091BC60F547377ABC774D0BF33,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"s3fof.club.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:52.778 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"s3fof.club.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""club. 900 IN SOA ns1.dns.nic.club. admin.tldns.godaddy. 1689733932 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:33.922 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d170ee19-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",595D90A4DBC8A94B7D8990E2C1BC9CCDF8583CBAD7AB528AFCBB9C2006D2FB01,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"rvq2k.trade.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:52.779 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"rvq2k.trade.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""trade. 900 IN SOA ns1.dns.nic.trade. admin.tldns.godaddy. 1689733321 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:00.414 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb565093-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",BD0EB508D89AABC3AD61F5A2EA4E2F9EE2FC6836A7F74CEA7A9582747942170B,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"www.register.ourhobby.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:55.743 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.www.register.ourhobby.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base;InfobloxB1ThreatIndicator=www.register.ourhobby.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"www.register.ourhobby.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite www.register.ourhobby.com. [A] via base.www.register.ourhobby.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.www.register.ourhobby.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base"",""InfobloxB1ThreatIndicator"":""www.register.ourhobby.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","www.register.ourhobby.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.www.register.ourhobby.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:43.993 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb560143-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",CE7EF842951019FB0A70E2F926AA88C31A5D2D56B299276F33EA5D804D8F3C04,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.scarlet-witch.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:55.743 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.scarlet-witch.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=scarlet-witch.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"ftp.scarlet-witch.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.scarlet-witch.com. [A] via base.ftp.scarlet-witch.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.scarlet-witch.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""scarlet-witch.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","scarlet-witch.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.ftp.scarlet-witch.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:56.882 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71af00f-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",E6B2A7245CC0774BFF555B79D88817A38D4DBE3E17AB485557F8F85CFCFE0545,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"www.fu.epac.to.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:55.743 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.www.fu.epac.to.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=fu.epac.to;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"www.fu.epac.to.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite www.fu.epac.to. [A] via base.www.fu.epac.to.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.www.fu.epac.to."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""fu.epac.to"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","fu.epac.to",,,,,A,,,,,,,,,,,,99986,,,base,"base.www.fu.epac.to.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:26.729 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb565076-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",D17154250CE302FEEC97EADAF56614A0C25CB949A8524B3E76F81905BEE0253D,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"oa.2waky.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:55.744 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.oa.2waky.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Pornography,base;InfobloxB1ThreatIndicator=oa.2waky.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"oa.2waky.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite oa.2waky.com. [A] via base.oa.2waky.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.oa.2waky.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Pornography,base"",""InfobloxB1ThreatIndicator"":""oa.2waky.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Pornography,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","oa.2waky.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.oa.2waky.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:00.414 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb565093-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",BD0EB508D89AABC3AD61F5A2EA4E2F9EE2FC6836A7F74CEA7A9582747942170B,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"www.register.ourhobby.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:55.818 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base",,DNS,,"www.register.ourhobby.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:26.729 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb565076-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",D17154250CE302FEEC97EADAF56614A0C25CB949A8524B3E76F81905BEE0253D,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"oa.2waky.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:55.819 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Pornography,base",,DNS,,"oa.2waky.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Pornography,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Pornography,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:56.882 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71af00f-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",E6B2A7245CC0774BFF555B79D88817A38D4DBE3E17AB485557F8F85CFCFE0545,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"www.fu.epac.to.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:55.819 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"www.fu.epac.to.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:43.993 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb560143-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",CE7EF842951019FB0A70E2F926AA88C31A5D2D56B299276F33EA5D804D8F3C04,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.scarlet-witch.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:55.819 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"ftp.scarlet-witch.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:03.567 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d1709fb7-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",886CD9B012B4998EA0282A80CE3E028423EC2AC8F5B9F965A76D738366C79D84,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"v4ccm.website.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:58.935 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"v4ccm.website.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""website. 3600 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 3000470740 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:48.200 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d170edf5-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",A693DA3F6C4A5DEF03BA8F3A8571464825F4DAD0C702B7DB96DD8AFA072B03DA,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"r5h1y.trade.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:58.935 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"r5h1y.trade.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""trade. 900 IN SOA ns1.dns.nic.trade. admin.tldns.godaddy. 1689733321 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:08:03.306 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d1709fd9-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",79C1B300FFCB9115A8CDA98258A7BA75835DAC6A160F3075D4C758D123F1FAAD,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"k11jr.loan.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:58.935 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"k11jr.loan.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""loan. 900 IN SOA ns1.dns.nic.loan. admin.tldns.godaddy. 1689733234 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:59.555 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71aa1ba-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",3D67E8F7BC9D3CDB56F1169300399024BAB8D18DD4982E0CFC5117B06FA87EA3,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.markjpninfos.vizvaz.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:58.936 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",,DNS,,"ftp.markjpninfos.vizvaz.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:36.579 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"530af139-fc18-11e7-82f1-8dc509037e1c","1/18/2038, 6:25:05.998 AM",F6C0D6A1CF5845A53AEF2700E9DA904D67F1B1D7779122FD7AD7937AA07E73D6,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"mail.google.com-recoveryservice.info.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:58.936 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"mail.google.com-recoveryservice.info.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""info. 3262 IN SOA a0.info.afilias-nst.info. hostmaster.donuts.email. 1689733746 7200 900 1209600 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:26.658 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d17162a5-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",7DE8B66C5D675911B894ECEA23B838627409A834BEFF8C031905786A412259F6,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"hg08f9y.host.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:39:58.936 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"hg08f9y.host.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""host. 2327 IN SOA ns0.centralnic.net. hostmaster.centralnic.net. 3000455411 900 1800 6048000 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:59.789 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"a89108e5-6b33-11e6-87ab-b3b04ab54f23","8/26/2036, 2:14:47.000 AM",0B989D4C74E26DF8A0CD563F938957614DCCBC5AF704BC1F23255983AE5A04CE,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"mediacloudsolution.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:02.329 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.mediacloudsolution.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,base;InfobloxB1ThreatIndicator=mediacloudsolution.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"mediacloudsolution.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite mediacloudsolution.com. [A] via base.mediacloudsolution.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.mediacloudsolution.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,base"",""InfobloxB1ThreatIndicator"":""mediacloudsolution.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Content Server,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","mediacloudsolution.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.mediacloudsolution.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:59.789 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"a89108e5-6b33-11e6-87ab-b3b04ab54f23","8/26/2036, 2:14:47.000 AM",0B989D4C74E26DF8A0CD563F938957614DCCBC5AF704BC1F23255983AE5A04CE,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"mediacloudsolution.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:02.954 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server,base",,DNS,,"mediacloudsolution.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Content Server,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:08:06.856 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"530bb4b4-fc18-11e7-82f1-8dc509037e1c","1/18/2038, 6:25:05.998 AM",A7EDED69B7A7892429755D56DAAD90319DC0FF4D3D5C8D6AF3F6575F93FEFE2A,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"result2.com-servicescustomer.name.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:02.954 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"result2.com-servicescustomer.name.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""name. 3600 IN SOA ac1.nstld.com. info.verisign-grs.com. 1689734346 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:28.850 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d1716261-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",C0483A04AB7E375395B438707BF0375FA1CA8924E7675F196E707ADA6F6DC2E4,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"hgiihb.loan.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:02.954 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"hgiihb.loan.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""loan. 900 IN SOA ns1.dns.nic.loan. admin.tldns.godaddy. 1689733234 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:53.612 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"6b3e982f-6301-11e6-817f-9f928e49a974","1/19/2038, 3:06:46.583 AM",DB0810687868F834120FCB9BFDC366C44D76756F8BDD2D36E253602A0B98FD04,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"bluesync2121.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:02.955 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Content Server",,DNS,,"bluesync2121.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1689734363 1800 900 604800 86400  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Content Server""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Content Server",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:31.087 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d649fa0e-fc13-11e7-82f1-8dc509037e1c","1/18/2038, 5:52:58.779 AM",EFDDE54064906E72D8F3E075A7A7FA4CC83EE6E4A59ECFEECD7324A79C241874,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"portal-office.fr.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:06.725 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"portal-office.fr.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""fr. 563 IN SOA a.nic.fr. dnsmaster.afnic.fr. 2236161635 3600 1800 3600000 600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:37.903 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"d1702a34-fc0e-11e7-8daa-832d554463d7","1/18/2038, 5:17:03.053 AM",3554A17A9C038EF15AE6F5619D74F597F18521518DA9ED1AE4CEC2D8FF127828,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"hg8l3u.loan.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:06.725 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"hg8l3u.loan.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""loan. 900 IN SOA ns1.dns.nic.loan. admin.tldns.godaddy. 1689733234 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:41.641 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"530c7832-fc18-11e7-82f1-8dc509037e1c","1/18/2038, 6:25:05.998 AM",420AC3173BF0E24F58E90E2A47AB50F02701C3684391FFC722E1EA511D0EE61C,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"hangout.com-messagecenter.bid.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:06.725 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"hangout.com-messagecenter.bid.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""bid. 234 IN SOA ns1.dns.nic.bid. admin.tldns.godaddy. 1689733253 1800 300 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:19.241 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_Generic",,"1c6bf94f-54db-11e9-83d0-61bce6109bb1","4/1/2039, 8:01:07.575 PM",BE61496D853ABE0ABBD2F7A7AFB29A77CF16DAE59D98C5BC2A60879D29007F75,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"activity-confirmation-service.info.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:06.725 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"activity-confirmation-service.info.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:21.800 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"530b6619-fc18-11e7-82f1-8dc509037e1c","1/18/2038, 6:25:05.998 AM",25B92E0031A0686A3C03D9F53FDD1B586DCD69B8D368F18BDD052FDF79D14F6A,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"books-google.accountservice.support.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:11.846 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"books-google.accountservice.support.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""books-google.accountservice.support. 300 IN A 172.67.221.62  books-google.accountservice.support. 300 IN A 104.21.24.249  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,2327,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,2,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:53.639 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e5e9cf9c-593e-11e8-91e8-77e30fb69abe","5/16/2038, 7:25:17.240 PM",650A3C258187547D4EE3619C07D70998F123F611F9178660C9C29CB067F540BF,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"shijihulian.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:11.847 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med",,DNS,,"shijihulian.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,2327,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:53.639 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"e5e9cf9c-593e-11e8-91e8-77e30fb69abe","5/16/2038, 7:25:17.240 PM",650A3C258187547D4EE3619C07D70998F123F611F9178660C9C29CB067F540BF,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"shijihulian.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:12.316 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.shijihulian.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med;InfobloxB1ThreatIndicator=shijihulian.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"shijihulian.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite shijihulian.com. [A] via base.shijihulian.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,2327,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.shijihulian.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med"",""InfobloxB1ThreatIndicator"":""shijihulian.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,eecn-ip,sanctions-high,sanctions-med",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","shijihulian.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.shijihulian.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:05:38.759 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb567704-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",2CFC436DEC072702BFFE42AB4C26D2835A0F89715C56F4285EFF03063B5573E3,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.garlic.dyndns.pro.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:19.028 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.garlic.dyndns.pro.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon;InfobloxB1ThreatIndicator=garlic.dyndns.pro;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"ftp.garlic.dyndns.pro.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.garlic.dyndns.pro. [A] via base.ftp.garlic.dyndns.pro.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,2327,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.garlic.dyndns.pro."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon"",""InfobloxB1ThreatIndicator"":""garlic.dyndns.pro"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","garlic.dyndns.pro",,,,,A,,,,,,,,,,,,99986,,,base,"base.ftp.garlic.dyndns.pro.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:05:38.759 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"bb567704-1073-11e9-b9f6-41ba2cb929b5","1/4/2039, 10:53:33.733 PM",2CFC436DEC072702BFFE42AB4C26D2835A0F89715C56F4285EFF03063B5573E3,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.garlic.dyndns.pro.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:19.461 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon",,DNS,,"ftp.garlic.dyndns.pro.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,2327,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Web Hosting, ISP & Telco,base,bogon",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:59.555 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_MalwareC2",,"b71aa1ba-1073-11e9-86ba-ada546412a24","1/4/2039, 10:53:33.733 PM",3D67E8F7BC9D3CDB56F1169300399024BAB8D18DD4982E0CFC5117B06FA87EA3,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"ftp.markjpninfos.vizvaz.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:31.573 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.ftp.markjpninfos.vizvaz.com.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_MalwareC2;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base;InfobloxB1ThreatIndicator=markjpninfos.vizvaz.com;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"ftp.markjpninfos.vizvaz.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite ftp.markjpninfos.vizvaz.com. [A] via base.ftp.markjpninfos.vizvaz.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.ftp.markjpninfos.vizvaz.com."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_MalwareC2"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base"",""InfobloxB1ThreatIndicator"":""markjpninfos.vizvaz.com"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Spam URLs,CAT_Web Hosting, ISP & Telco,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","markjpninfos.vizvaz.com",,,,,A,,,,,,,,,,,,99986,,,base,"base.ftp.markjpninfos.vizvaz.com.",,0,100,"APT_MalwareC2",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,MalwareC2
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:19.241 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT_Generic",,"1c6bf94f-54db-11e9-83d0-61bce6109bb1","4/1/2039, 8:01:07.575 PM",BE61496D853ABE0ABBD2F7A7AFB29A77CF16DAE59D98C5BC2A60879D29007F75,WatchList,true,,,,,,,,,,,,white,,,,,,,,,,,,,,,,,,,,"activity-confirmation-service.info.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:45.281 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.activity-confirmation-service.info.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_Generic;InfobloxThreatConfidence=0;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=activity-confirmation-service.info;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"activity-confirmation-service.info.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite activity-confirmation-service.info. [A] via base.activity-confirmation-service.info.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,64464,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.activity-confirmation-service.info."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_Generic"",""InfobloxThreatConfidence"":""0"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""activity-confirmation-service.info"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","activity-confirmation-service.info",,,,,A,,,,,,,,,,,,99986,,,base,"base.activity-confirmation-service.info.",,0,100,"APT_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.557 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Phishing",,"56c8a459-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:20:07.155 PM",5E8E4CC8A2B50CA5EF823B2F97456F5D0D1D25759C49F0CCF68FD7DF6844B62F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:20:07.155Z"",""Profile: AISCOMM"",""Property: Phishing_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"phishing.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:51.557 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,DNS,,"phishing.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,14743,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.557 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Phishing",,"56c8a459-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:20:07.155 PM",5E8E4CC8A2B50CA5EF823B2F97456F5D0D1D25759C49F0CCF68FD7DF6844B62F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:20:07.155Z"",""Profile: AISCOMM"",""Property: Phishing_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"phishing.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:51.558 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,DNS,,"phishing.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,14743,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.557 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Phishing",,"56c8a459-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:20:07.155 PM",5E8E4CC8A2B50CA5EF823B2F97456F5D0D1D25759C49F0CCF68FD7DF6844B62F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:20:07.155Z"",""Profile: AISCOMM"",""Property: Phishing_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"phishing.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:51.558 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,DNS,,"phishing.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,14743,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.557 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Phishing",,"56c8a459-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:20:07.155 PM",5E8E4CC8A2B50CA5EF823B2F97456F5D0D1D25759C49F0CCF68FD7DF6844B62F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:20:07.155Z"",""Profile: AISCOMM"",""Property: Phishing_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"phishing.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:40:51.558 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,DNS,,"phishing.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,14743,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.557 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Phishing",,"56c8a459-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:20:07.155 PM",5E8E4CC8A2B50CA5EF823B2F97456F5D0D1D25759C49F0CCF68FD7DF6844B62F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:20:07.155Z"",""Profile: AISCOMM"",""Property: Phishing_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"phishing.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:02.115 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=antimalware.phishing.eicar.network.;InfobloxRPZ=antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain;InfobloxB1ThreatIndicator=phishing.eicar.network;InfobloxB1FeedName=AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"phishing.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite phishing.eicar.network. [A] via antimalware.phishing.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,14743,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""antimalware.phishing.eicar.network."",""InfobloxRPZ"":""antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""Phishing_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""phishing.eicar.network"",""InfobloxB1FeedName"":""AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",AntiMalware,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","phishing.eicar.network",,,,,A,,,,,,,,,,,,99986,,,antimalware,"antimalware.phishing.eicar.network.",,100,100,"Phishing_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,Phishing,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.557 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Phishing",,"56c8a459-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:20:07.155 PM",5E8E4CC8A2B50CA5EF823B2F97456F5D0D1D25759C49F0CCF68FD7DF6844B62F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:20:07.155Z"",""Profile: AISCOMM"",""Property: Phishing_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"phishing.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:02.115 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=antimalware.phishing.eicar.network.;InfobloxRPZ=antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain;InfobloxB1ThreatIndicator=phishing.eicar.network;InfobloxB1FeedName=AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"phishing.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite phishing.eicar.network. [A] via antimalware.phishing.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,14743,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""antimalware.phishing.eicar.network."",""InfobloxRPZ"":""antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""Phishing_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""phishing.eicar.network"",""InfobloxB1FeedName"":""AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",AntiMalware,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","phishing.eicar.network",,,,,A,,,,,,,,,,,,99986,,,antimalware,"antimalware.phishing.eicar.network.",,100,100,"Phishing_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,Phishing,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.557 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Phishing",,"56c8a459-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:20:07.155 PM",5E8E4CC8A2B50CA5EF823B2F97456F5D0D1D25759C49F0CCF68FD7DF6844B62F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:20:07.155Z"",""Profile: AISCOMM"",""Property: Phishing_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"phishing.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:02.115 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=antimalware.phishing.eicar.network.;InfobloxRPZ=antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain;InfobloxB1ThreatIndicator=phishing.eicar.network;InfobloxB1FeedName=AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"phishing.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite phishing.eicar.network. [AAAA] via antimalware.phishing.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,14743,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""antimalware.phishing.eicar.network."",""InfobloxRPZ"":""antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""Phishing_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""phishing.eicar.network"",""InfobloxB1FeedName"":""AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",AntiMalware,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","phishing.eicar.network",,,,,AAAA,,,,,,,,,,,,99986,,,antimalware,"antimalware.phishing.eicar.network.",,100,100,"Phishing_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,Phishing,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.557 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Phishing",,"56c8a459-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:20:07.155 PM",5E8E4CC8A2B50CA5EF823B2F97456F5D0D1D25759C49F0CCF68FD7DF6844B62F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:20:07.155Z"",""Profile: AISCOMM"",""Property: Phishing_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"phishing.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:02.115 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=antimalware.phishing.eicar.network.;InfobloxRPZ=antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=Phishing_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain;InfobloxB1ThreatIndicator=phishing.eicar.network;InfobloxB1FeedName=AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"phishing.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite phishing.eicar.network. [AAAA] via antimalware.phishing.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,14743,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""antimalware.phishing.eicar.network."",""InfobloxRPZ"":""antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""Phishing_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""phishing.eicar.network"",""InfobloxB1FeedName"":""AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",AntiMalware,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","phishing.eicar.network",,,,,AAAA,,,,,,,,,,,,99986,,,antimalware,"antimalware.phishing.eicar.network.",,100,100,"Phishing_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,Phishing,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.582 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT",,"f1753379-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:24:26.654 PM",1D417ABF703CED83C59229D304C7AE6FBA3FECF4CFBB01FCFE0789323733DAB7,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:24:26.654Z"",""Profile: AISCOMM"",""Property: APT_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"apt.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:25.051 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",,DNS,,"apt.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,8405,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.582 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT",,"f1753379-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:24:26.654 PM",1D417ABF703CED83C59229D304C7AE6FBA3FECF4CFBB01FCFE0789323733DAB7,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:24:26.654Z"",""Profile: AISCOMM"",""Property: APT_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"apt.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:25.051 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",,DNS,,"apt.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,8405,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.582 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT",,"f1753379-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:24:26.654 PM",1D417ABF703CED83C59229D304C7AE6FBA3FECF4CFBB01FCFE0789323733DAB7,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:24:26.654Z"",""Profile: AISCOMM"",""Property: APT_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"apt.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:25.051 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",,DNS,,"apt.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,8405,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.582 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT",,"f1753379-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:24:26.654 PM",1D417ABF703CED83C59229D304C7AE6FBA3FECF4CFBB01FCFE0789323733DAB7,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:24:26.654Z"",""Profile: AISCOMM"",""Property: APT_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"apt.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:25.051 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",,DNS,,"apt.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,8405,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.582 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT",,"f1753379-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:24:26.654 PM",1D417ABF703CED83C59229D304C7AE6FBA3FECF4CFBB01FCFE0789323733DAB7,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:24:26.654Z"",""Profile: AISCOMM"",""Property: APT_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"apt.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:36.781 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.apt.eicar.network.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain;InfobloxB1ThreatIndicator=apt.eicar.network;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"apt.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite apt.eicar.network. [A] via base.apt.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,8405,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.apt.eicar.network."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""apt.eicar.network"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","apt.eicar.network",,,,,A,,,,,,,,,,,,99986,,,base,"base.apt.eicar.network.",,100,100,"APT_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.582 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT",,"f1753379-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:24:26.654 PM",1D417ABF703CED83C59229D304C7AE6FBA3FECF4CFBB01FCFE0789323733DAB7,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:24:26.654Z"",""Profile: AISCOMM"",""Property: APT_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"apt.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:36.781 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=base.apt.eicar.network.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain;InfobloxB1ThreatIndicator=apt.eicar.network;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"apt.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite apt.eicar.network. [AAAA] via base.apt.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,8405,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""base.apt.eicar.network."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""apt.eicar.network"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","apt.eicar.network",,,,,AAAA,,,,,,,,,,,,99986,,,base,"base.apt.eicar.network.",,100,100,"APT_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.582 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT",,"f1753379-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:24:26.654 PM",1D417ABF703CED83C59229D304C7AE6FBA3FECF4CFBB01FCFE0789323733DAB7,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:24:26.654Z"",""Profile: AISCOMM"",""Property: APT_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"apt.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:36.781 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.apt.eicar.network.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain;InfobloxB1ThreatIndicator=apt.eicar.network;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"apt.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite apt.eicar.network. [A] via base.apt.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,8405,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.apt.eicar.network."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""apt.eicar.network"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","apt.eicar.network",,,,,A,,,,,,,,,,,,99986,,,base,"base.apt.eicar.network.",,100,100,"APT_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.582 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - APT",,"f1753379-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:24:26.654 PM",1D417ABF703CED83C59229D304C7AE6FBA3FECF4CFBB01FCFE0789323733DAB7,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:24:26.654Z"",""Profile: AISCOMM"",""Property: APT_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"apt.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:36.781 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=base.apt.eicar.network.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=APT_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain;InfobloxB1ThreatIndicator=apt.eicar.network;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"apt.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite apt.eicar.network. [AAAA] via base.apt.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,8405,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""base.apt.eicar.network."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""APT_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""apt.eicar.network"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base,dhs-ais-domain",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","apt.eicar.network",,,,,AAAA,,,,,,,,,,,,99986,,,base,"base.apt.eicar.network.",,100,100,"APT_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,APT,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.577 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Sinkhole",,"645b43d5-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:27:39.423 PM",63C133C55319EE59C51F4A168EF797DBC34F82EB15855147E2E5A06FB3B04397,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:27:39.423Z"",""Profile: AISCOMM"",""Property: Sinkhole_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:45.158 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.577 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Sinkhole",,"645b43d5-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:27:39.423 PM",63C133C55319EE59C51F4A168EF797DBC34F82EB15855147E2E5A06FB3B04397,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:27:39.423Z"",""Profile: AISCOMM"",""Property: Sinkhole_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:45.159 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.577 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Sinkhole",,"645b43d5-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:27:39.423 PM",63C133C55319EE59C51F4A168EF797DBC34F82EB15855147E2E5A06FB3B04397,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:27:39.423Z"",""Profile: AISCOMM"",""Property: Sinkhole_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:45.159 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.577 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Sinkhole",,"645b43d5-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:27:39.423 PM",63C133C55319EE59C51F4A168EF797DBC34F82EB15855147E2E5A06FB3B04397,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:27:39.423Z"",""Profile: AISCOMM"",""Property: Sinkhole_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:45.159 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base",,DNS,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.565 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - MalwareC2",,"9f9dd084-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:22:09.348 PM",417FB39A977148D8CBCF66E1E5D2D3A12A8FBF3D367CB75E3B05AF517F660D7F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:22:09.348Z"",""Profile: AISCOMM"",""Property: MalwareC2_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:54.832 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,DNS,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.565 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - MalwareC2",,"9f9dd084-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:22:09.348 PM",417FB39A977148D8CBCF66E1E5D2D3A12A8FBF3D367CB75E3B05AF517F660D7F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:22:09.348Z"",""Profile: AISCOMM"",""Property: MalwareC2_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:54.832 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,DNS,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.565 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - MalwareC2",,"9f9dd084-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:22:09.348 PM",417FB39A977148D8CBCF66E1E5D2D3A12A8FBF3D367CB75E3B05AF517F660D7F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:22:09.348Z"",""Profile: AISCOMM"",""Property: MalwareC2_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:54.833 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,DNS,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.565 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - MalwareC2",,"9f9dd084-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:22:09.348 PM",417FB39A977148D8CBCF66E1E5D2D3A12A8FBF3D367CB75E3B05AF517F660D7F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:22:09.348Z"",""Profile: AISCOMM"",""Property: MalwareC2_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:41:54.833 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,DNS,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NXDOMAIN,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.566 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - WebAppAttack",,"14d28be2-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:25:25.987 PM",041478B9A9BE728C8E552CBA42FA87C9585B6CDEA5012AC29CE2B5AD8CAB5F34,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:25:25.987Z"",""Profile: AISCOMM"",""Property: WebAppAttack_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"webappattack.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:08.069 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"webappattack.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""eicar.network. 280 IN SOA ns1.systemdns.com. hostmaster.systemdns.com. 8675310 10800 3600 1209600 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,31614,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.566 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - WebAppAttack",,"14d28be2-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:25:25.987 PM",041478B9A9BE728C8E552CBA42FA87C9585B6CDEA5012AC29CE2B5AD8CAB5F34,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:25:25.987Z"",""Profile: AISCOMM"",""Property: WebAppAttack_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"webappattack.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:08.069 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"webappattack.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""eicar.network. 288 IN SOA ns1.systemdns.com. hostmaster.systemdns.com. 8675310 10800 3600 1209600 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,31614,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",AAAA,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.566 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - WebAppAttack",,"14d28be2-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:25:25.987 PM",041478B9A9BE728C8E552CBA42FA87C9585B6CDEA5012AC29CE2B5AD8CAB5F34,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:25:25.987Z"",""Profile: AISCOMM"",""Property: WebAppAttack_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"webappattack.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:08.069 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"webappattack.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""eicar.network. 300 IN SOA ns1.systemdns.com. hostmaster.systemdns.com. 8675310 10800 3600 1209600 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,31614,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.566 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - WebAppAttack",,"14d28be2-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:25:25.987 PM",041478B9A9BE728C8E552CBA42FA87C9585B6CDEA5012AC29CE2B5AD8CAB5F34,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:25:25.987Z"",""Profile: AISCOMM"",""Property: WebAppAttack_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"webappattack.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:08.070 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NXDOMAIN",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NXDOMAIN;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"webappattack.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""eicar.network. 280 IN SOA ns1.systemdns.com. hostmaster.systemdns.com. 8675310 10800 3600 1209600 3600  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,31614,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NXDOMAIN"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",AAAA,NXDOMAIN,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.565 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - MalwareC2",,"9f9dd084-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:22:09.348 PM",417FB39A977148D8CBCF66E1E5D2D3A12A8FBF3D367CB75E3B05AF517F660D7F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:22:09.348Z"",""Profile: AISCOMM"",""Property: MalwareC2_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:58.467 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=antimalware.malwarec2.eicar.network.;InfobloxRPZ=antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=MalwareC2_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain;InfobloxB1ThreatIndicator=malwarec2.eicar.network;InfobloxB1FeedName=AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite malwarec2.eicar.network. [AAAA] via antimalware.malwarec2.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""antimalware.malwarec2.eicar.network."",""InfobloxRPZ"":""antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""MalwareC2_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""malwarec2.eicar.network"",""InfobloxB1FeedName"":""AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",AntiMalware,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","malwarec2.eicar.network",,,,,AAAA,,,,,,,,,,,,99986,,,antimalware,"antimalware.malwarec2.eicar.network.",,100,100,"MalwareC2_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,MalwareC2,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.565 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - MalwareC2",,"9f9dd084-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:22:09.348 PM",417FB39A977148D8CBCF66E1E5D2D3A12A8FBF3D367CB75E3B05AF517F660D7F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:22:09.348Z"",""Profile: AISCOMM"",""Property: MalwareC2_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:58.467 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=antimalware.malwarec2.eicar.network.;InfobloxRPZ=antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=MalwareC2_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain;InfobloxB1ThreatIndicator=malwarec2.eicar.network;InfobloxB1FeedName=AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite malwarec2.eicar.network. [A] via antimalware.malwarec2.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""antimalware.malwarec2.eicar.network."",""InfobloxRPZ"":""antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""MalwareC2_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""malwarec2.eicar.network"",""InfobloxB1FeedName"":""AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",AntiMalware,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","malwarec2.eicar.network",,,,,A,,,,,,,,,,,,99986,,,antimalware,"antimalware.malwarec2.eicar.network.",,100,100,"MalwareC2_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,MalwareC2,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.565 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - MalwareC2",,"9f9dd084-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:22:09.348 PM",417FB39A977148D8CBCF66E1E5D2D3A12A8FBF3D367CB75E3B05AF517F660D7F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:22:09.348Z"",""Profile: AISCOMM"",""Property: MalwareC2_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:58.468 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=antimalware.malwarec2.eicar.network.;InfobloxRPZ=antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=MalwareC2_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain;InfobloxB1ThreatIndicator=malwarec2.eicar.network;InfobloxB1FeedName=AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite malwarec2.eicar.network. [AAAA] via antimalware.malwarec2.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""antimalware.malwarec2.eicar.network."",""InfobloxRPZ"":""antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""MalwareC2_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""malwarec2.eicar.network"",""InfobloxB1FeedName"":""AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",AntiMalware,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","malwarec2.eicar.network",,,,,AAAA,,,,,,,,,,,,99986,,,antimalware,"antimalware.malwarec2.eicar.network.",,100,100,"MalwareC2_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,MalwareC2,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.565 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - MalwareC2",,"9f9dd084-7094-11e7-93aa-a9c200d27e3b","7/24/2038, 5:22:09.348 PM",417FB39A977148D8CBCF66E1E5D2D3A12A8FBF3D367CB75E3B05AF517F660D7F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:22:09.348Z"",""Profile: AISCOMM"",""Property: MalwareC2_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:58.468 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=antimalware.malwarec2.eicar.network.;InfobloxRPZ=antimalware;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=MalwareC2_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain;InfobloxB1ThreatIndicator=malwarec2.eicar.network;InfobloxB1FeedName=AntiMalware;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"malwarec2.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite malwarec2.eicar.network. [A] via antimalware.malwarec2.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""antimalware.malwarec2.eicar.network."",""InfobloxRPZ"":""antimalware"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""MalwareC2_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain"",""InfobloxB1ThreatIndicator"":""malwarec2.eicar.network"",""InfobloxB1FeedName"":""AntiMalware"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,antimalware,dhs-ais-domain",AntiMalware,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","malwarec2.eicar.network",,,,,A,,,,,,,,,,,,99986,,,antimalware,"antimalware.malwarec2.eicar.network.",,100,100,"MalwareC2_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,MalwareC2,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.577 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Sinkhole",,"645b43d5-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:27:39.423 PM",63C133C55319EE59C51F4A168EF797DBC34F82EB15855147E2E5A06FB3B04397,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:27:39.423Z"",""Profile: AISCOMM"",""Property: Sinkhole_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:58.962 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.sinkhole.eicar.network.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=Sinkhole_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=sinkhole.eicar.network;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite sinkhole.eicar.network. [A] via base.sinkhole.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.sinkhole.eicar.network."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""Sinkhole_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""sinkhole.eicar.network"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","sinkhole.eicar.network",,,,,A,,,,,,,,,,,,99986,,,base,"base.sinkhole.eicar.network.",,100,100,"Sinkhole_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,Sinkhole,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.577 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Sinkhole",,"645b43d5-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:27:39.423 PM",63C133C55319EE59C51F4A168EF797DBC34F82EB15855147E2E5A06FB3B04397,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:27:39.423Z"",""Profile: AISCOMM"",""Property: Sinkhole_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:58.963 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=base.sinkhole.eicar.network.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=Sinkhole_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=sinkhole.eicar.network;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite sinkhole.eicar.network. [AAAA] via base.sinkhole.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""base.sinkhole.eicar.network."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""Sinkhole_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""sinkhole.eicar.network"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","sinkhole.eicar.network",,,,,AAAA,,,,,,,,,,,,99986,,,base,"base.sinkhole.eicar.network.",,100,100,"Sinkhole_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,Sinkhole,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.577 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Sinkhole",,"645b43d5-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:27:39.423 PM",63C133C55319EE59C51F4A168EF797DBC34F82EB15855147E2E5A06FB3B04397,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:27:39.423Z"",""Profile: AISCOMM"",""Property: Sinkhole_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:58.963 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=base.sinkhole.eicar.network.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=Sinkhole_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=sinkhole.eicar.network;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite sinkhole.eicar.network. [A] via base.sinkhole.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""base.sinkhole.eicar.network."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""Sinkhole_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""sinkhole.eicar.network"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","sinkhole.eicar.network",,,,,A,,,,,,,,,,,,99986,,,base,"base.sinkhole.eicar.network.",,100,100,"Sinkhole_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,Sinkhole,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/12/2023, 6:41:49.577 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - HOST - Sinkhole",,"645b43d5-7095-11e7-aca8-c3acc3cf5513","7/24/2038, 5:27:39.423 PM",63C133C55319EE59C51F4A168EF797DBC34F82EB15855147E2E5A06FB3B04397,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2017-07-24T17:27:39.423Z"",""Profile: AISCOMM"",""Property: Sinkhole_Generic"",""Threat Level: 100""]",white,,,,,,,,,,,,,,,,,,,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 2:42:58.963 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-NXDOMAIN","RPZ EVENT QNAME NXDOMAIN",8,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=base.sinkhole.eicar.network.;InfobloxRPZ=base;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=;InfobloxThreatProperty=Sinkhole_Generic;InfobloxThreatConfidence=100;InfobloxThreatLevel=100;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized,base;InfobloxB1ThreatIndicator=sinkhole.eicar.network;InfobloxB1FeedName=Base;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Block",NXDOMAIN,DNS,,"sinkhole.eicar.network.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME NXDOMAIN rewrite sinkhole.eicar.network. [AAAA] via base.sinkhole.eicar.network.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,32159,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,,,,,"Sentinel-Demo-CDC",OpsManager,NXDOMAIN,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""base.sinkhole.eicar.network."",""InfobloxRPZ"":""base"",""InfobloxPolicyID"":""99986"",""InfobloxThreatProperty"":""Sinkhole_Generic"",""InfobloxThreatConfidence"":""100"",""InfobloxThreatLevel"":""100"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized,base"",""InfobloxB1ThreatIndicator"":""sinkhole.eicar.network"",""InfobloxB1FeedName"":""Base"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Block""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Uncategorized,base",Base,FQDN,"BloxOne Endpoint",,,Block,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","sinkhole.eicar.network",,,,,AAAA,,,,,,,,,,,,99986,,,base,"base.sinkhole.eicar.network.",,100,100,"Sinkhole_Generic",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,High,Sinkhole,Generic
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:32.214 AM",SecurityGraph,alert,,"Domain is a lookalike to inbank.it. The creation date is 2022-08-18.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3cc86e-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",49508DA9DF2519429A41CEB742493A8D98E71F7E7B8C0085C68F14F98833B16A,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"unitjinbank.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:30:38.751 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Banking",,DNS,,"unitjinbank.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""unitjinbank.com. 300 IN A 172.67.180.96  unitjinbank.com. 300 IN A 104.21.18.44  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,41288,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Banking""}",,,,,,,,,,,,,,,,,,,2,1,"remote_client","APP_Uncategorized,CAT_Banking",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:32.214 AM",SecurityGraph,alert,,"Domain is a lookalike to inbank.it. The creation date is 2022-08-18.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3cc86e-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",49508DA9DF2519429A41CEB742493A8D98E71F7E7B8C0085C68F14F98833B16A,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"unitjinbank.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:30:38.752 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=2;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Banking",,DNS,,"unitjinbank.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""unitjinbank.com. 300 IN AAAA 2606:4700:3031::6815:122c  unitjinbank.com. 300 IN AAAA 2606:4700:3036::ac43:b460  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,41288,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""2"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Banking""}",,,,,,,,,,,,,,,,,,,2,1,"remote_client","APP_Uncategorized,CAT_Banking",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",AAAA,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:33.201 AM",SecurityGraph,alert,,"Domain is a lookalike to lot.com. The creation date is 2022-09-23.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3ca258-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",11CD26B9CEF4DF671336F56A70C7D6387F9637B0DF8ECDE277B548B15E7C25D0,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"taco-lot.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:30:58.662 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-REDIRECT","RPZ EVENT QNAME REDIRECT",0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Parked & For Sale Domains.taco-lot.com.;InfobloxRPZ=CAT_Parked & For Sale Domains;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Parked & For Sale Domains;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains;InfobloxB1ThreatIndicator=taco-lot.com;InfobloxB1FeedName=CAT_Parked & For Sale Domains;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,"taco-lot.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite taco-lot.com. [A] via CAT_Parked & For Sale Domains.taco-lot.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Parked & For Sale Domains.taco-lot.com."",""InfobloxRPZ"":""CAT_Parked & For Sale Domains"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Parked & For Sale Domains"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains"",""InfobloxB1ThreatIndicator"":""taco-lot.com"",""InfobloxB1FeedName"":""CAT_Parked & For Sale Domains"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Parked & For Sale Domains","CAT_Parked & For Sale Domains",FQDN,"BloxOne Endpoint",,,Redirect,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","taco-lot.com",,,,,A,,,"Parked & For Sale Domains",,,,,,,,,99986,,,"CAT_Parked & For Sale Domains","CAT_Parked & For Sale Domains.taco-lot.com.",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:33.201 AM",SecurityGraph,alert,,"Domain is a lookalike to lot.com. The creation date is 2022-09-23.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3ca258-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",11CD26B9CEF4DF671336F56A70C7D6387F9637B0DF8ECDE277B548B15E7C25D0,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"taco-lot.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:30:58.663 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-REDIRECT","RPZ EVENT QNAME REDIRECT",0,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=CAT_Parked & For Sale Domains.taco-lot.com.;InfobloxRPZ=CAT_Parked & For Sale Domains;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Parked & For Sale Domains;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains;InfobloxB1ThreatIndicator=taco-lot.com;InfobloxB1FeedName=CAT_Parked & For Sale Domains;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,"taco-lot.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite taco-lot.com. [AAAA] via CAT_Parked & For Sale Domains.taco-lot.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""CAT_Parked & For Sale Domains.taco-lot.com."",""InfobloxRPZ"":""CAT_Parked & For Sale Domains"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Parked & For Sale Domains"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains"",""InfobloxB1ThreatIndicator"":""taco-lot.com"",""InfobloxB1FeedName"":""CAT_Parked & For Sale Domains"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Parked & For Sale Domains","CAT_Parked & For Sale Domains",FQDN,"BloxOne Endpoint",,,Redirect,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","taco-lot.com",,,,,AAAA,,,"Parked & For Sale Domains",,,,,,,,,99986,,,"CAT_Parked & For Sale Domains","CAT_Parked & For Sale Domains.taco-lot.com.",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:33.201 AM",SecurityGraph,alert,,"Domain is a lookalike to lot.com. The creation date is 2022-09-23.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3ca258-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",11CD26B9CEF4DF671336F56A70C7D6387F9637B0DF8ECDE277B548B15E7C25D0,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"taco-lot.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:30:58.666 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains",,DNS,,"taco-lot.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""taco-lot.com. 10 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains""}",,,,,,,,,,,,,,,,,,,1,1,"remote_client","APP_Uncategorized,CAT_Parked & For Sale Domains",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:33.201 AM",SecurityGraph,alert,,"Domain is a lookalike to lot.com. The creation date is 2022-09-23.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3ca258-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",11CD26B9CEF4DF671336F56A70C7D6387F9637B0DF8ECDE277B548B15E7C25D0,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"taco-lot.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:30:58.666 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Parked & For Sale Domains",,DNS,,"taco-lot.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""taco-lot.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Parked & For Sale Domains""}",,,,,,,,,,,,,,,,,,,1,1,"remote_client","APP_Uncategorized,CAT_Parked & For Sale Domains",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:44.036 AM",SecurityGraph,alert,,"Domain is a lookalike to state.tx.us. The creation date is 2022-08-26.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3ca256-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",55E7E37F6FA61E003C0E0950F7C9FD11BBCF21041AC789D1CF48F050FB455746,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"stonyfordestate.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:05.533 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-REDIRECT","RPZ EVENT QNAME REDIRECT",0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Interior Decorating.stonyfordestate.com.;InfobloxRPZ=CAT_Interior Decorating;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Interior Decorating;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Architects,CAT_Interior Decorating;InfobloxB1ThreatIndicator=stonyfordestate.com;InfobloxB1FeedName=CAT_Interior Decorating;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,"stonyfordestate.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite stonyfordestate.com. [A] via CAT_Interior Decorating.stonyfordestate.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Interior Decorating.stonyfordestate.com."",""InfobloxRPZ"":""CAT_Interior Decorating"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Interior Decorating"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Architects,CAT_Interior Decorating"",""InfobloxB1ThreatIndicator"":""stonyfordestate.com"",""InfobloxB1FeedName"":""CAT_Interior Decorating"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Architects,CAT_Interior Decorating","CAT_Interior Decorating",FQDN,"BloxOne Endpoint",,,Redirect,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","stonyfordestate.com",,,,,A,,,"Interior Decorating",,,,,,,,,99986,,,"CAT_Interior Decorating","CAT_Interior Decorating.stonyfordestate.com.",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:44.036 AM",SecurityGraph,alert,,"Domain is a lookalike to state.tx.us. The creation date is 2022-08-26.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3ca256-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",55E7E37F6FA61E003C0E0950F7C9FD11BBCF21041AC789D1CF48F050FB455746,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"stonyfordestate.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:05.533 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-REDIRECT","RPZ EVENT QNAME REDIRECT",0,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=CAT_Interior Decorating.stonyfordestate.com.;InfobloxRPZ=CAT_Interior Decorating;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Interior Decorating;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Architects,CAT_Interior Decorating;InfobloxB1ThreatIndicator=stonyfordestate.com;InfobloxB1FeedName=CAT_Interior Decorating;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,"stonyfordestate.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite stonyfordestate.com. [AAAA] via CAT_Interior Decorating.stonyfordestate.com.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""CAT_Interior Decorating.stonyfordestate.com."",""InfobloxRPZ"":""CAT_Interior Decorating"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Interior Decorating"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Architects,CAT_Interior Decorating"",""InfobloxB1ThreatIndicator"":""stonyfordestate.com"",""InfobloxB1FeedName"":""CAT_Interior Decorating"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Architects,CAT_Interior Decorating","CAT_Interior Decorating",FQDN,"BloxOne Endpoint",,,Redirect,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","stonyfordestate.com",,,,,AAAA,,,"Interior Decorating",,,,,,,,,99986,,,"CAT_Interior Decorating","CAT_Interior Decorating.stonyfordestate.com.",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:44.036 AM",SecurityGraph,alert,,"Domain is a lookalike to state.tx.us. The creation date is 2022-08-26.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3ca256-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",55E7E37F6FA61E003C0E0950F7C9FD11BBCF21041AC789D1CF48F050FB455746,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"stonyfordestate.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:06.128 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Architects,CAT_Interior Decorating",,DNS,,"stonyfordestate.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""stonyfordestate.com. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Architects,CAT_Interior Decorating""}",,,,,,,,,,,,,,,,,,,1,1,"remote_client","APP_Uncategorized,CAT_Architects,CAT_Interior Decorating",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:06:44.036 AM",SecurityGraph,alert,,"Domain is a lookalike to state.tx.us. The creation date is 2022-08-26.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3ca256-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",55E7E37F6FA61E003C0E0950F7C9FD11BBCF21041AC789D1CF48F050FB455746,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"stonyfordestate.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:06.129 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Architects,CAT_Interior Decorating",,DNS,,"stonyfordestate.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""stonyfordestate.com. 10 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Architects,CAT_Interior Decorating""}",,,,,,,,,,,,,,,,,,,1,1,"remote_client","APP_Uncategorized,CAT_Architects,CAT_Interior Decorating",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:19.691 AM",SecurityGraph,alert,,"Domain is a lookalike to state.tx.us. The creation date is 2023-06-16.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3cc876-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",8D03B750C42E5C0F0C2AF2513F5C91FBEAC2FF2487A8D50EEEFAF259E00871F8,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"sibir-estate.ru.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:12.655 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-REDIRECT","RPZ EVENT QNAME REDIRECT",0,,"InfobloxDNSView=;InfobloxDNSQType=AAAA;InfobloxRPZRule=CAT_Real Estate - Other.sibir-estate.ru.;InfobloxRPZ=CAT_Real Estate - Other;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Real Estate - Other;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Real Estate - Other;InfobloxB1ThreatIndicator=sibir-estate.ru;InfobloxB1FeedName=CAT_Real Estate - Other;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,"sibir-estate.ru.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite sibir-estate.ru. [AAAA] via CAT_Real Estate - Other.sibir-estate.ru.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""AAAA"",""InfobloxRPZRule"":""CAT_Real Estate - Other.sibir-estate.ru."",""InfobloxRPZ"":""CAT_Real Estate - Other"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Real Estate - Other"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Real Estate - Other"",""InfobloxB1ThreatIndicator"":""sibir-estate.ru"",""InfobloxB1FeedName"":""CAT_Real Estate - Other"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Real Estate - Other","CAT_Real Estate - Other",FQDN,"BloxOne Endpoint",,,Redirect,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","sibir-estate.ru",,,,,AAAA,,,"Real Estate - Other",,,,,,,,,99986,,,"CAT_Real Estate - Other","CAT_Real Estate - Other.sibir-estate.ru.",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:19.691 AM",SecurityGraph,alert,,"Domain is a lookalike to state.tx.us. The creation date is 2023-06-16.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3cc876-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",8D03B750C42E5C0F0C2AF2513F5C91FBEAC2FF2487A8D50EEEFAF259E00871F8,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"sibir-estate.ru.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:12.655 AM",Infoblox,"Data Connector","2.1.3","RPZ-QNAME-REDIRECT","RPZ EVENT QNAME REDIRECT",0,,"InfobloxDNSView=;InfobloxDNSQType=A;InfobloxRPZRule=CAT_Real Estate - Other.sibir-estate.ru.;InfobloxRPZ=CAT_Real Estate - Other;InfobloxCSiteId=;InfobloxPolicyID=99986;InfobloxDomainCat=Real Estate - Other;InfobloxThreatProperty=;InfobloxThreatConfidence=;InfobloxThreatLevel=;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med;InfobloxB1ThreatIndicator=sibir-estate.ru;InfobloxB1FeedName=CAT_Real Estate - Other;InfobloxB1FeedType=FQDN;InfobloxB1PolicyName=Sentinel-Security-Policy;InfobloxB1PolicyAction=Redirect",REDIRECT,DNS,,"sibir-estate.ru.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""rpz QNAME REDIRECT rewrite sibir-estate.ru. [A] via CAT_Real Estate - Other.sibir-estate.ru.""",,,,,,,,,,,,,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,REDIRECT,,CommonSecurityLog,,"{""InfobloxDNSQType"":""A"",""InfobloxRPZRule"":""CAT_Real Estate - Other.sibir-estate.ru."",""InfobloxRPZ"":""CAT_Real Estate - Other"",""InfobloxPolicyID"":""99986"",""InfobloxDomainCat"":""Real Estate - Other"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med"",""InfobloxB1ThreatIndicator"":""sibir-estate.ru"",""InfobloxB1FeedName"":""CAT_Real Estate - Other"",""InfobloxB1FeedType"":""FQDN"",""InfobloxB1PolicyName"":""Sentinel-Security-Policy"",""InfobloxB1PolicyAction"":""Redirect""}",,,,,,,,,,,,,,,,,,,,,"remote_client","APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med","CAT_Real Estate - Other",FQDN,"BloxOne Endpoint",,,Redirect,"Sentinel-Security-Policy","us-west-1","Windows 10 Enterprise","sibir-estate.ru",,,,,A,,,"Real Estate - Other",,,,,,,,,99986,,,"CAT_Real Estate - Other","CAT_Real Estate - Other.sibir-estate.ru.",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:19.691 AM",SecurityGraph,alert,,"Domain is a lookalike to state.tx.us. The creation date is 2023-06-16.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3cc876-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",8D03B750C42E5C0F0C2AF2513F5C91FBEAC2FF2487A8D50EEEFAF259E00871F8,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"sibir-estate.ru.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:12.728 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Real Estate - Other",,DNS,,"sibir-estate.ru.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""sibir-estate.ru. 10 IN AAAA 2600:1f18:1043:dc00:8083:68e:ef0f:46de  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Real Estate - Other""}",,,,,,,,,,,,,,,,,,,1,1,"remote_client","APP_Uncategorized,CAT_Real Estate - Other",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",AAAA,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:19.691 AM",SecurityGraph,alert,,"Domain is a lookalike to state.tx.us. The creation date is 2023-06-16.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3cc876-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",8D03B750C42E5C0F0C2AF2513F5C91FBEAC2FF2487A8D50EEEFAF259E00871F8,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"sibir-estate.ru.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:12.728 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=-EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med",,DNS,,"sibir-estate.ru.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""sibir-estate.ru. 10 IN A 3.215.231.251  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""-EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med""}",,,,,,,,,,,,,,,,,,,1,1,"remote_client","APP_Uncategorized,CAT_Real Estate - Other,eecn-ip,sanctions-high,sanctions-med",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"-EV",A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:08:07.498 AM",SecurityGraph,alert,,"Domain is a lookalike to post.ch. The creation date is 2022-11-26.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3ca250-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",5B8B705C0779BD09AD2F027ECE3E76AF73BEA5EAFDFCE7521CA8C9856BB0E91C,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"postater.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:16.736 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"postater.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""postater.com. 3600 IN A 178.128.159.80  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,1,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:08:07.498 AM",SecurityGraph,alert,,"Domain is a lookalike to post.ch. The creation date is 2022-11-26.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3ca250-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",5B8B705C0779BD09AD2F027ECE3E76AF73BEA5EAFDFCE7521CA8C9856BB0E91C,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"postater.com.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:16.736 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"postater.com.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""postater.com. 1800 IN SOA ns1.digitalocean.com. hostmaster.postater.com. 1671741955 10800 3600 604800 1800  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,61345,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",AAAA,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:40.462 AM",SecurityGraph,alert,,"Domain is a lookalike to theta.com. The creation date is None.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3cc869-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",CC11069E04D577D94259E49ACA96D24EB17EC65B670F5A527F75BF81E923932F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"thetacker.de.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:30.300 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN AAAA NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=AAAA;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=0;InfobloxNsCount=1;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"thetacker.de.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""thetacker.de. 300 IN SOA access.ui-dns.biz. hostmaster.1und1.de. 2016042802 28800 7200 604800 300  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,14198,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""AAAA"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""0"",""InfobloxNsCount"":""1"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,0,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",AAAA,NOERROR,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/13/2023, 12:07:40.462 AM",SecurityGraph,alert,,"Domain is a lookalike to theta.com. The creation date is None.",,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",100,"Infoblox - HOST - Policy",,"1f3cc869-0e00-11ee-bd93-0351536a9618","10/16/2023, 5:36:55.766 PM",CC11069E04D577D94259E49ACA96D24EB17EC65B670F5A527F75BF81E923932F,WatchList,true,,,,,,,,,,,"[""HOST"",""Imported: 2023-06-18T17:46:58.161Z"",""Profile: IID"",""Property: Policy_LookalikeDomains"",""Threat Level: 0""]",white,,,,,,,,,,,,,,,,,,,,"thetacker.de.",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:31:30.300 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN A NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=A;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=1;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=APP_Uncategorized,CAT_Uncategorized",,DNS,,"thetacker.de.",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,"""thetacker.de. 3600 IN A 217.160.223.116  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,14198,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""A"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""1"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise"",""InfobloxB1DNSTags"":""APP_Uncategorized,CAT_Uncategorized""}",,,,,,,,,,,,,,,,,,,1,1,"remote_client","APP_Uncategorized,CAT_Uncategorized",,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",A,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
+"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/17/2023, 12:05:13.619 AM",SecurityGraph,alert,,,,"bbbb8e89-4789-4364-b7ae-01664d8c3e1d",,"Infoblox - IP - UncategorizedThreat",,"f93152c0-2047-11ee-814d-e511d53b6182","7/25/2023, 9:10:03.740 PM",2368553894339066D55484B5575FD305732BABBE196273C1311B38B254AD19C7,WatchList,true,,,,,,,,,,,"[""IP"",""Imported: 2023-07-12T00:06:39.032Z"",""Profile: AISCOMM"",""Property: UncategorizedThreat_Generic"",""Threat Level: 80""]",white,,,,,,,,,,,,,,,,,,,,".","59.110.185.203",,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"1e1956bc-a7d2-455e-9ab1-4a9153ebf07a","7/19/2023, 3:35:41.978 AM",Infoblox,"Data Connector","2.1.3","DNS Response","DNS Response IN NS NOERROR",1,,"InfobloxDNSView=;InfobloxDNSQClass=IN;InfobloxDNSQType=NS;InfobloxDNSQFlags=+EV;InfobloxDNSRCode=NOERROR;InfobloxAnCount=13;InfobloxNsCount=0;InfobloxArCount=1;InfobloxB1Region=us-west-1;InfobloxB1ConnectionType=remote_client;InfobloxB1OPHName=;InfobloxB1OPHIPAddress=;InfobloxB1Network=BloxOne Endpoint;InfobloxB1SrcOSVersion=Windows 10 Enterprise;InfobloxB1DHCPFingerprint=;InfobloxB1DNSTags=",,DNS,,".",,,,,,,,,,,,,,,,,,,,,,,,,"208.50.179.13","Sentinel-Win-Main2",,,,,,,,,,,,,,,,""". 67089 IN NS d.root-servers.net.  . 67089 IN NS a.root-servers.net.  . 67089 IN NS b.root-servers.net.  . 67089 IN NS i.root-servers.net.  . 67089 IN NS m.root-servers.net.  . 67089 IN NS h.root-servers.net.  . 67089 IN NS c.root-servers.net.  . 67089 IN NS k.root-servers.net.  . 67089 IN NS f.root-servers.net.  . 67089 IN NS g.root-servers.net.  . 67089 IN NS j.root-servers.net.  . 67089 IN NS e.root-servers.net.  . 67089 IN NS l.root-servers.net.  . 0 4096 OPT """,,,,,,,,,,,,TCP,,,,,,,,,"00:50:56:01:13:0f",,,,,,,,,10620,"208.50.179.13",,,rdp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Sentinel-Demo-CDC",OpsManager,,,CommonSecurityLog,,"{""InfobloxDNSQClass"":""IN"",""InfobloxDNSQType"":""NS"",""InfobloxDNSQFlags"":""+EV"",""InfobloxDNSRCode"":""NOERROR"",""InfobloxAnCount"":""13"",""InfobloxNsCount"":""0"",""InfobloxArCount"":""1"",""InfobloxB1Region"":""us-west-1"",""InfobloxB1ConnectionType"":""remote_client"",""InfobloxB1Network"":""BloxOne Endpoint"",""InfobloxB1SrcOSVersion"":""Windows 10 Enterprise""}",,,,,,,,,,,,,,,,,,,13,1,"remote_client",,,,"BloxOne Endpoint",,,,,"us-west-1","Windows 10 Enterprise",,,,IN,"+EV",NS,NOERROR,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"N/A",,
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml
new file mode 100644
index 00000000000..ce3b8952331
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-DataExfiltrationAttack.yaml	
@@ -0,0 +1,66 @@
+id: 8db2b374-0337-49bd-94c9-cfbf8e5d83ad
+name: Infoblox - Data Exfiltration Attack
+description: |
+  'Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: InfobloxCloudDataConnector
+    dataTypes: 
+      - CommonSecurityLog (InfobloxCDC)
+queryFrequency: 1h
+queryPeriod: 1h
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - Impact
+relevantTechniques:
+  - T1498
+  - T1565
+query: |
+  let threshold = 1;
+  InfobloxCDC
+  | where DeviceEventClassID has_cs "RPZ"
+  | where InfobloxB1FeedName == "Threat Insight - Data Exfiltration"
+  | summarize count() by SourceIP
+  | where count_ > threshold
+  | join kind=innerunique (InfobloxCDC
+    | where DeviceEventClassID has_cs "RPZ"
+    | where InfobloxB1FeedName == "Threat Insight - Data Exfiltration"
+    ) on SourceIP
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: SourceIP
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: DeviceName
+      - identifier: OSVersion
+        columnName: InfobloxB1SrcOSVersion
+      - identifier: FullName
+        columnName: SourceUserName
+  - entityType: Malware
+    fieldMappings:
+      - identifier: Name
+        columnName: InfobloxB1FeedName
+      - identifier: Category
+        columnName: InfobloxB1FeedName
+customDetails:
+  SourceMACAddress: SourceMACAddress
+  InfobloxB1FeedName: InfobloxB1FeedName
+  InfobloxB1Network: InfobloxB1Network
+  InfobloxB1Action: InfobloxB1PolicyAction
+  InfobloxB1PolicyName: InfobloxB1PolicyName
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: true
+    reopenClosedIncident: true
+    lookbackDuration: 7d
+    matchingMethod: AllEntities
+version: 1.0.0
+kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighNumberOfHighThreatLevelQueriesDetected.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighNumberOfHighThreatLevelQueriesDetected.yaml
deleted file mode 100644
index 993f39e7ec5..00000000000
--- a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighNumberOfHighThreatLevelQueriesDetected.yaml	
+++ /dev/null
@@ -1,42 +0,0 @@
-id: 57113ad7-7dd6-4150-84d8-252e162aaf4a
-name: Infoblox - High Number of High Threat Level Queries Detected
-description: |
-  'This creates an incident in the event a single host generates at least 200 high threat level RPZ queries (Threat Defense security hits) in 1 hour. Query count threshold and scheduling is customizable. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
-severity: Medium
-status: Available
-requiredDataConnectors:
-  - connectorId: InfobloxCloudDataConnector
-    dataTypes:
-      - CommonSecurityLog (InfobloxCDC)
-queryFrequency: 1h
-queryPeriod: 1h
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
-  - Impact
-relevantTechniques:
-  - T1498
-  - T1565
-query: |
-  let threshold = 200;
-  InfobloxCDC
-  | where DeviceEventClassID has_cs "RPZ"
-  | where ThreatLevel_Score >=80
-  | summarize count() by SourceIP
-  | where count_ > threshold
-  | join kind=inner (InfobloxCDC
-      | where DeviceEventClassID has_cs "RPZ"
-      | where ThreatLevel_Score >=80
-      ) on SourceIP
-  | extend timestamp = TimeGenerated, IPCustomEntity = SourceIP, HostCustomEntity = DeviceName
-entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: IPCustomEntity
-  - entityType: Host
-    fieldMappings:
-      - identifier: HostName
-        columnName: HostCustomEntity
-version: 1.0.1
-kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighNumberOfNXDOMAINDNSResponsesDetected.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighNumberOfNXDOMAINDNSResponsesDetected.yaml
deleted file mode 100644
index 4963aa2e5e4..00000000000
--- a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighNumberOfNXDOMAINDNSResponsesDetected.yaml	
+++ /dev/null
@@ -1,43 +0,0 @@
-id: 818eddaa-3806-43a2-8930-3defc5a06803
-name: Infoblox - High Number of NXDOMAIN DNS Responses Detected
-description: |
-  'This creates an incident in the event a single host generates at least 200 DNS responses for non-existent domains in 1 hour. Query count threshold and scheduling is customizable. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
-severity: Medium
-status: Available
-requiredDataConnectors:
-  - connectorId: InfobloxCloudDataConnector
-    dataTypes:
-      - CommonSecurityLog (InfobloxCDC)
-queryFrequency: 1h
-queryPeriod: 1h
-triggerOperator: gt
-triggerThreshold: 0
-tactics:
-  - Impact
-relevantTechniques:
-  - T1498
-  - T1565
-query: |
-  let threshold = 200;
-  InfobloxCDC
-  | where DeviceEventClassID == "DNS Response"
-  | where InfobloxDNSRCode == "NXDOMAIN"
-  | summarize count() by SourceIP
-  | where count_ > threshold
-  | join kind=inner (InfobloxCDC
-      | where DeviceEventClassID == "DNS Response"
-      | where InfobloxDNSRCode == "NXDOMAIN"
-      ) on SourceIP
-  | extend timestamp = TimeGenerated, IPCustomEntity = SourceIP, HostCustomEntity = DeviceName
-entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: IPCustomEntity
-  - entityType: Host
-    fieldMappings:
-      - identifier: HostName
-        columnName: HostCustomEntity
-version: 1.0.1
-kind: Scheduled
-
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml
index e7780309d3b..61639766c0f 100644
--- a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml	
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml	
@@ -1,12 +1,12 @@
 id: dc7af829-d716-4774-9d6f-03d9aa7c27a4
 name: Infoblox - High Threat Level Query Not Blocked Detected
 description: |
-  'This creates an incident in the event a single host generates at least 1 high threat level query (Threat Defense security hit) that is not blocked or redirected in 1 hour. Query count threshold and scheduling is customizable. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
+  'At least 1 high threat level query generated by single host in 1 hour that is not blocked or redirected. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).'
 severity: Medium
 status: Available
 requiredDataConnectors:
   - connectorId: InfobloxCloudDataConnector
-    dataTypes:
+    dataTypes: 
       - CommonSecurityLog (InfobloxCDC)
 queryFrequency: 1h
 queryPeriod: 1h
@@ -26,19 +26,42 @@ query: |
   | summarize count() by SourceIP
   | where count_ > threshold
   | join kind=inner (InfobloxCDC
-      | where DeviceEventClassID has_cs "RPZ"
-      | where ThreatLevel_Score >=80
-      | where InfobloxB1PolicyAction == "Log" or SimplifiedDeviceAction == "PASSTHRU"
-      ) on SourceIP
-  | extend timestamp = TimeGenerated, IPCustomEntity = SourceIP, HostCustomEntity = DeviceName
+    | where DeviceEventClassID has_cs "RPZ"
+    | where ThreatLevel_Score >=80
+    | where InfobloxB1PolicyAction == "Log" or SimplifiedDeviceAction == "PASSTHRU"
+    ) on SourceIP
 entityMappings:
   - entityType: IP
     fieldMappings:
       - identifier: Address
-        columnName: IPCustomEntity
+        columnName: SourceIP
   - entityType: Host
     fieldMappings:
       - identifier: HostName
-        columnName: HostCustomEntity
-version: 1.0.1
+        columnName: DeviceName
+      - identifier: OSVersion
+        columnName: InfobloxB1SrcOSVersion
+      - identifier: FullName
+        columnName: SourceUserName
+  - entityType: DNS
+    fieldMappings:
+      - identifier: DomainName
+        columnName: DestinationDnsDomain
+  - entityType: Malware
+    fieldMappings:
+      - identifier: Name
+        columnName: ThreatProperty
+      - identifier: Category
+        columnName: ThreatClass
+customDetails:
+  SourceMACAddress: SourceMACAddress
+  InfobloxB1FeedName: InfobloxB1FeedName
+  InfobloxB1Network: InfobloxB1Network
+  InfobloxB1Action: InfobloxB1PolicyAction
+  InfobloxB1PolicyName: InfobloxB1PolicyName
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+incidentConfiguration:
+  createIncident: true
+version: 1.0.0
 kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml
new file mode 100644
index 00000000000..0cb1ce7de95
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml	
@@ -0,0 +1,51 @@
+id: 3822b794-fa89-4420-aad6-0e1a2307f419
+name: Infoblox - Many High Threat Level Queries From Single Host Detected
+description: |
+  'At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: InfobloxCloudDataConnector
+    dataTypes: 
+      - CommonSecurityLog (InfobloxCDC)
+queryFrequency: 1h
+queryPeriod: 1h
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - Impact
+relevantTechniques:
+  - T1498
+  - T1565
+query: |
+  let threshold = 200;
+  InfobloxCDC
+  | where DeviceEventClassID has_cs "RPZ"
+  | where ThreatLevel_Score >= 80
+  | summarize count() by SourceIP
+  | where count_ > threshold
+  | join kind=inner (InfobloxCDC
+    | where DeviceEventClassID has_cs "RPZ"
+    | where ThreatLevel_Score >= 80
+    ) on SourceIP
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: SourceIP
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: DeviceName
+      - identifier: OSVersion
+        columnName: InfobloxB1SrcOSVersion
+      - identifier: FullName
+        columnName: SourceUserName
+customDetails:
+  SourceMACAddress: SourceMACAddress
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+incidentConfiguration:
+  createIncident: true
+version: 1.0.0
+kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml
new file mode 100644
index 00000000000..5fef11bdd9a
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml	
@@ -0,0 +1,51 @@
+id: 99278700-79ca-4b0f-b416-bf57ec699e1a
+name: Infoblox - Many High Threat Level Single Query Detected
+description: |
+  'Single high threat level domain queried at least 200 times in 1 hour regardless of source. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).'
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: InfobloxCloudDataConnector
+    dataTypes: 
+      - CommonSecurityLog (InfobloxCDC)
+queryFrequency: 1h
+queryPeriod: 1h
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - Impact
+relevantTechniques:
+  - T1498
+  - T1565
+query: |
+  let threshold = 200;
+  InfobloxCDC
+  | where DeviceEventClassID has_cs "RPZ"
+  | where ThreatLevel_Score >= 80
+  | summarize count() by DestinationDnsDomain
+  | where count_ > threshold
+  | join kind=inner (InfobloxCDC
+    | where DeviceEventClassID has_cs "RPZ"
+    | where ThreatLevel_Score >= 80
+    ) on DestinationDnsDomain
+entityMappings:
+  - entityType: DNS
+    fieldMappings:
+      - identifier: DomainName
+        columnName: DestinationDnsDomain
+  - entityType: Malware
+    fieldMappings:
+      - identifier: Name
+        columnName: ThreatProperty
+      - identifier: Category
+        columnName: ThreatClass
+customDetails:
+  InfobloxB1FeedName: InfobloxB1FeedName
+  InfobloxB1Network: InfobloxB1Network
+  InfobloxB1PolicyName: InfobloxB1PolicyName
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+incidentConfiguration:
+  createIncident: true
+version: 1.0.0
+kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml
new file mode 100644
index 00000000000..f9913745361
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml	
@@ -0,0 +1,51 @@
+id: b2f34315-9065-488e-88d0-a171d2b0da8e
+name: Infoblox - Many NXDOMAIN DNS Responses Detected
+description: |
+  'Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).'
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: InfobloxCloudDataConnector
+    dataTypes: 
+      - CommonSecurityLog (InfobloxCDC)
+queryFrequency: 1h
+queryPeriod: 1h
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - Impact
+relevantTechniques:
+  - T1498
+  - T1565
+query: |
+  let threshold = 200;
+  InfobloxCDC
+  | where DeviceEventClassID == "DNS Response"
+  | where InfobloxDNSRCode == "NXDOMAIN"
+  | summarize count() by SourceIP
+  | where count_ > threshold
+  | join kind=inner (InfobloxCDC
+    | where DeviceEventClassID == "DNS Response"
+    | where InfobloxDNSRCode == "NXDOMAIN"
+    ) on SourceIP
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: SourceIP
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: DeviceName
+      - identifier: OSVersion
+        columnName: InfobloxB1SrcOSVersion
+      - identifier: FullName
+        columnName: SourceUserName
+customDetails:
+  SourceMACAddress: SourceMACAddress
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+incidentConfiguration:
+  createIncident: true
+version: 1.0.0
+kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-CommonSecurityLogMatchFound-MalwareC2.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-CommonSecurityLogMatchFound-MalwareC2.yaml
new file mode 100644
index 00000000000..f2b1e877a66
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-CommonSecurityLogMatchFound-MalwareC2.yaml	
@@ -0,0 +1,67 @@
+id: 5b0864a9-4577-4087-b9fa-de3e14a8a999
+name: Infoblox - TI - CommonSecurityLog Match Found - MalwareC2
+description: |
+  'CommonSecurityLog (CEF) MalwareC2/MalwareC2DGA match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired.'
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: CEF
+    dataTypes: 
+      - CommonSecurityLog
+  - connectorId: ThreatIntelligence
+    dataTypes: 
+      - ThreatIntelligenceIndicator
+queryFrequency: 1h
+queryPeriod: 14d
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - Impact
+relevantTechniques:
+  - T1498
+  - T1565
+query: |
+  let dt_lookBack = 1h;
+  let ioc_lookBack = 14d;
+  let TI = ThreatIntelligenceIndicator
+  | where TimeGenerated >= ago(ioc_lookBack)
+  | summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId
+  | where Active == true and ExpirationDateTime > now()  
+  | where Description has_cs "Infoblox"
+  | where Description has_cs "MalwareC2"
+  | where isnotempty(DomainName)
+  ;
+  let Data = CommonSecurityLog
+  | extend HitTime = TimeGenerated
+  | where TimeGenerated >= ago(dt_lookBack)
+  | where isnotempty(DestinationDnsDomain)
+  //Remove trailing period at end of domain
+  | extend DestinationDnsDomain = trim_end(@"\.$", DestinationDnsDomain)
+  ;
+  TI | join kind=innerunique Data on $left.DomainName == $right.DestinationDnsDomain
+  | where HitTime >= TimeGenerated and HitTime < ExpirationDateTime
+  | project LatestIndicatorTime, HitTime, DeviceEventClassID, DestinationDnsDomain, DeviceAction, SourceIP, DeviceName, SourceMACAddress, SourceUserName, AdditionalExtensions, 
+  AdditionalInformation, Description, ThreatType, TrafficLightProtocolLevel, Type, ConfidenceScore, ExpirationDateTime, SourceSystem, Action, IndicatorId, ExternalIndicatorId, Tags
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: SourceIP
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: DeviceName
+      - identifier: FullName
+        columnName: SourceUserName
+  - entityType: DNS
+    fieldMappings:
+      - identifier: DomainName
+        columnName: DestinationDnsDomain
+customDetails:
+  SourceMACAddress: SourceMACAddress
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+incidentConfiguration:
+  createIncident: true
+version: 1.0.0
+kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml
new file mode 100644
index 00000000000..fd8489eb3ce
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml	
@@ -0,0 +1,79 @@
+id: 568730be-b39d-45e3-a392-941e00837d52
+name: Infoblox - TI - InfobloxCDC Match Found - Lookalike Domains
+description: |
+  'InfobloxCDC Lookalike Domain match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).'
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: InfobloxCloudDataConnector
+    dataTypes: 
+      - CommonSecurityLog (InfobloxCDC)
+  - connectorId: ThreatIntelligence
+    dataTypes: 
+      - ThreatIntelligenceIndicator
+queryFrequency: 1h
+queryPeriod: 14d
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - Impact
+relevantTechniques:
+  - T1498
+  - T1565
+query: |
+  let dt_lookBack = 1h;
+  let ioc_lookBack = 14d;
+  let TI = ThreatIntelligenceIndicator
+  | where TimeGenerated >= ago(ioc_lookBack)
+  | summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId
+  | where Active == true and ExpirationDateTime > now()  
+  | where Description == "Infoblox - HOST - Policy"
+  | where Tags has_cs "Property: Policy_LookalikeDomains" 
+  | where isnotempty(DomainName)
+  ;
+  let Data = InfobloxCDC
+  | extend HitTime = TimeGenerated
+  | where TimeGenerated >= ago(dt_lookBack)
+  | where isnotempty(DestinationDnsDomain)
+  //Remove trailing period at end of domain
+  | extend DestinationDnsDomain = trim_end(@"\.$", DestinationDnsDomain)
+  ;
+  TI | join kind=innerunique Data on $left.DomainName == $right.DestinationDnsDomain
+  | where HitTime >= TimeGenerated and HitTime < ExpirationDateTime
+  | project LatestIndicatorTime, HitTime, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested, 
+  AdditionalInformation, Description, ThreatType, TrafficLightProtocolLevel, Type, ConfidenceScore, ExpirationDateTime, SourceSystem, Action, IndicatorId, ExternalIndicatorId, Tags
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: SourceIP
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: DeviceName
+      - identifier: OSVersion
+        columnName: InfobloxB1SrcOSVersion
+      - identifier: FullName
+        columnName: SourceUserName
+  - entityType: DNS
+    fieldMappings:
+      - identifier: DomainName
+        columnName: DestinationDnsDomain
+  - entityType: Malware
+    fieldMappings:
+      - identifier: Name
+        columnName: ThreatProperty
+      - identifier: Category
+        columnName: ThreatClass
+customDetails:
+  SourceMACAddress: SourceMACAddress
+  InfobloxB1FeedName: InfobloxB1FeedName
+  InfobloxB1Network: InfobloxB1Network
+  InfobloxB1Action: InfobloxB1PolicyAction
+  InfobloxB1PolicyName: InfobloxB1PolicyName
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+incidentConfiguration:
+  createIncident: true
+version: 1.0.0
+kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-SyslogMatchFound-URL.yaml b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-SyslogMatchFound-URL.yaml
new file mode 100644
index 00000000000..ed2b8389bf9
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Analytic Rules/Infoblox-TI-SyslogMatchFound-URL.yaml	
@@ -0,0 +1,66 @@
+id: 28ee3c2b-eb4b-44de-a71e-e462843fea72
+name: Infoblox - TI - Syslog Match Found - URL
+description: |
+  'Syslog URL match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired.'
+severity: Medium
+status: Available
+requiredDataConnectors:
+  - connectorId: Syslog
+    dataTypes: 
+      - Syslog
+  - connectorId: ThreatIntelligence
+    dataTypes: 
+      - ThreatIntelligenceIndicator
+queryFrequency: 1h
+queryPeriod: 14d
+triggerOperator: gt
+triggerThreshold: 0
+tactics:
+  - Impact
+relevantTechniques:
+  - T1498
+  - T1565
+query: |
+  let dt_lookBack = 1h;
+  let ioc_lookBack = 14d;
+  let TI = ThreatIntelligenceIndicator
+  | where TimeGenerated >= ago(ioc_lookBack)
+  | summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId
+  | where Active == true and ExpirationDateTime > now()  
+  | where Description has_cs "Infoblox - URL"
+  | where isnotempty(DomainName)
+  ;
+  let Data = Syslog
+  | extend HitTime = TimeGenerated
+  | where TimeGenerated >= ago(dt_lookBack)
+  //Extract URL patterns from syslog message
+  | extend Url = extract("(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\\(\\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)", 1,SyslogMessage)
+  | where isnotempty(Url)
+  ;
+  TI | join kind=innerunique Data on $left.DomainName == $right.Url
+  | where HitTime >= TimeGenerated and HitTime < ExpirationDateTime
+  | project LatestIndicatorTime, HitTime, SyslogMessage, Computer, ProcessName, Url, HostIP, 
+  AdditionalInformation, Description, ThreatType, TrafficLightProtocolLevel, Type, ConfidenceScore, ExpirationDateTime, SourceSystem, Action, IndicatorId, ExternalIndicatorId, Tags
+entityMappings:
+  - entityType: IP
+    fieldMappings:
+      - identifier: Address
+        columnName: HostIP
+  - entityType: Host
+    fieldMappings:
+      - identifier: HostName
+        columnName: Computer
+  - entityType: DNS
+    fieldMappings:
+      - identifier: DomainName
+        columnName: Url
+  - entityType: URL
+    fieldMappings:
+      - identifier: Url
+        columnName: Url
+eventGroupingSettings:
+  aggregationKind: SingleAlert
+incidentConfiguration:
+  createIncident: true
+version: 1.0.0
+kind: Scheduled
diff --git a/Solutions/Infoblox Cloud Data Connector/Data/Solution_Infoblox.json b/Solutions/Infoblox Cloud Data Connector/Data/Solution_Infoblox.json
index a2d56eef958..b17c8c29e76 100644
--- a/Solutions/Infoblox Cloud Data Connector/Data/Solution_Infoblox.json	
+++ b/Solutions/Infoblox Cloud Data Connector/Data/Solution_Infoblox.json	
@@ -4,23 +4,40 @@
     "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">",
     "Description": "The [Infoblox](https://www.infoblox.com/) Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\r\n \r\n   **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent based logs collection from Windows and Linux machines ](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)",
     "Workbooks": [
-	"Workbooks/InfobloxCDCB1TDWorkbook.json"
-	],
+        "Workbooks/InfobloxCDCB1TDWorkbook.json"
+    ],
     "Analytic Rules": [
-      "Analytic Rules/Infoblox-HighNumberOfHighThreatLevelQueriesDetected.yaml",
-      "Analytic Rules/Infoblox-HighNumberOfNXDOMAINDNSResponsesDetected.yaml",
-      "Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml"
+        "Analytic Rules/Infoblox-DataExfiltrationAttack.yaml",
+        "Analytic Rules/Infoblox-HighThreatLevelQueryNotBlockedDetected.yaml",
+        "Analytic Rules/Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected.yaml",
+        "Analytic Rules/Infoblox-ManyHighThreatLevelSingleQueryDetected.yaml",
+        "Analytic Rules/Infoblox-ManyNXDOMAINDNSResponsesDetected.yaml",
+        "Analytic Rules/Infoblox-TI-CommonSecurityLogMatchFound-MalwareC2.yaml",
+        "Analytic Rules/Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains.yaml",
+        "Analytic Rules/Infoblox-TI-SyslogMatchFound-URL.yaml"
     ],
     "Data Connectors": [
         "Data Connectors/InfobloxCloudDataConnector.json"
     ],
-	"Parsers": [
-		"Parsers/InfobloxCDC.txt"
-	],
-	"Metadata": "SolutionMetadata.json",
-	"BasePath": "C:\\GitHub\\azure-sentinel\\Solutions\\Infoblox Cloud Data Connector",
-    "Version": "2.0.10",
-	"TemplateSpec": true,
+    "Parsers": [
+        "Parsers/InfobloxCDC.yaml"
+    ],
+    "Playbooks": [
+        "Playbooks/Infoblox-Import-AISCOMM-Weekly/azuredeploy.json",
+        "Playbooks/Infoblox-Import-Emails-Weekly/azuredeploy.json",
+        "Playbooks/Infoblox-Import-Hashes-Weekly/azuredeploy.json",
+        "Playbooks/Infoblox-Import-Hosts-Daily-LookalikeDomains/azuredeploy.json",
+        "Playbooks/Infoblox-Import-Hosts-Daily-MalwareC2DGA/azuredeploy.json",
+        "Playbooks/Infoblox-Import-Hosts-Daily-Phishing/azuredeploy.json",
+        "Playbooks/Infoblox-Import-Hosts-Hourly/azuredeploy.json",
+        "Playbooks/Infoblox-Import-IPs-Hourly/azuredeploy.json",
+        "Playbooks/Infoblox-Import-URLs-Hourly/azuredeploy.json",
+        "Playbooks/Infoblox-Incident-Enrichment-Domains/azuredeploy.json",
+        "Playbooks/Infoblox-Incident-Send-Email/azuredeploy.json"
+    ],
+    "Metadata": "SolutionMetadata.json",
+    "BasePath": "C:\\GitHub\\azure-sentinel\\Solutions\\Infoblox Cloud Data Connector",
+    "Version": "3.0.0",
+    "TemplateSpec": true,
     "Is1PConnector": false
-  }
-  
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Package/3.0.0.zip b/Solutions/Infoblox Cloud Data Connector/Package/3.0.0.zip
new file mode 100644
index 00000000000..fa819f766a6
Binary files /dev/null and b/Solutions/Infoblox Cloud Data Connector/Package/3.0.0.zip differ
diff --git a/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json b/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json
index da8e4271146..d062e6418eb 100644
--- a/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json	
+++ b/Solutions/Infoblox Cloud Data Connector/Package/createUiDefinition.json	
@@ -1,204 +1,302 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
-  "handler": "Microsoft.Azure.CreateUIDef",
-  "version": "0.1.2-preview",
-  "parameters": {
-    "config": {
-      "isWizard": false,
-      "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this solution, please refer to them before installing._\n\nThe [Infoblox](https://www.infoblox.com/) Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\r\n \r\n   **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent based logs collection from Windows and Linux machines ](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about solutions](https://aka.ms/azuresentinelsolutionsdoc)",
-        "subscription": {
-          "resourceProviders": [
-            "Microsoft.OperationsManagement/solutions",
-            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
-            "Microsoft.Insights/workbooks",
-            "Microsoft.Logic/workflows"
-          ]
-        },
-        "location": {
-          "metadata": {
-            "hidden": "Hiding location, we get it from the log analytics workspace"
-          },
-          "visible": false
-        },
-        "resourceGroup": {
-          "allowExisting": true
-        }
-      }
-    },
-    "basics": [
-      {
-        "name": "getLAWorkspace",
-        "type": "Microsoft.Solutions.ArmApiControl",
-        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
-        "condition": "[greater(length(resourceGroup().name),0)]",
-        "request": {
-          "method": "GET",
-          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
-        }
-      },
-      {
-        "name": "workspace",
-        "type": "Microsoft.Common.DropDown",
-        "label": "Workspace",
-        "placeholder": "Select a workspace",
-        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
-        "constraints": {
-          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
-          "required": true
-        },
-        "visible": true
-      }
-    ],
-    "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs the data connector for ingesting Infoblox BloxOne data into Microsoft Sentinel. You can get Infoblox Cloud Data Connector CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
-      {
-        "name": "workbooks",
-        "label": "Workbooks",
-        "subLabel": {
-          "preValidation": "Configure the workbooks",
-          "postValidation": "Done"
-        },
-        "bladeTitle": "Workbooks",
-        "elements": [
-          {
-            "name": "workbooks-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
-            }
-          },
-          {
-            "name": "workbooks-link",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more",
-                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
-              }
-            }
-          },
-          {
-            "name": "workbook1",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox CDC BloxOne DDI & Threat Defense Workbook",
-            "elements": [
-              {
-                "name": "workbook1-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "This workbook is intended to help visualize BloxOne query data as part of the Infoblox Cloud Data Connector. Drilldown your data and visualize events, trends, and anomalous changes over time.Supported BloxOne Cloud Source log types are Threat Defense Query/Response Logs, Threat Defense Threat Feeds Hits Logs, DDI Query/Response Logs and DDI DHCP Lease Logs."
-                }
-              }
-            ]
-          }
-        ]
-      },
-      {
-        "name": "analytics",
-        "label": "Analytics",
-        "subLabel": {
-          "preValidation": "Configure the analytics",
-          "postValidation": "Done"
-        },
-        "bladeTitle": "Analytics",
-        "elements": [
-          {
-            "name": "analytics-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
-            }
-          },
-          {
-            "name": "analytics-link",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more",
-                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
-              }
-            }
-          },
-          {
-            "name": "analytic1",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - High Number of High Threat Level Queries Detected",
-            "elements": [
-              {
-                "name": "analytic1-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "This creates an incident in the event a single host generates at least 200 high threat level RPZ queries (Threat Defense security hits) in 1 hour. Query count threshold and scheduling is customizable. This rule depends on a parser based on a Kusto Function to work as expected called InfobloxCDC."
-                }
-              }
-            ]
-          },
-          {
-            "name": "analytic2",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - High Number of NXDOMAIN DNS Responses Detected",
-            "elements": [
-              {
-                "name": "analytic2-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "This creates an incident in the event a single host generates at least 200 DNS responses for non-existent domains in 1 hour. Query count threshold and scheduling is customizable. This rule depends on a parser based on a Kusto Function to work as expected called InfobloxCDC."
-                }
-              }
-            ]
-          },
-          {
-            "name": "analytic3",
-            "type": "Microsoft.Common.Section",
-            "label": "Infoblox - High Threat Level Query Not Blocked Detected",
-            "elements": [
-              {
-                "name": "analytic3-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "This creates an incident in the event a single host generates at least 1 high threat level query (Threat Defense security hit) that is not blocked or redirected in 1 hour. Query count threshold and scheduling is customizable. This rule depends on a parser based on a Kusto Function to work as expected called InfobloxCDC."
-                }
-              }
-            ]
-          }
-        ]
-      }
-    ],
-    "outputs": {
-      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
-      "location": "[location()]",
-      "workspace": "[basics('workspace')]"
-    }
-  }
-}
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Infoblox%20Cloud%20Data%20Connector/ReleaseNotes.md)\r \n There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Infoblox](https://www.infoblox.com/) Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\r\n \r\n   **Underlying Microsoft Technologies used:** \r\n \r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n \r\n a. [Agent based logs collection from Windows and Linux machines ](https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs)\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 8, **Playbooks:** 11\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "dataconnectors",
+        "label": "Data Connectors",
+        "bladeTitle": "Data Connectors",
+        "elements": [
+          {
+            "name": "dataconnectors1-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for Infoblox Cloud Data Connector. You can get Infoblox Cloud Data Connector CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-parser-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
+            }
+          },
+          {
+            "name": "dataconnectors-link2",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          }
+        ]
+      },
+      {
+        "name": "workbooks",
+        "label": "Workbooks",
+        "subLabel": {
+          "preValidation": "Configure the workbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Workbooks",
+        "elements": [
+          {
+            "name": "workbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
+            }
+          },
+          {
+            "name": "workbooks-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
+              }
+            }
+          },
+          {
+            "name": "workbook1",
+            "type": "Microsoft.Common.Section",
+            "label": "Infoblox Cloud Data Connector",
+            "elements": [
+              {
+                "name": "workbook1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Sets the time name for analysis"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {
+        "name": "analytics",
+        "label": "Analytics",
+        "subLabel": {
+          "preValidation": "Configure the analytics",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Analytics",
+        "elements": [
+          {
+            "name": "analytics-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the following analytic rule templates. After installing the solution, create and enable analytic rules in Manage solution view."
+            }
+          },
+          {
+            "name": "analytics-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-custom?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          },
+          {
+            "name": "analytic1",
+            "type": "Microsoft.Common.Section",
+            "label": "Infoblox - Data Exfiltration Attack",
+            "elements": [
+              {
+                "name": "analytic1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic2",
+            "type": "Microsoft.Common.Section",
+            "label": "Infoblox - High Threat Level Query Not Blocked Detected",
+            "elements": [
+              {
+                "name": "analytic2-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "At least 1 high threat level query generated by single host in 1 hour that is not blocked or redirected. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic3",
+            "type": "Microsoft.Common.Section",
+            "label": "Infoblox - Many High Threat Level Queries From Single Host Detected",
+            "elements": [
+              {
+                "name": "analytic3-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic4",
+            "type": "Microsoft.Common.Section",
+            "label": "Infoblox - Many High Threat Level Single Query Detected",
+            "elements": [
+              {
+                "name": "analytic4-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Single high threat level domain queried at least 200 times in 1 hour regardless of source. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic5",
+            "type": "Microsoft.Common.Section",
+            "label": "Infoblox - Many NXDOMAIN DNS Responses Detected",
+            "elements": [
+              {
+                "name": "analytic5-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic6",
+            "type": "Microsoft.Common.Section",
+            "label": "Infoblox - TI - CommonSecurityLog Match Found - MalwareC2",
+            "elements": [
+              {
+                "name": "analytic6-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "CommonSecurityLog (CEF) MalwareC2/MalwareC2DGA match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic7",
+            "type": "Microsoft.Common.Section",
+            "label": "Infoblox - TI - InfobloxCDC Match Found - Lookalike Domains",
+            "elements": [
+              {
+                "name": "analytic7-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "InfobloxCDC Lookalike Domain match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt)."
+                }
+              }
+            ]
+          },
+          {
+            "name": "analytic8",
+            "type": "Microsoft.Common.Section",
+            "label": "Infoblox - TI - Syslog Match Found - URL",
+            "elements": [
+              {
+                "name": "analytic8-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Syslog URL match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired."
+                }
+              }
+            ]
+          }
+        ]
+      },
+      {
+        "name": "playbooks",
+        "label": "Playbooks",
+        "subLabel": {
+          "preValidation": "Configure the playbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Playbooks",
+        "elements": [
+          {
+            "name": "playbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This solution installs the Playbook templates to help implement your Security Orchestration, Automation and Response (SOAR) operations. After installing the solution, these will be deployed under Playbook Templates in the Automation blade in Microsoft Sentinel. They can be configured and managed from the Manage solution view in Content Hub."
+            }
+          },
+          {
+            "name": "playbooks-link",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json b/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json
index 7a8b54d6989..77bf8454296 100644
--- a/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json	
+++ b/Solutions/Infoblox Cloud Data Connector/Package/mainTemplate.json	
@@ -1,1140 +1,8002 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-  "contentVersion": "1.0.0.0",
-  "metadata": {
-    "author": "Microsoft - support@microsoft.com",
-    "comments": "Solution template for Infoblox Cloud Data Connector"
-  },
-  "parameters": {
-    "location": {
-      "type": "string",
-      "minLength": 1,
-      "defaultValue": "[resourceGroup().location]",
-      "metadata": {
-        "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
-      }
-    },
-    "workspace-location": {
-      "type": "string",
-      "defaultValue": "",
-      "metadata": {
-        "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
-      }
-    },
-    "workspace": {
-      "defaultValue": "",
-      "type": "string",
-      "metadata": {
-        "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
-      }
-    },
-    "workbook1-name": {
-      "type": "string",
-      "defaultValue": "Infoblox Cloud Data Connector",
-      "minLength": 1,
-      "metadata": {
-        "description": "Name for the workbook"
-      }
-    }
-  },
-  "variables": {
-    "solutionId": "infoblox.infoblox-cdc-solution",
-    "_solutionId": "[variables('solutionId')]",
-    "email": "support@microsoft.com",
-    "_email": "[variables('email')]",
-    "workbookVersion1": "1.0.0",
-    "workbookContentId1": "InfobloxCDCB1TDWorkbook",
-    "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
-    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1')))]",
-    "_workbookContentId1": "[variables('workbookContentId1')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
-    "analyticRuleVersion1": "1.0.1",
-    "analyticRulecontentId1": "57113ad7-7dd6-4150-84d8-252e162aaf4a",
-    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
-    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
-    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1')))]",
-    "analyticRuleVersion2": "1.0.1",
-    "analyticRulecontentId2": "818eddaa-3806-43a2-8930-3defc5a06803",
-    "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
-    "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
-    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2')))]",
-    "analyticRuleVersion3": "1.0.1",
-    "analyticRulecontentId3": "dc7af829-d716-4774-9d6f-03d9aa7c27a4",
-    "_analyticRulecontentId3": "[variables('analyticRulecontentId3')]",
-    "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId3'))]",
-    "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3')))]",
-    "uiConfigId1": "InfobloxCloudDataConnector",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "InfobloxCloudDataConnector",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
-    "dataConnectorVersion1": "1.0.0",
-    "parserVersion1": "1.0.0",
-    "parserContentId1": "InfobloxCDC-Parser",
-    "_parserContentId1": "[variables('parserContentId1')]",
-    "parserName1": "Infoblox Cloud Data Connector Data Parser",
-    "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
-    "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
-    "_parserId1": "[variables('parserId1')]",
-    "parserTemplateSpecName1": "[concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1')))]"
-  },
-  "resources": [
-    {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
-      "name": "[variables('workbookTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "properties": {
-        "description": "Infoblox Cloud Data Connector Workbook with template",
-        "displayName": "Infoblox Cloud Data Connector workbook template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('workbookTemplateSpecName1'),'/',variables('workbookVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Workbook"
-      },
-      "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('workbookTemplateSpecName1'))]"
-      ],
-      "properties": {
-        "description": "InfobloxCDCB1TDWorkbookWorkbook Workbook with template version 2.0.10",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('workbookVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.Insights/workbooks",
-              "name": "[variables('workbookContentId1')]",
-              "location": "[parameters('workspace-location')]",
-              "kind": "shared",
-              "apiVersion": "2021-08-01",
-              "metadata": {
-                "description": "Sets the time name for analysis"
-              },
-              "properties": {
-                "displayName": "[parameters('workbook1-name')]",
-                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the solution.\",\"style\":\"info\"},\"name\":\"text - 9\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":1,\"content\":{\"json\":\"# Infoblox CDC BloxOne DDI & Threat Defense Workbook\\r\\n\\r\\n##### Get a closer look at your BloxOne DNS Query/Response logs, DHCP logs and Threat Defense security event data. \\r\\n\\r\\nThis workbook is intended to help visualize BloxOne query data as part of the Infoblox Cloud Data Connector. Drilldown your data and visualize events, trends, and anomalous changes over time.\\r\\n\\r\\nSupported BloxOne Cloud Source log types:\\r\\n* Threat Defense Query/Response Log\\r\\n* Threat Defense Threat Feeds Hits Log\\r\\n* DDI Query/Response Log\\r\\n* DDI DHCP Lease Log\\r\\n\\r\\n---\\r\\n\"},\"name\":\"text - 3\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"f2ce2fdb-104a-447f-b42b-6d11931a09ff\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & DHCP Overview\",\"subTarget\":\"DNS & DHCP Overview\",\"style\":\"link\"},{\"id\":\"46b4abc5-316b-4c75-89b7-5cf134d6dbb0\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Overview\",\"subTarget\":\"Security Overview\",\"style\":\"link\"},{\"id\":\"81661594-3591-4fe6-a67d-b69ae55abf67\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Events by Device\",\"subTarget\":\"Events by Device\",\"preText\":\"IPs\",\"style\":\"link\"},{\"id\":\"46ca603b-ead0-46bd-987d-1d157b2a763a\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Events by Domain\",\"subTarget\":\"Events by Domain\",\"style\":\"link\"},{\"id\":\"2e942b67-07c4-4579-ac5b-f43c5b01c51c\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Filters\",\"subTarget\":\"Filters\",\"style\":\"link\"}]},\"name\":\"links - 16\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9878ee10-a66a-4438-afdd-29789d76bd61\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":14400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"30\",\"name\":\"parameters - 0\"},{\"type\":1,\"content\":{\"json\":\"#### Set a time range for which to view data using the dropdown to the left. It will be applied to all visualizations of this workbook. Note that using a large range may cause queries to timeout depending on the size of your environment. Reduce the range if this keeps occurring.\\r\\n\\r\\n---\\r\\n\",\"style\":\"info\"},\"customWidth\":\"70\",\"name\":\"text - 7\",\"styleSettings\":{\"margin\":\"0 0 10px 0\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Events by Device\\r\\n---\\r\\n#### Get a closer look into where threat data is originating. \\r\\nThis section visualizes which devices are producing the most hits. Further drilldown data by source IP address. \\r\\n\\r\\nMake sure to set all Threat Defense dropdowns below back to \\\"All\\\" when switching between Log Types.\"},\"name\":\"text - 8\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"12793c1f-b77e-4319-99f6-b6b4230d9cfe\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LogTypeParam\",\"label\":\"Log Type\",\"type\":2,\"isRequired\":true,\"value\":\"RPZ\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"RPZ\\\",  \\\"label\\\":\\\"Threat Defense Security Hits\\\" },\\r\\n    { \\\"value\\\":\\\"DNS\\\", \\\"label\\\":\\\"DNS Queries & Responses\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"19099936-395c-4ac9-a462-097e6c1fe50c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"2d6b86ef-4bd8-4afd-be72-83f7cb365585\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8e48699a-6c2e-42b2-bcd8-15cfce54fe4d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"f57d037a-57c8-4b7b-93fd-8f6215d1c9c2\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where isnotempty(SourceIP)\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\\r\\n\",\"size\":2,\"title\":\"Top Source IPs by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Source IPs by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Device in the chart below to further drilldown the device.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 17\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| summarize count() by SourceIP, DeviceName, SourceMACAddress, InfobloxB1SrcOSVersion\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Hit Count by Device\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"SourceIP\",\"exportParameterName\":\"ip\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Device\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip}\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"showPin\":false,\"name\":\"Events for {ip}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip}\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"SourceIP\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"SourceIP\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"}],\"showPin\":false,\"name\":\"Events for {ip} - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| top 10 by count_ \\r\\n| project InfobloxB1FeedName);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where '{ip}' == SourceIP \\r\\n| where InfobloxB1FeedName in ((Top))\\r\\n| project TimeGenerated, InfobloxB1FeedName\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxB1FeedName\",\"size\":0,\"title\":\"Feed Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Feed Trend for {ip}\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by ThreatClass\\r\\n| top 10 by count_ \\r\\n| project ThreatClass);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where '{ip}' == SourceIP \\r\\n| where ThreatClass in ((Top))\\r\\n| project TimeGenerated, ThreatClass\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatClass\",\"size\":0,\"title\":\"Threat Class Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Threat Class Trend for {ip}\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatLevel\",\"size\":0,\"title\":\"Threat Level Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"group\":\"ThreatLevel\",\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"N/A\",\"label\":\"N/A\",\"color\":\"turquoise\"},{\"seriesName\":\"Info\",\"label\":\"\",\"color\":\"lightBlue\"},{\"seriesName\":\"Low\",\"label\":\"\",\"color\":\"yellow\"},{\"seriesName\":\"Medium\",\"label\":\"\",\"color\":\"orange\"},{\"seriesName\":\"High\",\"color\":\"red\"}]}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Threat Level Trend for {ip}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SimplifiedDeviceAction\",\"size\":0,\"title\":\"Action Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"<empty>\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Action Trend for {ip}\"},{\"type\":1,\"content\":{\"json\":\"#### The time graph below utilizes Time Brushing. Click and drag between two points of the graph to view events for only that window of time. By not selecting any window you can also view all events for the TimeRange selected at the top of this workbook. \\r\\n\\r\\n---\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"text - 9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by DestinationDnsDomain\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Queries for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"60%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"20\",\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Queries for {ip}\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| where isnotempty(DestinationDnsDomain)\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 15 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries for {ip} by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"timeBrushParameterName\":\"brush\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"customWidth\":\"80\",\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Top Queries for {ip} by Time\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Total Events for {ip} between {brush:label}\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count()\",\"size\":3,\"title\":\"Events Count\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"Events Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":1}]},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"showPin\":false,\"name\":\"Events for {ip} between {brush:label} - grid\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"},\"showPin\":false,\"name\":\"Events for {ip} between {brush:label} - grid - Copy\"}]},\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Total Events for {ip} between {brush:label}\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Events by Device\"},\"name\":\"Events by Device\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Events by Destination Domain\\r\\n---\\r\\n#### Get a closer look into what is being queried. \\r\\nThis section visualizes where users are visiting. Further drilldown data by destination query (domain). \\r\\n\\r\\nMake sure to set all Threat Defense dropdowns below back to \\\"All\\\" when switching between Log Types.\"},\"name\":\"text - 6\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9d2856d9-b23c-4779-916d-abef2e4c50e0\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LogTypeParam\",\"label\":\"Log Type\",\"type\":2,\"isRequired\":true,\"value\":\"RPZ\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"RPZ\\\",  \\\"label\\\":\\\"Threat Defense Security Hits\\\" },\\r\\n    { \\\"value\\\":\\\"DNS\\\", \\\"label\\\":\\\"DNS Queries & Responses\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy2 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"a5663eb6-1030-421e-a60a-6af9f4af3f99\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"5cbd5c34-3703-4835-aa3b-228504310c1c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"3c67b4c6-8cf3-4c75-87ea-4bca83dee296\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"730927d0-a8ce-461d-b20b-fe9cda17c486\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where isnotempty(DestinationDnsDomain)\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 15 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Queries by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Query in the chart below to further drilldown the query.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| sort by count_ desc\",\"size\":2,\"title\":\"Hit Count by Query/Domain\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"DestinationDnsDomain\",\"exportParameterName\":\"domain\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Query/Domain\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"showPin\":false,\"name\":\"Events for {domain}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"}],\"showPin\":false,\"name\":\"Events for {domain} - Copy\"},{\"type\":1,\"content\":{\"json\":\"#### The time graph below utilizes Time Brushing. Click and drag between two points of the graph to view events for only that window of time. By not selecting any window you can also view all events for the TimeRange selected at the top of this workbook. \\r\\n\\r\\n---\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"text - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| summarize count() by SourceIP, DeviceName, SourceMACAddress, InfobloxB1SrcOSVersion\\r\\n| sort by count_ desc\",\"size\":2,\"title\":\"Devices Querying {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Devices Querying {domain}\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| where isnotempty(SourceIP)\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\\r\\n\",\"size\":2,\"title\":\"Top Devices Querying {domain} by Time\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"timeBrushParameterName\":\"brush\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Top Devices Querying {domain} by Time\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Events for {domain} between {brush:label}\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| summarize count()\",\"size\":3,\"title\":\"Events Count\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"Events Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"showPin\":false,\"name\":\"Domain RPZ Events - grid\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"},\"showPin\":false,\"name\":\"Domain RPZ Events - grid - Copy\"}]},\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Events for {domain} between {brush:label}\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Events by Domain\"},\"name\":\"Events by Domain\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## BloxOne Threat Defense Security Overview\\r\\n---\\r\\n#### Top level insight into your BloxOne Threat Defense security data.\\r\\n\\r\\n\"},\"name\":\"text - 8\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"5b2e1804-a9a6-4b86-8a6e-27fd0ab029b5\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"1bc7a1f9-d3bd-4e0f-b5ae-4dc8ba8a1463\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"1eedd218-57c0-43e3-a306-a716380b05e6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"e36bc3c2-b85e-478c-968b-7faf79c21c49\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Impacted Devices\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Impacted Devices\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Impacted B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Impacted B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(DestinationDnsDomain)\",\"size\":3,\"title\":\"Unique Threat Indicators\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_DestinationDnsDomain\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Threat Indicators\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(ThreatClass)\",\"size\":3,\"title\":\"Unique Threat Classes\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_ThreatClass\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"greenDark\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Threat Classes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n//| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Security Hits (All Actions)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Security Hits (All Actions)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Log\\\" or SimplifiedDeviceAction == \\\"PASSTHRU\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Allowed + Logged Hits (PASSTHRU)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"green\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Allowed + Logged Hits (PASSTHRU)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Block\\\" or SimplifiedDeviceAction == \\\"NXDOMAIN\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Blocked Hits (NXDOMAIN)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Blocked Hits (NXDOMAIN)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Redirect\\\" or SimplifiedDeviceAction == \\\"REDIRECT\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Redirects (REDIRECT)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"red\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Redirects (REDIRECT)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Log\\\" or SimplifiedDeviceAction == \\\"PASSTHRU\\\"\\r\\n| where ThreatLevel == \\\"High\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total High Threat Level Hits Not Blocked\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":0,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total High Threat Level Hits Not Blocked\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName !has_cs \\\"CAT_\\\" and InfobloxRPZ !has_cs \\\"CAT_\\\" and InfobloxB1FeedName !has_cs \\\"APP_\\\" and InfobloxRPZ !has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Non-Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"coldHot\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Non-Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Category Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowGreenBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Category Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Application Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"yellow\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Application Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orangeRed\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"nios\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via NIOS\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"blue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via NIOS\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"dfp\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via DFP\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via DFP\"}]},\"customWidth\":\"40\",\"name\":\"Totals\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\",\"size\":3,\"title\":\"Security Hits over Time\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"areachart\"},\"customWidth\":\"60\",\"name\":\"Security Hits over Time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 50 by count_ desc\",\"size\":2,\"title\":\"Top Indicators\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false},\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"65\",\"name\":\"Top Indicators\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by SourceIP\\r\\n| top 20 by count_ desc\",\"size\":3,\"title\":\"Top Impacted IPs\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"35\",\"name\":\"Top Impacted IPs\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Threat Level\"},\"name\":\"text - 8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"datatable (Count:long, ThreatLevel:string, ThreatLevel_count:long) [0,\\\"N/A\\\",1, 0,\\\"Info\\\",2, 0,\\\"Low\\\",3, 0,\\\"Medium\\\",4, 0,\\\"High\\\",5]\\r\\n|union\\r\\n(\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatLevel_count = case(ThreatLevel == \\\"High\\\", 5, ThreatLevel==\\\"Medium\\\", 4, ThreatLevel==\\\"Low\\\", 3, ThreatLevel==\\\"Info\\\", 2, 1)\\r\\n| summarize Count = count() by ThreatLevel, ThreatLevel_count\\r\\n)\\r\\n| summarize Count=sum(Count) by ThreatLevel, ThreatLevel_count\\r\\n| sort by ThreatLevel_count asc\",\"size\":0,\"title\":\"Hit Count by Threat Level\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"graph\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowOrangeRed\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"useGrouping\":false,\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false,\"sortCriteriaField\":\"status_count\",\"sortOrderField\":1,\"size\":\"auto\"},\"graphSettings\":{\"type\":2,\"topContent\":{\"columnMatch\":\"ThreatLevel\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"Count\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"useGrouping\":false,\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"nodeIdField\":\"Count\",\"graphOrientation\":3,\"showOrientationToggles\":false,\"staticNodeSize\":100,\"colorSettings\":{\"nodeColorField\":\"ThreatLevel\",\"type\":3,\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\"},{\"operator\":\"Default\",\"representation\":\"gray\"}]},\"hivesMargin\":5}},\"customWidth\":\"30\",\"name\":\"Hit Count by Threat Level\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatLevel\",\"size\":0,\"title\":\"Threat Level Trend\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"High\",\"color\":\"red\"},{\"seriesName\":\"N/A\",\"color\":\"gray\"},{\"seriesName\":\"Low\",\"color\":\"yellow\"},{\"seriesName\":\"Medium\",\"color\":\"orange\"},{\"seriesName\":\"Info\",\"color\":\"lightBlue\"}]}},\"customWidth\":\"70\",\"name\":\"Threat Level Trend\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Feed\"},\"name\":\"text - 8 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n\\r\\n//| summarize c = count() by InfobloxB1FeedName\\r\\n//| summarize c = sum(c) by InfobloxB1FeedName = tolower(InfobloxB1FeedName)\\r\\n\\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| order by count_ desc\",\"size\":0,\"title\":\"Hit Count by Feed\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Feed\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| top 10 by count_ \\r\\n| project InfobloxB1FeedName);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where InfobloxB1FeedName in ((Top))\\r\\n| project TimeGenerated, InfobloxB1FeedName\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxB1FeedName\",\"size\":0,\"title\":\"Feed Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"0\",\"label\":\"N/A\",\"color\":\"green\"},{\"seriesName\":\"1\",\"label\":\"Low/Info\",\"color\":\"blue\"},{\"seriesName\":\"8\",\"label\":\"High\",\"color\":\"red\"},{\"seriesName\":\"5\",\"label\":\"Medium\",\"color\":\"orange\"}]}},\"customWidth\":\"70\",\"name\":\"Feed Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Class\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| summarize count() by ThreatClass\\r\\n| order by count_ desc\\r\\n\\r\\n\\r\\n\",\"size\":0,\"title\":\"Hit Count by Class\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Class\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| summarize count() by ThreatClass\\r\\n| top 10 by count_ \\r\\n| project ThreatClass);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where ThreatClass in ((Top))\\r\\n| project TimeGenerated, ThreatClass\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatClass\",\"size\":0,\"title\":\"Class Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"70\",\"name\":\"Class Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Action\"},\"name\":\"text - 8 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by SimplifiedDeviceAction\\r\\n| top 10 by count_ desc\",\"size\":0,\"title\":\"Hit Count By Action\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"30\",\"name\":\"Hit Count By Action\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SimplifiedDeviceAction\",\"size\":0,\"title\":\"Action Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"<empty>\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"70\",\"name\":\"Action Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Events\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1FeedName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1FeedName\",\"sortOrder\":1}]},\"showPin\":false,\"name\":\"RPZ Events\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Security Overview\"},\"name\":\"Overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## BloxOne DNS Query/Response & DHCP Leases Overview\\r\\n---\\r\\n#### Top level insight into your BloxOne DNS Query/Response and DHCP Lease data.\\r\\n\\r\\n\"},\"name\":\"text - 8\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Devices\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Devices\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize dcount(DestinationDnsDomain)\",\"size\":3,\"title\":\"Unique Queries (Domains)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_DestinationDnsDomain\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Queries (Domains)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orangeRed\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"nios\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via NIOS\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"blue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via NIOS\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"dfp\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via DFP\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via DFP\"}]},\"customWidth\":\"40\",\"name\":\"Totals\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDNSRCode\",\"size\":0,\"title\":\"DNS Queries over Time\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"60\",\"name\":\"DNS Queries over Time - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-CREATE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"New DHCP Leases\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"New DHCP Leases\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-CREATE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"New DHCP Leases (Unique IPs)\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false,\"size\":\"full\"}},\"customWidth\":\"33\",\"name\":\"New DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-UPDATE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Updated DHCP Leases \",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"greenDark\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Updated DHCP Leases \"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-UPDATE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Updated DHCP Leases (Unique IPs)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Updated DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-DELETE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Released DHCP Leases\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Released DHCP Leases\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-DELETE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Released DHCP Leases (Unique IPs)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"green\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Released DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| summarize avg(toint(column_ifexists(\\\"InfobloxLifetime\\\", \\\"\\\")))\",\"size\":3,\"title\":\"Average Lease Lifespan (seconds)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"avg_InfobloxLifetime\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Average Lease Lifespan (seconds)\"}]},\"customWidth\":\"40\",\"name\":\"Totals - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxLeaseOp\",\"size\":0,\"title\":\"DHCP Leases over Time\",\"color\":\"magenta\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"60\",\"name\":\"DHCP Leases over Time\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## DNS Events\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Top Requested Domains\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Top Requested Domains\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by InfobloxDNSRCode\",\"size\":3,\"title\":\"Response Codes\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Response Codes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by InfobloxB1ConnectionType\",\"size\":3,\"title\":\"Queries by Connection Type\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"\",\"label\":\"unknown\",\"color\":\"orange\"}]}},\"name\":\"Queries by Connection Type\"}]},\"customWidth\":\"30\",\"name\":\"group - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by SourceIP\\r\\n| top 25 by count_ desc\",\"size\":2,\"title\":\"Top Source IPs by DNS Queries\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"40\",\"name\":\"Top Source IPs by DNS Queries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxDNSQType\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxDNSQType\",\"sortOrder\":2}]},\"showPin\":false,\"name\":\"DNS Events\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## DHCP Events\"},\"name\":\"text - 8 - Copy - Copy - Copy - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b71068b1-a89d-4605-8440-802f89726143\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DHCPTypeParam\",\"label\":\"DHCP Operation\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n\\r\\n    { \\\"value\\\":\\\"Create\\\"},\\r\\n    { \\\"value\\\":\\\"Delete\\\"},\\r\\n    { \\\"value\\\":\\\"Update\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"defaultValue\":\"value::all\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 23\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| where InfobloxLeaseOp in ({DHCPTypeParam}) or '{DHCPTypeParam:label}' ==  \\\"All\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, SourceIP, SourceHostName, SourceMACAddress, InfobloxLeaseOp, InfobloxLifetime, InfobloxLeaseUUID, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"DeviceEventClassID\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"DeviceEventClassID\",\"sortOrder\":2}]},\"showPin\":false,\"name\":\"DHCP Events\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"DNS & DHCP Overview\"},\"name\":\"DNS Query/Response Overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Filters \\r\\n---\\r\\n\\r\\nCategory filters are a set of content categorization rules that BloxOne Threat Defense Cloud uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block will be taken on the detected content.\\r\\n\\r\\nApplication filters are a set of rules that BloxOne Threat Defense Cloud uses to detect and filter specific Internet content. The Application Classification Service (ACS) provides accessibility to applications based on their category or subcategory. Using application filters, you can set security policies based on whether you want to allow an app to access the Internet at all times, or if you want the app to use local resolution when used with BloxOne DDI appliances. \\r\\n\\r\\nSee more about filters on the official [Infoblox Documentation Portal](https://docs.infoblox.com/display/BloxOneThreatDefense/Filters).\"},\"name\":\"text - 2\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\" or InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"All Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"All Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Category Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowGreenBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Category Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Application Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redPurple\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Application Filter Hits\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Top Category Filter Hits\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"be7263d9-229e-4875-a60a-76114659b718\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"CatFilterSorter\",\"label\":\"Sort Tiles By\",\"type\":2,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"count_ desc\\\", \\\"label\\\":\\\"Hit Count\\\", \\\"selected\\\":true },\\r\\n    { \\\"value\\\":\\\"DestinationDnsDomain asc, count_ desc\\\", \\\"label\\\":\\\"Domain Name\\\" },\\r\\n    { \\\"value\\\":\\\"InfobloxDomainCat asc, count_ desc\\\", \\\"label\\\":\\\"Filter Type\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Top Category Filters RPZ Hits\",\"styleSettings\":{\"margin\":\"0px 0px 0px 10px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count() by DestinationDnsDomain, InfobloxDomainCat\\r\\n| sort by {CatFilterSorter}\\r\\n| take 50\\r\\n\",\"size\":3,\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"subtitleContent\":{\"columnMatch\":\"InfobloxDomainCat\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false,\"rowLimit\":50,\"sortOrderField\":1},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Tops\",\"styleSettings\":{\"margin\":\"-20px 0px 0px 0px\"}}]},\"name\":\"Top Category Filter Hits\",\"styleSettings\":{\"margin\":\"10px\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Top Application Filter Hits\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"be7263d9-229e-4875-a60a-76114659b718\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"AppFilterSorter\",\"label\":\"Sort Tiles By\",\"type\":2,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"count_ desc\\\", \\\"label\\\":\\\"Hit Count\\\", \\\"selected\\\":true },\\r\\n    { \\\"value\\\":\\\"DestinationDnsDomain asc, count_ desc\\\", \\\"label\\\":\\\"Domain Name\\\" },\\r\\n    { \\\"value\\\":\\\"InfobloxDomainCat asc, count_ desc\\\", \\\"label\\\":\\\"Filter Type\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Top Category Filters RPZ Hits\",\"styleSettings\":{\"margin\":\"0px 0px 0px 10px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count() by DestinationDnsDomain, InfobloxDomainCat\\r\\n| sort by {AppFilterSorter}\\r\\n| take 50\\r\\n\",\"size\":3,\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"subtitleContent\":{\"columnMatch\":\"InfobloxDomainCat\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false,\"rowLimit\":50,\"sortOrderField\":1},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Tops\",\"styleSettings\":{\"margin\":\"-20px 0px 0px 0px\"}}]},\"name\":\"Top Application Filter Hits\",\"styleSettings\":{\"margin\":\"10px\"}}]},\"name\":\"Overview\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## By Filters\"},\"name\":\"text - 4\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9f55f1ff-f771-485f-82a9-52a9f42251cc\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FilterTypeParam\",\"label\":\"Filter Type\",\"type\":2,\"isRequired\":true,\"value\":\"CAT_\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"CAT_\\\",  \\\"label\\\":\\\"Category Filters\\\" },\\r\\n    { \\\"value\\\":\\\"APP_\\\", \\\"label\\\":\\\"Application Filters\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":172800000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy - Copy - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by InfobloxDomainCat\\r\\n| top 15 by count_ \\r\\n| project InfobloxDomainCat);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where InfobloxDomainCat in ((Top))\\r\\n| project TimeGenerated, InfobloxDomainCat\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDomainCat\",\"size\":2,\"title\":\"Top Filters by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Filters by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Filter in the chart below to further drilldown the filter.\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by InfobloxDomainCat\\r\\n| sort by count_ desc\",\"size\":0,\"title\":\"Hit Count by Filter \",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"InfobloxDomainCat\",\"exportParameterName\":\"filter\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"CategoryFilter\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Filter \",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat\\r\\n| sort by  TimeGenerated desc, SourceIP desc\\r\\n| project TimeGenerated, DestinationDnsDomain, InfobloxDomainCat, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Events for {filter}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"gray\",\"text\":\"N/A\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Message\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1SrcOSVersion\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1SrcOSVersion\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Events for {filter}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| summarize count() by SourceIP\\r\\n| top 10 by count_ desc\\r\\n\",\"size\":2,\"title\":\"Top IPs for {filter}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]}},\"customWidth\":\"25\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top IPs for {filter}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 10 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries for {filter} by Time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"customWidth\":\"74\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Queries for {filter} by Time\",\"styleSettings\":{\"margin\":\"0 0 0 1%\"}}]},\"name\":\"Category Filter By Type\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## By Source IP\"},\"name\":\"text - 5\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\",\"size\":2,\"title\":\"Top Source IPs by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"name\":\"Top Source IPs by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Source IP in the chart below to further drilldown the IP.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by SourceIP\\r\\n| sort by count_ desc\",\"size\":0,\"title\":\"Hit Count by Source IP\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"SourceIP\",\"exportParameterName\":\"ip_cat\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"SourceIP\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"CategoryFilter\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Source IP\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP\\r\\n| sort by TimeGenerated desc, InfobloxDomainCat desc\\r\\n| project TimeGenerated, DestinationDnsDomain, InfobloxDomainCat, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip_cat}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"gray\",\"text\":\"N/A\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Message\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Events for {ip_cat}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| summarize count() by DestinationDnsDomain\",\"size\":2,\"title\":\"Top Queries for {ip_cat}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":10}},\"customWidth\":\"25\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Queries for {ip_cat}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| summarize count() by InfobloxDomainCat\\r\\n| top 10 by count_ \\r\\n| project InfobloxDomainCat);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| where InfobloxDomainCat in ((Top))\\r\\n| project TimeGenerated, InfobloxDomainCat\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDomainCat\",\"size\":2,\"title\":\"Top Filters for {ip_cat} by Time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"customWidth\":\"75\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Filters for {ip_cat} by Time\"}]},\"name\":\"Category Filter by IP\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Filters\"},\"name\":\"Category Filters\"}],\"styleSettings\":{\"spacingStyle\":\"none\"},\"fromTemplateId\":\"sentinel-InfobloxCDCB1TDWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
-                "version": "1.0",
-                "sourceId": "[variables('workspaceResourceId')]",
-                "category": "sentinel"
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
-              "properties": {
-                "description": "@{workbookKey=InfobloxCDCB1TDWorkbook; logoFileName=infoblox_logo.svg; description=Sets the time name for analysis; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Infoblox Cloud Data Connector; templateRelativePath=InfobloxCDCB1TDWorkbook.json; subtitle=; provider=InfoBlox}.description",
-                "parentId": "[variables('workbookId1')]",
-                "contentId": "[variables('_workbookContentId1')]",
-                "kind": "Workbook",
-                "version": "[variables('workbookVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Infoblox Cloud Data Connector",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "InfoBlox",
-                  "tier": "Partner",
-                  "link": "https://support.infoblox.com/"
-                },
-                "dependencies": {
-                  "operator": "AND",
-                  "criteria": [
-                    {
-                      "contentId": "CommonSecurityLog",
-                      "kind": "DataType"
-                    },
-                    {
-                      "contentId": "InfobloxCloudDataConnector",
-                      "kind": "DataConnector"
-                    }
-                  ]
-                }
-              }
-            }
-          ]
-        }
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
-      "name": "[variables('analyticRuleTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "Infoblox Cloud Data Connector Analytics Rule 1 with template",
-        "displayName": "Infoblox Cloud Data Connector Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName1'),'/',variables('analyticRuleVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName1'))]"
-      ],
-      "properties": {
-        "description": "Infoblox-HighNumberOfHighThreatLevelQueriesDetected_AnalyticalRules Analytics Rule with template version 2.0.10",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId1')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "This creates an incident in the event a single host generates at least 200 high threat level RPZ queries (Threat Defense security hits) in 1 hour. Query count threshold and scheduling is customizable. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
-                "displayName": "Infoblox - High Number of High Threat Level Queries Detected",
-                "enabled": false,
-                "query": "let threshold = 200;\nInfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n| where ThreatLevel_Score >=80\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n    | where DeviceEventClassID has_cs \"RPZ\"\n    | where ThreatLevel_Score >=80\n    ) on SourceIP\n| extend timestamp = TimeGenerated, IPCustomEntity = SourceIP, HostCustomEntity = DeviceName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog (InfobloxCDC)"
-                    ],
-                    "connectorId": "InfobloxCloudDataConnector"
-                  }
-                ],
-                "tactics": [
-                  "Impact"
-                ],
-                "techniques": [
-                  "T1498",
-                  "T1565"
-                ],
-                 "entityMappings": [
-                  {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "columnName": "HostCustomEntity",
-                        "identifier": "HostName"
-                      }
-                    ]
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
-              "properties": {
-                "description": "Infoblox Cloud Data Connector Analytics Rule 1",
-                "parentId": "[variables('analyticRuleId1')]",
-                "contentId": "[variables('_analyticRulecontentId1')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Infoblox Cloud Data Connector",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "InfoBlox",
-                  "tier": "Partner",
-                  "link": "https://support.infoblox.com/"
-                }
-              }
-            }
-          ]
-        }
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
-      "name": "[variables('analyticRuleTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "Infoblox Cloud Data Connector Analytics Rule 2 with template",
-        "displayName": "Infoblox Cloud Data Connector Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName2'),'/',variables('analyticRuleVersion2'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName2'))]"
-      ],
-      "properties": {
-        "description": "Infoblox-HighNumberOfNXDOMAINDNSResponsesDetected_AnalyticalRules Analytics Rule with template version 2.0.10",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId2')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "This creates an incident in the event a single host generates at least 200 DNS responses for non-existent domains in 1 hour. Query count threshold and scheduling is customizable. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
-                "displayName": "Infoblox - High Number of NXDOMAIN DNS Responses Detected",
-                "enabled": false,
-                "query": "let threshold = 200;\nInfobloxCDC\n| where DeviceEventClassID == \"DNS Response\"\n| where InfobloxDNSRCode == \"NXDOMAIN\"\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n    | where DeviceEventClassID == \"DNS Response\"\n    | where InfobloxDNSRCode == \"NXDOMAIN\"\n    ) on SourceIP\n| extend timestamp = TimeGenerated, IPCustomEntity = SourceIP, HostCustomEntity = DeviceName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog (InfobloxCDC)"
-                    ],
-                    "connectorId": "InfobloxCloudDataConnector"
-                  }
-                ],
-                "tactics": [
-                  "Impact"
-                ],
-                "techniques": [
-                  "T1498",
-                  "T1565"
-                ],
-                "entityMappings": [
-                  {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "columnName": "HostCustomEntity",
-                        "identifier": "HostName"
-                      }
-                    ]
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]",
-              "properties": {
-                "description": "Infoblox Cloud Data Connector Analytics Rule 2",
-                "parentId": "[variables('analyticRuleId2')]",
-                "contentId": "[variables('_analyticRulecontentId2')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Infoblox Cloud Data Connector",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "InfoBlox",
-                  "tier": "Partner",
-                  "link": "https://support.infoblox.com/"
-                }
-              }
-            }
-          ]
-        }
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
-      "name": "[variables('analyticRuleTemplateSpecName3')]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "properties": {
-        "description": "Infoblox Cloud Data Connector Analytics Rule 3 with template",
-        "displayName": "Infoblox Cloud Data Connector Analytics Rule template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('analyticRuleTemplateSpecName3'),'/',variables('analyticRuleVersion3'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "AnalyticsRule"
-      },
-      "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('analyticRuleTemplateSpecName3'))]"
-      ],
-      "properties": {
-        "description": "Infoblox-HighThreatLevelQueryNotBlockedDetected_AnalyticalRules Analytics Rule with template version 2.0.10",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion3')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('AnalyticRulecontentId3')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "This creates an incident in the event a single host generates at least 1 high threat level query (Threat Defense security hit) that is not blocked or redirected in 1 hour. Query count threshold and scheduling is customizable. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
-                "displayName": "Infoblox - High Threat Level Query Not Blocked Detected",
-                "enabled": false,
-                "query": "let threshold = 1;\nInfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n| where ThreatLevel_Score >=80\n| where InfobloxB1PolicyAction == \"Log\" or SimplifiedDeviceAction == \"PASSTHRU\"\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n    | where DeviceEventClassID has_cs \"RPZ\"\n    | where ThreatLevel_Score >=80\n    | where InfobloxB1PolicyAction == \"Log\" or SimplifiedDeviceAction == \"PASSTHRU\"\n    ) on SourceIP\n| extend timestamp = TimeGenerated, IPCustomEntity = SourceIP, HostCustomEntity = DeviceName\n",
-                "queryFrequency": "PT1H",
-                "queryPeriod": "PT1H",
-                "severity": "Medium",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog (InfobloxCDC)"
-                    ],
-                    "connectorId": "InfobloxCloudDataConnector"
-                  }
-                ],
-                "tactics": [
-                  "Impact"
-                ],
-                "techniques": [
-                  "T1498",
-                  "T1565"
-                ],
-                "entityMappings": [
-                  {
-                    "entityType": "IP",
-                    "fieldMappings": [
-                      {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
-                      }
-                    ]
-                  },
-                  {
-                    "entityType": "Host",
-                    "fieldMappings": [
-                      {
-                        "columnName": "HostCustomEntity",
-                        "identifier": "HostName"
-                      }
-                    ]
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId3'),'/'))))]",
-              "properties": {
-                "description": "Infoblox Cloud Data Connector Analytics Rule 3",
-                "parentId": "[variables('analyticRuleId3')]",
-                "contentId": "[variables('_analyticRulecontentId3')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion3')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Infoblox Cloud Data Connector",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "InfoBlox",
-                  "tier": "Partner",
-                  "link": "https://support.infoblox.com/"
-                }
-              }
-            }
-          ]
-        }
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "Infoblox Cloud Data Connector data connector with template",
-        "displayName": "Infoblox Cloud Data Connector template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
-      ],
-      "properties": {
-        "description": "Infoblox Cloud Data Connector data connector with template version 2.0.10",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "Infoblox Cloud Data Connector",
-                  "publisher": "Infoblox",
-                  "descriptionMarkdown": "The Infoblox Cloud Data Connector allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.",
-                  "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "InfobloxCDC",
-                      "baseQuery": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\""
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Return all BloxOne Threat Defense (TD) security events logs",
-                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\""
-                    },
-                    {
-                      "description": "Return all BloxOne Query/Response logs",
-                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"DNS\""
-                    },
-                    {
-                      "description": "Return all Category Filters security events logs",
-                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n | where AdditionalExtensions has_cs \"InfobloxRPZ=CAT_\""
-                    },
-                    {
-                      "description": "Return all Application Filters security events logs",
-                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n | where AdditionalExtensions has_cs \"InfobloxRPZ=APP_\""
-                    },
-                    {
-                      "description": "Return Top 10 TD Domains Hit Count",
-                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\" \n| summarize count() by DestinationDnsDomain \n| top 10 by count_ desc"
-                    },
-                    {
-                      "description": "Return Top 10 TD Source IPs Hit Count",
-                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\" \n| summarize count() by SourceIP \n| top 10 by count_ desc"
-                    },
-                    {
-                      "description": "Return Recently Created DHCP Leases",
-                      "query": "InfobloxCDC\n| where DeviceEventClassID == \"DHCP-LEASE-CREATE\""
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (InfobloxCDC)",
-                      "lastDataReceivedQuery": "InfobloxCDC\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "InfobloxCDC\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(3d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": ">**IMPORTANT:** This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the solution."
-                    },
-                    {
-                      "description": ">**IMPORTANT:** This Microsoft Sentinel data connector assumes an Infoblox Cloud Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the [**Infoblox Cloud Data Connector**](https://docs.infoblox.com/display/BloxOneThreatDefense/Deploying+the+Data+Connector+Solution) is a feature of BloxOne Threat Defense, access to an appropriate BloxOne Threat Defense subscription is required. See this [**quick-start guide**](https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf) for more information and licensing requirements."
-                    },
-                    {
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "innerSteps": [
-                        {
-                          "title": "1.1 Select or create a Linux machine",
-                          "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Microsoft Sentinel or other clouds."
-                        },
-                        {
-                          "title": "1.2 Install the CEF collector on the Linux machine",
-                          "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                          "instructions": [
-                            {
-                              "parameters": {
-                                "fillWith": [
-                                  "WorkspaceId",
-                                  "PrimaryKey"
-                                ],
-                                "label": "Run the following command to install and apply the CEF collector:",
-                                "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                              },
-                              "type": "CopyableLabel"
-                            }
-                          ]
-                        }
-                      ],
-                      "title": "1. Linux Syslog agent configuration"
-                    },
-                    {
-                      "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Microsoft Sentinel via the Linux Syslog agent.\n2. Navigate to **Manage > Data Connector**.\n3. Click the **Destination Configuration** tab at the top.\n4. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Microsoft-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Select desired protocol and CA certificate if applicable.\n - Click **Save & Close**.\n5. Click the **Traffic Flow Configuration** tab at the top.\n6. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Microsoft-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **CDC Enabled Host** section. \n    - **On-Prem Host**: Select your desired on-prem host for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section.  \n    - **Source**: Select **BloxOne Cloud Source**. \n    - Select all desired **log types** you wish to collect. Currently supported log types are:\n      - Threat Defense Query/Response Log\n      - Threat Defense Threat Feeds Hits Log\n      - DDI Query/Response Log\n      - DDI DHCP Lease Log\n - Expand the **Destination Configuration** section.  \n    - Select the **Destination** you just created. \n - Click **Save & Close**. \n7. Allow the configuration some time to activate.",
-                      "title": "2. Configure Infoblox BloxOne to send Syslog data to the Infoblox Cloud Data Connector to forward to the Syslog agent"
-                    },
-                    {
-                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Run the following command to validate your connectivity:",
-                            "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "3. Validate connection"
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "4. Secure your machine "
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Infoblox Cloud Data Connector",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "InfoBlox",
-                  "tier": "Partner",
-                  "link": "https://support.infoblox.com/"
-                }
-              }
-            }
-          ]
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Infoblox Cloud Data Connector",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "InfoBlox",
-          "tier": "Partner",
-          "link": "https://support.infoblox.com/"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "Infoblox Cloud Data Connector",
-          "publisher": "Infoblox",
-          "descriptionMarkdown": "The Infoblox Cloud Data Connector allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "InfobloxCDC",
-              "baseQuery": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\""
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (InfobloxCDC)",
-              "lastDataReceivedQuery": "InfobloxCDC\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "InfobloxCDC\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(3d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Return all BloxOne Threat Defense (TD) security events logs",
-              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\""
-            },
-            {
-              "description": "Return all BloxOne Query/Response logs",
-              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"DNS\""
-            },
-            {
-              "description": "Return all Category Filters security events logs",
-              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n | where AdditionalExtensions has_cs \"InfobloxRPZ=CAT_\""
-            },
-            {
-              "description": "Return all Application Filters security events logs",
-              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n | where AdditionalExtensions has_cs \"InfobloxRPZ=APP_\""
-            },
-            {
-              "description": "Return Top 10 TD Domains Hit Count",
-              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\" \n| summarize count() by DestinationDnsDomain \n| top 10 by count_ desc"
-            },
-            {
-              "description": "Return Top 10 TD Source IPs Hit Count",
-              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\" \n| summarize count() by SourceIP \n| top 10 by count_ desc"
-            },
-            {
-              "description": "Return Recently Created DHCP Leases",
-              "query": "InfobloxCDC\n| where DeviceEventClassID == \"DHCP-LEASE-CREATE\""
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": ">**IMPORTANT:** This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the solution."
-            },
-            {
-              "description": ">**IMPORTANT:** This Microsoft Sentinel data connector assumes an Infoblox Cloud Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the [**Infoblox Cloud Data Connector**](https://docs.infoblox.com/display/BloxOneThreatDefense/Deploying+the+Data+Connector+Solution) is a feature of BloxOne Threat Defense, access to an appropriate BloxOne Threat Defense subscription is required. See this [**quick-start guide**](https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf) for more information and licensing requirements."
-            },
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "innerSteps": [
-                {
-                  "title": "1.1 Select or create a Linux machine",
-                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Microsoft Sentinel or other clouds."
-                },
-                {
-                  "title": "1.2 Install the CEF collector on the Linux machine",
-                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                  "instructions": [
-                    {
-                      "parameters": {
-                        "fillWith": [
-                          "WorkspaceId",
-                          "PrimaryKey"
-                        ],
-                        "label": "Run the following command to install and apply the CEF collector:",
-                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                      },
-                      "type": "CopyableLabel"
-                    }
-                  ]
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Microsoft Sentinel via the Linux Syslog agent.\n2. Navigate to **Manage > Data Connector**.\n3. Click the **Destination Configuration** tab at the top.\n4. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Microsoft-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Select desired protocol and CA certificate if applicable.\n - Click **Save & Close**.\n5. Click the **Traffic Flow Configuration** tab at the top.\n6. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Microsoft-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **CDC Enabled Host** section. \n    - **On-Prem Host**: Select your desired on-prem host for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section.  \n    - **Source**: Select **BloxOne Cloud Source**. \n    - Select all desired **log types** you wish to collect. Currently supported log types are:\n      - Threat Defense Query/Response Log\n      - Threat Defense Threat Feeds Hits Log\n      - DDI Query/Response Log\n      - DDI DHCP Lease Log\n - Expand the **Destination Configuration** section.  \n    - Select the **Destination** you just created. \n - Click **Save & Close**. \n7. Allow the configuration some time to activate.",
-              "title": "2. Configure Infoblox BloxOne to send Syslog data to the Infoblox Cloud Data Connector to forward to the Syslog agent"
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "3. Validate connection"
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "4. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the solution."
-        }
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2022-02-01",
-      "name": "[variables('parserTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
-      "properties": {
-        "description": "InfobloxCDC Data Parser with template",
-        "displayName": "InfobloxCDC Data Parser template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2022-02-01",
-      "name": "[concat(variables('parserTemplateSpecName1'),'/',variables('parserVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "Parser"
-      },
-      "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('parserTemplateSpecName1'))]"
-      ],
-      "properties": {
-        "description": "InfobloxCDC Data Parser with template version 2.0.10",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('parserVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[variables('_parserName1')]",
-              "apiVersion": "2022-10-01",
-              "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Infoblox Cloud Data Connector Data Parser",
-                "category": "Samples",
-                "functionAlias": "InfobloxCDC",
-                "query": "\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| extend AEcopy = AdditionalExtensions\r\n| extend AEcopy = trim_end(\"InfobloxDHCPOptions=;(.*?)\",AEcopy)\r\n| extend AEcopy = extract_all(@\"(?P<key>[^=;]+)=(?P<value>[^=;]+)\", dynamic([\"key\",\"value\"]), AEcopy)\r\n| mv-apply AEcopy on (\r\n    summarize AdditionalExtensionsParsedNested = make_bag(pack(tostring(AEcopy[0]), AEcopy[1]))\r\n)\r\n| extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested\r\n| evaluate bag_unpack(AdditionalExtensionsParsed)\r\n| extend ThreatLevel_Score = toint(column_ifexists(\"InfobloxThreatLevel\", \"\"))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n                       ThreatLevel_Score>=30 and ThreatLevel_Score<80, \"Medium\",\r\n                       ThreatLevel_Score<30 and ThreatLevel_Score>=1, \"Low\",\r\n                       ThreatLevel_Score == 0,\"Info\",\r\n                       \"N/A\" )\r\n| extend ThreatClass = extract(\"(.*?)_\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\r\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\r\n| extend InfobloxB1FeedName = column_ifexists(\"InfobloxB1FeedName\", \"\")\r\n| extend InfobloxRPZ = column_ifexists(\"InfobloxRPZ\", \"\")\r\n| extend InfobloxB1PolicyAction = column_ifexists(\"InfobloxB1PolicyAction\", \"\")\r\n| extend InfobloxB1PolicyName = column_ifexists(\"InfobloxB1PolicyName\", \"\")\r\n| extend InfobloxDomainCat = column_ifexists(\"InfobloxDomainCat\", \"\")\r\n| extend InfobloxB1ConnectionType = column_ifexists(\"InfobloxB1ConnectionType\", \"\")\r\n| extend InfobloxB1SrcOSVersion = column_ifexists(\"InfobloxB1SrcOSVersion\", \"\")\r\n| extend InfobloxB1Network = column_ifexists(\"InfobloxB1Network\", \"\")\r\n| extend DeviceName = column_ifexists(\"DeviceName\", \"\")\r\n| extend SourceMACAddress = column_ifexists(\"SourceMACAddress\", \"\")\r\n| extend InfobloxLeaseOp = column_ifexists(\"InfobloxLeaseOp\", \"\")\r\n| extend InfobloxLifetime = column_ifexists(\"InfobloxLifetime\", \"\")\r\n| extend InfobloxLeaseUUID = column_ifexists(\"InfobloxLeaseUUID\", \"\")\r\n| extend InfobloxDNSRCode = column_ifexists(\"InfobloxDNSRCode\", \"\")\r\n| extend InfobloxDNSQClass = column_ifexists(\"InfobloxDNSQClass\", \"\")\r\n| extend InfobloxDNSQType = column_ifexists(\"InfobloxDNSQType\", \"\")\r\n",
-                "version": 1,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Infoblox Cloud Data Connector Data Parser"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
-              "dependsOn": [
-                "[variables('_parserName1')]"
-              ],
-              "properties": {
-                "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
-                "contentId": "[variables('_parserContentId1')]",
-                "kind": "Parser",
-                "version": "[variables('parserVersion1')]",
-                "source": {
-                  "name": "Infoblox Cloud Data Connector",
-                  "kind": "Solution",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "InfoBlox",
-                  "tier": "Partner",
-                  "link": "https://support.infoblox.com/"
-                }
-              }
-            }
-          ]
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
-      "apiVersion": "2022-10-01",
-      "name": "[variables('_parserName1')]",
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "eTag": "*",
-        "displayName": "Infoblox Cloud Data Connector Data Parser",
-        "category": "Samples",
-        "functionAlias": "InfobloxCDC",
-        "query": "\nCommonSecurityLog\r\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\r\n| extend AEcopy = AdditionalExtensions\r\n| extend AEcopy = trim_end(\"InfobloxDHCPOptions=;(.*?)\",AEcopy)\r\n| extend AEcopy = extract_all(@\"(?P<key>[^=;]+)=(?P<value>[^=;]+)\", dynamic([\"key\",\"value\"]), AEcopy)\r\n| mv-apply AEcopy on (\r\n    summarize AdditionalExtensionsParsedNested = make_bag(pack(tostring(AEcopy[0]), AEcopy[1]))\r\n)\r\n| extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested\r\n| evaluate bag_unpack(AdditionalExtensionsParsed)\r\n| extend ThreatLevel_Score = toint(column_ifexists(\"InfobloxThreatLevel\", \"\"))\r\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\r\n                       ThreatLevel_Score>=30 and ThreatLevel_Score<80, \"Medium\",\r\n                       ThreatLevel_Score<30 and ThreatLevel_Score>=1, \"Low\",\r\n                       ThreatLevel_Score == 0,\"Info\",\r\n                       \"N/A\" )\r\n| extend ThreatClass = extract(\"(.*?)_\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\r\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\r\n| extend InfobloxB1FeedName = column_ifexists(\"InfobloxB1FeedName\", \"\")\r\n| extend InfobloxRPZ = column_ifexists(\"InfobloxRPZ\", \"\")\r\n| extend InfobloxB1PolicyAction = column_ifexists(\"InfobloxB1PolicyAction\", \"\")\r\n| extend InfobloxB1PolicyName = column_ifexists(\"InfobloxB1PolicyName\", \"\")\r\n| extend InfobloxDomainCat = column_ifexists(\"InfobloxDomainCat\", \"\")\r\n| extend InfobloxB1ConnectionType = column_ifexists(\"InfobloxB1ConnectionType\", \"\")\r\n| extend InfobloxB1SrcOSVersion = column_ifexists(\"InfobloxB1SrcOSVersion\", \"\")\r\n| extend InfobloxB1Network = column_ifexists(\"InfobloxB1Network\", \"\")\r\n| extend DeviceName = column_ifexists(\"DeviceName\", \"\")\r\n| extend SourceMACAddress = column_ifexists(\"SourceMACAddress\", \"\")\r\n| extend InfobloxLeaseOp = column_ifexists(\"InfobloxLeaseOp\", \"\")\r\n| extend InfobloxLifetime = column_ifexists(\"InfobloxLifetime\", \"\")\r\n| extend InfobloxLeaseUUID = column_ifexists(\"InfobloxLeaseUUID\", \"\")\r\n| extend InfobloxDNSRCode = column_ifexists(\"InfobloxDNSRCode\", \"\")\r\n| extend InfobloxDNSQClass = column_ifexists(\"InfobloxDNSQClass\", \"\")\r\n| extend InfobloxDNSQType = column_ifexists(\"InfobloxDNSQType\", \"\")\r\n",
-        "version": 1
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
-      "location": "[parameters('workspace-location')]",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_parserId1')]"
-      ],
-      "properties": {
-        "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
-        "contentId": "[variables('_parserContentId1')]",
-        "kind": "Parser",
-        "version": "[variables('parserVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Infoblox Cloud Data Connector",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "InfoBlox",
-          "tier": "Partner",
-          "link": "https://support.infoblox.com/"
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "version": "2.0.10",
-        "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
-        "contentId": "[variables('_solutionId')]",
-        "parentId": "[variables('_solutionId')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Infoblox Cloud Data Connector",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "InfoBlox",
-          "tier": "Partner",
-          "link": "https://support.infoblox.com/"
-        },
-        "dependencies": {
-          "operator": "AND",
-          "criteria": [
-            {
-              "kind": "Workbook",
-              "contentId": "[variables('_workbookContentId1')]",
-              "version": "[variables('workbookVersion1')]"
-            },
-            {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRulecontentId1')]",
-              "version": "[variables('analyticRuleVersion1')]"
-            },
-            {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRulecontentId2')]",
-              "version": "[variables('analyticRuleVersion2')]"
-            },
-            {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRulecontentId3')]",
-              "version": "[variables('analyticRuleVersion3')]"
-            },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
-            {
-              "kind": "Parser",
-              "contentId": "[variables('_parserContentId1')]",
-              "version": "[variables('parserVersion1')]"
-            }
-          ]
-        },
-        "firstPublishDate": "2021-10-20",
-        "providers": [
-          "InfoBlox"
-        ],
-        "categories": {
-          "domains": [
-            "Security - Threat Protection"
-          ]
-        }
-      },
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
-    }
-  ],
-  "outputs": {}
-}
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "author": "Microsoft - support@microsoft.com",
+    "comments": "Solution template for Infoblox Cloud Data Connector"
+  },
+  "parameters": {
+    "location": {
+      "type": "string",
+      "minLength": 1,
+      "defaultValue": "[resourceGroup().location]",
+      "metadata": {
+        "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+      }
+    },
+    "workspace-location": {
+      "type": "string",
+      "defaultValue": "",
+      "metadata": {
+        "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+      }
+    },
+    "workspace": {
+      "defaultValue": "",
+      "type": "string",
+      "metadata": {
+        "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+      }
+    },
+    "workbook1-name": {
+      "type": "string",
+      "defaultValue": "Infoblox Cloud Data Connector",
+      "minLength": 1,
+      "metadata": {
+        "description": "Name for the workbook"
+      }
+    }
+  },
+  "variables": {
+    "email": "support@microsoft.com",
+    "_email": "[variables('email')]",
+    "_solutionName": "Infoblox Cloud Data Connector",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "infoblox.infoblox-cdc-solution",
+    "_solutionId": "[variables('solutionId')]",
+    "workbookVersion1": "1.0.0",
+    "workbookContentId1": "InfobloxCDCB1TDWorkbook",
+    "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
+    "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]",
+    "_workbookContentId1": "[variables('workbookContentId1')]",
+    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
+    "analyticRuleVersion1": "1.0.0",
+    "analyticRulecontentId1": "8db2b374-0337-49bd-94c9-cfbf8e5d83ad",
+    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
+    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
+    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
+    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
+    "analyticRuleVersion2": "1.0.0",
+    "analyticRulecontentId2": "dc7af829-d716-4774-9d6f-03d9aa7c27a4",
+    "_analyticRulecontentId2": "[variables('analyticRulecontentId2')]",
+    "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId2'))]",
+    "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId2'))))]",
+    "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId2'),'-', variables('analyticRuleVersion2'))))]",
+    "analyticRuleVersion3": "1.0.0",
+    "analyticRulecontentId3": "3822b794-fa89-4420-aad6-0e1a2307f419",
+    "_analyticRulecontentId3": "[variables('analyticRulecontentId3')]",
+    "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId3'))]",
+    "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId3'))))]",
+    "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId3'),'-', variables('analyticRuleVersion3'))))]",
+    "analyticRuleVersion4": "1.0.0",
+    "analyticRulecontentId4": "99278700-79ca-4b0f-b416-bf57ec699e1a",
+    "_analyticRulecontentId4": "[variables('analyticRulecontentId4')]",
+    "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId4'))]",
+    "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId4'))))]",
+    "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId4'),'-', variables('analyticRuleVersion4'))))]",
+    "analyticRuleVersion5": "1.0.0",
+    "analyticRulecontentId5": "b2f34315-9065-488e-88d0-a171d2b0da8e",
+    "_analyticRulecontentId5": "[variables('analyticRulecontentId5')]",
+    "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId5'))]",
+    "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId5'))))]",
+    "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId5'),'-', variables('analyticRuleVersion5'))))]",
+    "analyticRuleVersion6": "1.0.0",
+    "analyticRulecontentId6": "5b0864a9-4577-4087-b9fa-de3e14a8a999",
+    "_analyticRulecontentId6": "[variables('analyticRulecontentId6')]",
+    "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId6'))]",
+    "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId6'))))]",
+    "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId6'),'-', variables('analyticRuleVersion6'))))]",
+    "analyticRuleVersion7": "1.0.0",
+    "analyticRulecontentId7": "568730be-b39d-45e3-a392-941e00837d52",
+    "_analyticRulecontentId7": "[variables('analyticRulecontentId7')]",
+    "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId7'))]",
+    "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId7'))))]",
+    "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId7'),'-', variables('analyticRuleVersion7'))))]",
+    "analyticRuleVersion8": "1.0.0",
+    "analyticRulecontentId8": "28ee3c2b-eb4b-44de-a71e-e462843fea72",
+    "_analyticRulecontentId8": "[variables('analyticRulecontentId8')]",
+    "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId8'))]",
+    "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId8'))))]",
+    "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId8'),'-', variables('analyticRuleVersion8'))))]",
+    "uiConfigId1": "InfobloxCloudDataConnector",
+    "_uiConfigId1": "[variables('uiConfigId1')]",
+    "dataConnectorContentId1": "InfobloxCloudDataConnector",
+    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
+    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+    "_dataConnectorId1": "[variables('dataConnectorId1')]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
+    "dataConnectorVersion1": "1.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "parserName1": "Infoblox Cloud Data Connector Data Parser",
+    "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
+    "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
+    "_parserId1": "[variables('parserId1')]",
+    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
+    "parserVersion1": "1.0.0",
+    "parserContentId1": "InfobloxCDC-Parser",
+    "_parserContentId1": "[variables('parserContentId1')]",
+    "_parsercontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId1'),'-', variables('parserVersion1'))))]",
+    "Infoblox-Import-AISCOMM-Weekly": "Infoblox-Import-AISCOMM-Weekly",
+    "_Infoblox-Import-AISCOMM-Weekly": "[variables('Infoblox-Import-AISCOMM-Weekly')]",
+    "TemplateEmptyArray": "[json('[]')]",
+    "playbookVersion1": "1.0",
+    "playbookContentId1": "Infoblox-Import-AISCOMM-Weekly",
+    "_playbookContentId1": "[variables('playbookContentId1')]",
+    "playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]",
+    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))))]",
+    "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
+    "blanks": "[replace('b', 'b', '')]",
+    "Infoblox-Import-Emails-Weekly": "Infoblox-Import-Emails-Weekly",
+    "_Infoblox-Import-Emails-Weekly": "[variables('Infoblox-Import-Emails-Weekly')]",
+    "playbookVersion2": "1.0",
+    "playbookContentId2": "Infoblox-Import-Emails-Weekly",
+    "_playbookContentId2": "[variables('playbookContentId2')]",
+    "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
+    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
+    "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
+    "Infoblox-Import-Hashes-Weekly": "Infoblox-Import-Hashes-Weekly",
+    "_Infoblox-Import-Hashes-Weekly": "[variables('Infoblox-Import-Hashes-Weekly')]",
+    "playbookVersion3": "1.0",
+    "playbookContentId3": "Infoblox-Import-Hashes-Weekly",
+    "_playbookContentId3": "[variables('playbookContentId3')]",
+    "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
+    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
+    "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
+    "Infoblox-Import-Hosts-Daily-LookalikeDomains": "Infoblox-Import-Hosts-Daily-LookalikeDomains",
+    "_Infoblox-Import-Hosts-Daily-LookalikeDomains": "[variables('Infoblox-Import-Hosts-Daily-LookalikeDomains')]",
+    "playbookVersion4": "1.0",
+    "playbookContentId4": "Infoblox-Import-Hosts-Daily-LookalikeDomains",
+    "_playbookContentId4": "[variables('playbookContentId4')]",
+    "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
+    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]",
+    "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]",
+    "Infoblox-Import-Hosts-Daily-MalwareC2DGA": "Infoblox-Import-Hosts-Daily-MalwareC2DGA",
+    "_Infoblox-Import-Hosts-Daily-MalwareC2DGA": "[variables('Infoblox-Import-Hosts-Daily-MalwareC2DGA')]",
+    "playbookVersion5": "1.0",
+    "playbookContentId5": "Infoblox-Import-Hosts-Daily-MalwareC2DGA",
+    "_playbookContentId5": "[variables('playbookContentId5')]",
+    "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]",
+    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]",
+    "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]",
+    "Infoblox-Import-Hosts-Daily-Phishing": "Infoblox-Import-Hosts-Daily-Phishing",
+    "_Infoblox-Import-Hosts-Daily-Phishing": "[variables('Infoblox-Import-Hosts-Daily-Phishing')]",
+    "playbookVersion6": "1.0",
+    "playbookContentId6": "Infoblox-Import-Hosts-Daily-Phishing",
+    "_playbookContentId6": "[variables('playbookContentId6')]",
+    "playbookId6": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId6'))]",
+    "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId6'))))]",
+    "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]",
+    "Infoblox-Import-Hosts-Hourly": "Infoblox-Import-Hosts-Hourly",
+    "_Infoblox-Import-Hosts-Hourly": "[variables('Infoblox-Import-Hosts-Hourly')]",
+    "playbookVersion7": "1.0",
+    "playbookContentId7": "Infoblox-Import-Hosts-Hourly",
+    "_playbookContentId7": "[variables('playbookContentId7')]",
+    "playbookId7": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId7'))]",
+    "playbookTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId7'))))]",
+    "_playbookcontentProductId7": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId7'),'-', variables('playbookVersion7'))))]",
+    "Infoblox-Import-IPs-Hourly": "Infoblox-Import-IPs-Hourly",
+    "_Infoblox-Import-IPs-Hourly": "[variables('Infoblox-Import-IPs-Hourly')]",
+    "playbookVersion8": "1.0",
+    "playbookContentId8": "Infoblox-Import-IPs-Hourly",
+    "_playbookContentId8": "[variables('playbookContentId8')]",
+    "playbookId8": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId8'))]",
+    "playbookTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId8'))))]",
+    "_playbookcontentProductId8": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId8'),'-', variables('playbookVersion8'))))]",
+    "Infoblox-Import-URLs-Hourly": "Infoblox-Import-URLs-Hourly",
+    "_Infoblox-Import-URLs-Hourly": "[variables('Infoblox-Import-URLs-Hourly')]",
+    "playbookVersion9": "1.0",
+    "playbookContentId9": "Infoblox-Import-URLs-Hourly",
+    "_playbookContentId9": "[variables('playbookContentId9')]",
+    "playbookId9": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId9'))]",
+    "playbookTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId9'))))]",
+    "_playbookcontentProductId9": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId9'),'-', variables('playbookVersion9'))))]",
+    "Infoblox-Incident-Enrichment-Domains": "Infoblox-Incident-Enrichment-Domains",
+    "_Infoblox-Incident-Enrichment-Domains": "[variables('Infoblox-Incident-Enrichment-Domains')]",
+    "playbookVersion10": "1.0",
+    "playbookContentId10": "Infoblox-Incident-Enrichment-Domains",
+    "_playbookContentId10": "[variables('playbookContentId10')]",
+    "playbookId10": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId10'))]",
+    "playbookTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId10'))))]",
+    "_playbookcontentProductId10": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId10'),'-', variables('playbookVersion10'))))]",
+    "Infoblox-Incident-Send-Email": "Infoblox-Incident-Send-Email",
+    "_Infoblox-Incident-Send-Email": "[variables('Infoblox-Incident-Send-Email')]",
+    "playbookVersion11": "1.0",
+    "playbookContentId11": "Infoblox-Incident-Send-Email",
+    "_playbookContentId11": "[variables('playbookContentId11')]",
+    "playbookId11": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId11'))]",
+    "playbookTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId11'))))]",
+    "_playbookcontentProductId11": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId11'),'-', variables('playbookVersion11'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
+  },
+  "resources": [
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('workbookTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "InfobloxCDCB1TDWorkbookWorkbook Workbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('workbookVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.Insights/workbooks",
+              "name": "[variables('workbookContentId1')]",
+              "location": "[parameters('workspace-location')]",
+              "kind": "shared",
+              "apiVersion": "2021-08-01",
+              "metadata": {
+                "description": "Sets the time name for analysis"
+              },
+              "properties": {
+                "displayName": "[parameters('workbook1-name')]",
+                "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":1,\"content\":{\"json\":\">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.\",\"style\":\"info\"},\"name\":\"text - 9\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":1,\"content\":{\"json\":\"# Infoblox CDC BloxOne DDI & Threat Defense Workbook\\r\\n\\r\\n##### Get a closer look at your BloxOne DNS Query/Response logs, DHCP logs and Threat Defense security event data. \\r\\n\\r\\nThis workbook is intended to help visualize BloxOne query data as part of the Infoblox Cloud Data Connector. Drilldown your data and visualize events, trends, and anomalous changes over time.\\r\\n\\r\\nSupported BloxOne Cloud Source log types:\\r\\n* Threat Defense Query/Response Log\\r\\n* Threat Defense Threat Feeds Hits Log\\r\\n* DDI Query/Response Log\\r\\n* DDI DHCP Lease Log\\r\\n\\r\\n---\\r\\n\"},\"name\":\"text - 3\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":11,\"content\":{\"version\":\"LinkItem/1.0\",\"style\":\"tabs\",\"links\":[{\"id\":\"f2ce2fdb-104a-447f-b42b-6d11931a09ff\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"DNS & DHCP Overview\",\"subTarget\":\"DNS & DHCP Overview\",\"style\":\"link\"},{\"id\":\"46b4abc5-316b-4c75-89b7-5cf134d6dbb0\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Security Overview\",\"subTarget\":\"Security Overview\",\"style\":\"link\"},{\"id\":\"81661594-3591-4fe6-a67d-b69ae55abf67\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Events by Device\",\"subTarget\":\"Events by Device\",\"preText\":\"IPs\",\"style\":\"link\"},{\"id\":\"46ca603b-ead0-46bd-987d-1d157b2a763a\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Events by Domain\",\"subTarget\":\"Events by Domain\",\"style\":\"link\"},{\"id\":\"2e942b67-07c4-4579-ac5b-f43c5b01c51c\",\"cellValue\":\"view\",\"linkTarget\":\"parameter\",\"linkLabel\":\"Filters\",\"subTarget\":\"Filters\",\"style\":\"link\"}]},\"name\":\"links - 16\",\"styleSettings\":{\"margin\":\"0 0 20px 0\"}},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9878ee10-a66a-4438-afdd-29789d76bd61\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"value\":{\"durationMs\":14400000},\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"30\",\"name\":\"parameters - 0\"},{\"type\":1,\"content\":{\"json\":\"#### Set a time range for which to view data using the dropdown to the left. It will be applied to all visualizations of this workbook. Note that using a large range may cause queries to timeout depending on the size of your environment. Reduce the range if this keeps occurring.\\r\\n\\r\\n---\\r\\n\",\"style\":\"info\"},\"customWidth\":\"70\",\"name\":\"text - 7\",\"styleSettings\":{\"margin\":\"0 0 10px 0\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Events by Device\\r\\n---\\r\\n#### Get a closer look into where threat data is originating. \\r\\nThis section visualizes which devices are producing the most hits. Further drilldown data by source IP address. \\r\\n\\r\\nMake sure to set all Threat Defense dropdowns below back to \\\"All\\\" when switching between Log Types.\"},\"name\":\"text - 8\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"12793c1f-b77e-4319-99f6-b6b4230d9cfe\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LogTypeParam\",\"label\":\"Log Type\",\"type\":2,\"isRequired\":true,\"value\":\"RPZ\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"RPZ\\\",  \\\"label\\\":\\\"Threat Defense Security Hits\\\" },\\r\\n    { \\\"value\\\":\\\"DNS\\\", \\\"label\\\":\\\"DNS Queries & Responses\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"19099936-395c-4ac9-a462-097e6c1fe50c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"2d6b86ef-4bd8-4afd-be72-83f7cb365585\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"8e48699a-6c2e-42b2-bcd8-15cfce54fe4d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"f57d037a-57c8-4b7b-93fd-8f6215d1c9c2\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where isnotempty(SourceIP)\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\\r\\n\",\"size\":2,\"title\":\"Top Source IPs by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Source IPs by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Device in the chart below to further drilldown the device.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 17\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| summarize count() by SourceIP, DeviceName, SourceMACAddress, InfobloxB1SrcOSVersion\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Hit Count by Device\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"SourceIP\",\"exportParameterName\":\"ip\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Device\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip}\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"showPin\":false,\"name\":\"Events for {ip}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip}\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"SourceIP\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"SourceIP\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"}],\"showPin\":false,\"name\":\"Events for {ip} - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| top 10 by count_ \\r\\n| project InfobloxB1FeedName);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where '{ip}' == SourceIP \\r\\n| where InfobloxB1FeedName in ((Top))\\r\\n| project TimeGenerated, InfobloxB1FeedName\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxB1FeedName\",\"size\":0,\"title\":\"Feed Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Feed Trend for {ip}\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by ThreatClass\\r\\n| top 10 by count_ \\r\\n| project ThreatClass);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where '{ip}' == SourceIP \\r\\n| where ThreatClass in ((Top))\\r\\n| project TimeGenerated, ThreatClass\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatClass\",\"size\":0,\"title\":\"Threat Class Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Threat Class Trend for {ip}\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatLevel\",\"size\":0,\"title\":\"Threat Level Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"group\":\"ThreatLevel\",\"createOtherGroup\":\"\",\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"N/A\",\"label\":\"N/A\",\"color\":\"turquoise\"},{\"seriesName\":\"Info\",\"label\":\"\",\"color\":\"lightBlue\"},{\"seriesName\":\"Low\",\"label\":\"\",\"color\":\"yellow\"},{\"seriesName\":\"Medium\",\"label\":\"\",\"color\":\"orange\"},{\"seriesName\":\"High\",\"color\":\"red\"}]}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Threat Level Trend for {ip}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SimplifiedDeviceAction\",\"size\":0,\"title\":\"Action Trend for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"<empty>\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"50\",\"conditionalVisibilities\":[{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"name\":\"Action Trend for {ip}\"},{\"type\":1,\"content\":{\"json\":\"#### The time graph below utilizes Time Brushing. Click and drag between two points of the graph to view events for only that window of time. By not selecting any window you can also view all events for the TimeRange selected at the top of this workbook. \\r\\n\\r\\n---\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"text - 9\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count() by DestinationDnsDomain\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Queries for {ip}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"60%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"20\",\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Queries for {ip}\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| where isnotempty(DestinationDnsDomain)\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 15 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries for {ip} by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"timeBrushParameterName\":\"brush\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"customWidth\":\"80\",\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Top Queries for {ip} by Time\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Total Events for {ip} between {brush:label}\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| summarize count()\",\"size\":3,\"title\":\"Events Count\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"Events Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1PolicyAction\",\"sortOrder\":1}]},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"showPin\":false,\"name\":\"Events for {ip} between {brush:label} - grid\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{ip}' == SourceIP \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"},\"showPin\":false,\"name\":\"Events for {ip} between {brush:label} - grid - Copy\"}]},\"conditionalVisibility\":{\"parameterName\":\"ip\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Total Events for {ip} between {brush:label}\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Events by Device\"},\"name\":\"Events by Device\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Events by Destination Domain\\r\\n---\\r\\n#### Get a closer look into what is being queried. \\r\\nThis section visualizes where users are visiting. Further drilldown data by destination query (domain). \\r\\n\\r\\nMake sure to set all Threat Defense dropdowns below back to \\\"All\\\" when switching between Log Types.\"},\"name\":\"text - 6\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9d2856d9-b23c-4779-916d-abef2e4c50e0\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"LogTypeParam\",\"label\":\"Log Type\",\"type\":2,\"isRequired\":true,\"value\":\"RPZ\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"RPZ\\\",  \\\"label\\\":\\\"Threat Defense Security Hits\\\" },\\r\\n    { \\\"value\\\":\\\"DNS\\\", \\\"label\\\":\\\"DNS Queries & Responses\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy2 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"a5663eb6-1030-421e-a60a-6af9f4af3f99\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"5cbd5c34-3703-4835-aa3b-228504310c1c\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"id\":\"3c67b4c6-8cf3-4c75-87ea-4bca83dee296\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"730927d0-a8ce-461d-b20b-fe9cda17c486\"}],\"style\":\"pills\",\"doNotRunWhenHidden\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where isnotempty(DestinationDnsDomain)\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 15 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Queries by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Query in the chart below to further drilldown the query.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| sort by count_ desc\",\"size\":2,\"title\":\"Hit Count by Query/Domain\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"DestinationDnsDomain\",\"exportParameterName\":\"domain\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Query/Domain\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"}],\"showPin\":false,\"name\":\"Events for {domain}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibilities\":[{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"}],\"showPin\":false,\"name\":\"Events for {domain} - Copy\"},{\"type\":1,\"content\":{\"json\":\"#### The time graph below utilizes Time Brushing. Click and drag between two points of the graph to view events for only that window of time. By not selecting any window you can also view all events for the TimeRange selected at the top of this workbook. \\r\\n\\r\\n---\",\"style\":\"info\"},\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"text - 7\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| summarize count() by SourceIP, DeviceName, SourceMACAddress, InfobloxB1SrcOSVersion\\r\\n| sort by count_ desc\",\"size\":2,\"title\":\"Devices Querying {domain}\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Devices Querying {domain}\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\nlet timeframe = 1h;\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| where isnotempty(SourceIP)\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange}\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\\r\\n\",\"size\":2,\"title\":\"Top Devices Querying {domain} by Time\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"timeBrushParameterName\":\"brush\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Top Devices Querying {domain} by Time\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Events for {domain} between {brush:label}\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs '{LogTypeParam}'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| summarize count()\",\"size\":3,\"title\":\"Events Count\",\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"name\":\"Events Count\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where DeviceEventClassID has_cs 'RPZ'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"RPZ\"},\"showPin\":false,\"name\":\"Domain RPZ Events - grid\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and TimeGenerated {brush} \\r\\n| where DeviceEventClassID has_cs 'DNS'\\r\\n| where '{domain}' == DestinationDnsDomain \\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":86400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"50\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"conditionalVisibility\":{\"parameterName\":\"LogTypeParam\",\"comparison\":\"isEqualTo\",\"value\":\"DNS\"},\"showPin\":false,\"name\":\"Domain RPZ Events - grid - Copy\"}]},\"conditionalVisibility\":{\"parameterName\":\"domain\",\"comparison\":\"isNotEqualTo\"},\"name\":\"Events for {domain} between {brush:label}\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Events by Domain\"},\"name\":\"Events by Domain\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## BloxOne Threat Defense Security Overview\\r\\n---\\r\\n#### Top level insight into your BloxOne Threat Defense security data.\\r\\n\\r\\n\"},\"name\":\"text - 8\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"5b2e1804-a9a6-4b86-8a6e-27fd0ab029b5\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatLevelParam\",\"label\":\"Threat Level\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"N/A\\\"},\\r\\n    { \\\"value\\\":\\\"Info\\\"},\\r\\n    { \\\"value\\\":\\\"Low\\\"},\\r\\n    { \\\"value\\\":\\\"Medium\\\"},\\r\\n    { \\\"value\\\":\\\"High\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\"},{\"id\":\"1bc7a1f9-d3bd-4e0f-b5ae-4dc8ba8a1463\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FeedParam\",\"label\":\"Feed\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| where isnotempty(InfobloxB1FeedName)\\r\\n| summarize by InfobloxB1FeedName\\r\\n| order by InfobloxB1FeedName asc\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"id\":\"1eedd218-57c0-43e3-a306-a716380b05e6\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"ThreatClassParam\",\"label\":\"Threat Class\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"\\\"\",\"delimiter\":\",\",\"query\":\"InfobloxCDC\\r\\n| summarize by ThreatClass\\r\\n| order by ThreatClass asc\\r\\n| project value = ThreatClass, label = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},{\"version\":\"KqlParameterItem/1.0\",\"name\":\"ActionParam\",\"label\":\"Action\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"NXDOMAIN\\\", \\\"label\\\": \\\"Block\\\"},\\r\\n    { \\\"value\\\":\\\"REDIRECT\\\", \\\"label\\\": \\\"Redirect\\\"},\\r\\n    { \\\"value\\\":\\\"PASSTHRU\\\", \\\"label\\\": \\\"Log\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":259200000},\"timeContextFromParameter\":\"TimeRange\",\"defaultValue\":\"value::all\",\"id\":\"e36bc3c2-b85e-478c-968b-7faf79c21c49\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Impacted Devices\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Impacted Devices\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Impacted B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Impacted B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(DestinationDnsDomain)\",\"size\":3,\"title\":\"Unique Threat Indicators\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_DestinationDnsDomain\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Threat Indicators\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize dcount(ThreatClass)\",\"size\":3,\"title\":\"Unique Threat Classes\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_ThreatClass\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"greenDark\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Threat Classes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n//| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Security Hits (All Actions)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Security Hits (All Actions)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Log\\\" or SimplifiedDeviceAction == \\\"PASSTHRU\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Allowed + Logged Hits (PASSTHRU)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"green\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Allowed + Logged Hits (PASSTHRU)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Block\\\" or SimplifiedDeviceAction == \\\"NXDOMAIN\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Blocked Hits (NXDOMAIN)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Blocked Hits (NXDOMAIN)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Redirect\\\" or SimplifiedDeviceAction == \\\"REDIRECT\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Redirects (REDIRECT)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"red\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Redirects (REDIRECT)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1PolicyAction == \\\"Log\\\" or SimplifiedDeviceAction == \\\"PASSTHRU\\\"\\r\\n| where ThreatLevel == \\\"High\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total High Threat Level Hits Not Blocked\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":0,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total High Threat Level Hits Not Blocked\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName !has_cs \\\"CAT_\\\" and InfobloxRPZ !has_cs \\\"CAT_\\\" and InfobloxB1FeedName !has_cs \\\"APP_\\\" and InfobloxRPZ !has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Non-Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"coldHot\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Non-Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Category Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowGreenBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Category Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Application Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"yellow\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Application Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orangeRed\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"nios\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via NIOS\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"blue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via NIOS\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"dfp\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Hits via DFP\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Hits via DFP\"}]},\"customWidth\":\"40\",\"name\":\"Totals\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain}\",\"size\":3,\"title\":\"Security Hits over Time\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"areachart\"},\"customWidth\":\"60\",\"name\":\"Security Hits over Time\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 50 by count_ desc\",\"size\":2,\"title\":\"Top Indicators\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false},\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"65\",\"name\":\"Top Indicators\",\"styleSettings\":{\"margin\":\"0px 10px 0px 0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by SourceIP\\r\\n| top 20 by count_ desc\",\"size\":3,\"title\":\"Top Impacted IPs\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"35\",\"name\":\"Top Impacted IPs\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Threat Level\"},\"name\":\"text - 8\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"datatable (Count:long, ThreatLevel:string, ThreatLevel_count:long) [0,\\\"N/A\\\",1, 0,\\\"Info\\\",2, 0,\\\"Low\\\",3, 0,\\\"Medium\\\",4, 0,\\\"High\\\",5]\\r\\n|union\\r\\n(\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatLevel_count = case(ThreatLevel == \\\"High\\\", 5, ThreatLevel==\\\"Medium\\\", 4, ThreatLevel==\\\"Low\\\", 3, ThreatLevel==\\\"Info\\\", 2, 1)\\r\\n| summarize Count = count() by ThreatLevel, ThreatLevel_count\\r\\n)\\r\\n| summarize Count=sum(Count) by ThreatLevel, ThreatLevel_count\\r\\n| sort by ThreatLevel_count asc\",\"size\":0,\"title\":\"Hit Count by Threat Level\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"graph\",\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowOrangeRed\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"useGrouping\":false,\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":false,\"sortCriteriaField\":\"status_count\",\"sortOrderField\":1,\"size\":\"auto\"},\"graphSettings\":{\"type\":2,\"topContent\":{\"columnMatch\":\"ThreatLevel\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"Count\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"useGrouping\":false,\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"nodeIdField\":\"Count\",\"graphOrientation\":3,\"showOrientationToggles\":false,\"staticNodeSize\":100,\"colorSettings\":{\"nodeColorField\":\"ThreatLevel\",\"type\":3,\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\"},{\"operator\":\"Default\",\"representation\":\"gray\"}]},\"hivesMargin\":5}},\"customWidth\":\"30\",\"name\":\"Hit Count by Threat Level\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatLevel\",\"size\":0,\"title\":\"Threat Level Trend\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"High\",\"color\":\"red\"},{\"seriesName\":\"N/A\",\"color\":\"gray\"},{\"seriesName\":\"Low\",\"color\":\"yellow\"},{\"seriesName\":\"Medium\",\"color\":\"orange\"},{\"seriesName\":\"Info\",\"color\":\"lightBlue\"}]}},\"customWidth\":\"70\",\"name\":\"Threat Level Trend\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Feed\"},\"name\":\"text - 8 - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n\\r\\n//| summarize c = count() by InfobloxB1FeedName\\r\\n//| summarize c = sum(c) by InfobloxB1FeedName = tolower(InfobloxB1FeedName)\\r\\n\\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| order by count_ desc\",\"size\":0,\"title\":\"Hit Count by Feed\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Feed\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| summarize count() by InfobloxB1FeedName\\r\\n| top 10 by count_ \\r\\n| project InfobloxB1FeedName);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend InfobloxB1FeedName = case(InfobloxB1FeedName == \\\"\\\", InfobloxRPZ, InfobloxB1FeedName)\\r\\n| where InfobloxB1FeedName in ((Top))\\r\\n| project TimeGenerated, InfobloxB1FeedName\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxB1FeedName\",\"size\":0,\"title\":\"Feed Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"0\",\"label\":\"N/A\",\"color\":\"green\"},{\"seriesName\":\"1\",\"label\":\"Low/Info\",\"color\":\"blue\"},{\"seriesName\":\"8\",\"label\":\"High\",\"color\":\"red\"},{\"seriesName\":\"5\",\"label\":\"Medium\",\"color\":\"orange\"}]}},\"customWidth\":\"70\",\"name\":\"Feed Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Class\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| summarize count() by ThreatClass\\r\\n| order by count_ desc\\r\\n\\r\\n\\r\\n\",\"size\":0,\"title\":\"Hit Count by Class\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Class\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| summarize count() by ThreatClass\\r\\n| top 10 by count_ \\r\\n| project ThreatClass);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| extend ThreatClass = case(ThreatClass == \\\"\\\", \\\"N/A\\\", ThreatClass)\\r\\n| where ThreatClass in ((Top))\\r\\n| project TimeGenerated, ThreatClass\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by ThreatClass\",\"size\":0,\"title\":\"Class Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"70\",\"name\":\"Class Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Action\"},\"name\":\"text - 8 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| summarize count() by SimplifiedDeviceAction\\r\\n| top 10 by count_ desc\",\"size\":0,\"title\":\"Hit Count By Action\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"30\",\"name\":\"Hit Count By Action\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| make-series Trend = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SimplifiedDeviceAction\",\"size\":0,\"title\":\"Action Trend\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\",\"chartSettings\":{\"showLegend\":true,\"seriesLabelSettings\":[{\"seriesName\":\"REDIRECT\",\"label\":\"Redirect\",\"color\":\"orange\"},{\"seriesName\":\"NXDOMAIN\",\"label\":\"Block\",\"color\":\"redBright\"},{\"seriesName\":\"PASSTHRU\",\"label\":\"Log\",\"color\":\"green\"},{\"seriesName\":\"<empty>\",\"label\":\"Unknown\",\"color\":\"turquoise\"}]}},\"customWidth\":\"70\",\"name\":\"Action Trend\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## Events\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"RPZ\\\"\\r\\n| where ThreatClass in ({ThreatClassParam}) or '{ThreatClassParam:label}' ==  \\\"All\\\"\\r\\n| where InfobloxB1FeedName in~ ({FeedParam}) or InfobloxRPZ in~ ({FeedParam}) or'{FeedParam:label}' ==  \\\"All\\\"\\r\\n| where ThreatLevel in ({ThreatLevelParam}) or '{ThreatLevelParam:label}' ==  \\\"All\\\"\\r\\n| where SimplifiedDeviceAction in ({ActionParam}) or InfobloxB1PolicyAction has_cs \\\"{ActionParam:label}\\\" or '{ActionParam:label}' ==  \\\"All\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1FeedName\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1FeedName\",\"sortOrder\":1}]},\"showPin\":false,\"name\":\"RPZ Events\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Security Overview\"},\"name\":\"Overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## BloxOne DNS Query/Response & DHCP Leases Overview\\r\\n---\\r\\n#### Top level insight into your BloxOne DNS Query/Response and DHCP Lease data.\\r\\n\\r\\n\"},\"name\":\"text - 8\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique Devices\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Devices\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Unique B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize dcount(DestinationDnsDomain)\",\"size\":3,\"title\":\"Unique Queries (Domains)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_DestinationDnsDomain\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Unique Queries (Domains)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"remote_client\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via B1 Endpoints\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orangeRed\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via B1 Endpoints\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"nios\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via NIOS\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"blue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via NIOS\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| where InfobloxB1ConnectionType == \\\"dfp\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Total Queries via DFP\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Total Queries via DFP\"}]},\"customWidth\":\"40\",\"name\":\"Totals\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDNSRCode\",\"size\":0,\"title\":\"DNS Queries over Time\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"60\",\"name\":\"DNS Queries over Time - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-CREATE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"New DHCP Leases\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"orangeBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"New DHCP Leases\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-CREATE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"New DHCP Leases (Unique IPs)\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"pink\"}},\"showBorder\":false,\"size\":\"full\"}},\"customWidth\":\"33\",\"name\":\"New DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-UPDATE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Updated DHCP Leases \",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"greenDark\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Updated DHCP Leases \"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-UPDATE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Updated DHCP Leases (Unique IPs)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"magenta\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Updated DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-DELETE\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Released DHCP Leases\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Released DHCP Leases\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID == \\\"DHCP-LEASE-DELETE\\\"\\r\\n| summarize dcount(SourceIP)\",\"size\":3,\"title\":\"Released DHCP Leases (Unique IPs)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"dcount_SourceIP\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"green\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Released DHCP Leases (Unique IPs)\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| summarize avg(toint(column_ifexists(\\\"InfobloxLifetime\\\", \\\"\\\")))\",\"size\":3,\"title\":\"Average Lease Lifespan (seconds)\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"rowLimit\":200,\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}]},\"sortBy\":[{\"itemKey\":\"InfobloxThreatLevel\",\"sortOrder\":1}],\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"avg_InfobloxLifetime\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redBright\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Average Lease Lifespan (seconds)\"}]},\"customWidth\":\"40\",\"name\":\"Totals - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| make-series Hits = count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxLeaseOp\",\"size\":0,\"title\":\"DHCP Leases over Time\",\"color\":\"magenta\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"showLegend\":true}},\"customWidth\":\"60\",\"name\":\"DHCP Leases over Time\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## DNS Events\"},\"name\":\"text - 8 - Copy - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by DestinationDnsDomain\\r\\n| order by count_ desc\",\"size\":2,\"title\":\"Top Requested Domains\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Top Requested Domains\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by InfobloxDNSRCode\",\"size\":3,\"title\":\"Response Codes\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Response Codes\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by InfobloxB1ConnectionType\",\"size\":3,\"title\":\"Queries by Connection Type\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"InfobloxB1FeedName\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"50%\"}},{\"columnMatch\":\"Feed\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"\",\"label\":\"unknown\",\"color\":\"orange\"}]}},\"name\":\"Queries by Connection Type\"}]},\"customWidth\":\"30\",\"name\":\"group - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| summarize count() by SourceIP\\r\\n| top 25 by count_ desc\",\"size\":2,\"title\":\"Top Source IPs by DNS Queries\",\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0}},\"customWidth\":\"40\",\"name\":\"Top Source IPs by DNS Queries\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DNS\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, Activity, DestinationDnsDomain, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, InfobloxDNSQClass, InfobloxDNSQType, InfobloxDNSRCode, Protocol, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxDNSQType\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxDNSQType\",\"sortOrder\":2}]},\"showPin\":false,\"name\":\"DNS Events\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## DHCP Events\"},\"name\":\"text - 8 - Copy - Copy - Copy - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"b71068b1-a89d-4605-8440-802f89726143\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"DHCPTypeParam\",\"label\":\"DHCP Operation\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"value\":[\"value::all\"],\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"All\",\"showDefault\":false},\"jsonData\":\"[\\r\\n\\r\\n    { \\\"value\\\":\\\"Create\\\"},\\r\\n    { \\\"value\\\":\\\"Delete\\\"},\\r\\n    { \\\"value\\\":\\\"Update\\\"}\\r\\n]\",\"timeContext\":{\"durationMs\":86400000},\"defaultValue\":\"value::all\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 23\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} and DeviceEventClassID has_cs \\\"DHCP\\\"\\r\\n| where InfobloxLeaseOp in ({DHCPTypeParam}) or '{DHCPTypeParam:label}' ==  \\\"All\\\"\\r\\n| sort by TimeGenerated desc\\r\\n| project TimeGenerated, DeviceEventClassID, SourceIP, SourceHostName, SourceMACAddress, InfobloxLeaseOp, InfobloxLifetime, InfobloxLeaseUUID, AdditionalExtensionsParsedNested\\r\\n\",\"size\":2,\"showAnalytics\":true,\"timeContext\":{\"durationMs\":43200000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"ThreatLevel\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"N/A\",\"representation\":\"gray\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Low\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Info\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"Medium\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"High\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}]}},{\"columnMatch\":\"ThreatLevel_Score\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"is Empty\",\"representation\":\"gray\",\"text\":\"N/A\"},{\"operator\":\">=\",\"thresholdValue\":\"80\",\"representation\":\"red\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"30\",\"representation\":\"orange\",\"text\":\"{0}{1}\"},{\"operator\":\">=\",\"thresholdValue\":\"1\",\"representation\":\"yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"lightBlue\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"text\":\"\"}],\"compositeBarSettings\":{\"labelText\":\"[\\\"ThreatLevel\\\"]\",\"columnSettings\":[{\"columnName\":\"ThreatLevel\",\"color\":\"orange\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"blue\"}]}}},{\"columnMatch\":\"ThreatConfidence\",\"formatter\":8,\"formatOptions\":{\"min\":0,\"max\":100,\"palette\":\"purpleBlueGreen\",\"compositeBarSettings\":{\"labelText\":\"\"}}},{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":5000,\"filter\":true,\"sortBy\":[{\"itemKey\":\"DeviceEventClassID\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"DeviceEventClassID\",\"sortOrder\":2}]},\"showPin\":false,\"name\":\"DHCP Events\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"DNS & DHCP Overview\"},\"name\":\"DNS Query/Response Overview\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"## Filters \\r\\n---\\r\\n\\r\\nCategory filters are a set of content categorization rules that BloxOne Threat Defense Cloud uses to detect and filter specific internet content. Based on your configuration, specific actions such as Allow or Block will be taken on the detected content.\\r\\n\\r\\nApplication filters are a set of rules that BloxOne Threat Defense Cloud uses to detect and filter specific Internet content. The Application Classification Service (ACS) provides accessibility to applications based on their category or subcategory. Using application filters, you can set security policies based on whether you want to allow an app to access the Internet at all times, or if you want the app to use local resolution when used with BloxOne DDI appliances. \\r\\n\\r\\nSee more about filters on the official [Infoblox Documentation Portal](https://docs.infoblox.com/display/BloxOneThreatDefense/Filters).\"},\"name\":\"text - 2\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\" or InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"All Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"orange\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"All Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Category Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"yellowGreenBlue\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Category Filter Hits\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count()\",\"size\":3,\"title\":\"Application Filter Hits\",\"color\":\"orange\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"tileSettings\":{\"titleContent\":{\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"min\":-1,\"palette\":\"redPurple\"}},\"showBorder\":false}},\"customWidth\":\"33\",\"name\":\"Application Filter Hits\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Top Category Filter Hits\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"be7263d9-229e-4875-a60a-76114659b718\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"CatFilterSorter\",\"label\":\"Sort Tiles By\",\"type\":2,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"count_ desc\\\", \\\"label\\\":\\\"Hit Count\\\", \\\"selected\\\":true },\\r\\n    { \\\"value\\\":\\\"DestinationDnsDomain asc, count_ desc\\\", \\\"label\\\":\\\"Domain Name\\\" },\\r\\n    { \\\"value\\\":\\\"InfobloxDomainCat asc, count_ desc\\\", \\\"label\\\":\\\"Filter Type\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Top Category Filters RPZ Hits\",\"styleSettings\":{\"margin\":\"0px 0px 0px 10px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"CAT_\\\" or InfobloxRPZ has_cs \\\"CAT_\\\"\\r\\n| summarize count() by DestinationDnsDomain, InfobloxDomainCat\\r\\n| sort by {CatFilterSorter}\\r\\n| take 50\\r\\n\",\"size\":3,\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"subtitleContent\":{\"columnMatch\":\"InfobloxDomainCat\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false,\"rowLimit\":50,\"sortOrderField\":1},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Tops\",\"styleSettings\":{\"margin\":\"-20px 0px 0px 0px\"}}]},\"name\":\"Top Category Filter Hits\",\"styleSettings\":{\"margin\":\"10px\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Top Application Filter Hits\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"be7263d9-229e-4875-a60a-76114659b718\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"AppFilterSorter\",\"label\":\"Sort Tiles By\",\"type\":2,\"isRequired\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"count_ desc\\\", \\\"label\\\":\\\"Hit Count\\\", \\\"selected\\\":true },\\r\\n    { \\\"value\\\":\\\"DestinationDnsDomain asc, count_ desc\\\", \\\"label\\\":\\\"Domain Name\\\" },\\r\\n    { \\\"value\\\":\\\"InfobloxDomainCat asc, count_ desc\\\", \\\"label\\\":\\\"Filter Type\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"Top Category Filters RPZ Hits\",\"styleSettings\":{\"margin\":\"0px 0px 0px 10px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs \\\"APP_\\\" or InfobloxRPZ has_cs \\\"APP_\\\"\\r\\n| summarize count() by DestinationDnsDomain, InfobloxDomainCat\\r\\n| sort by {AppFilterSorter}\\r\\n| take 50\\r\\n\",\"size\":3,\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"filter\":true},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"subtitleContent\":{\"columnMatch\":\"InfobloxDomainCat\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"}},\"showBorder\":false,\"rowLimit\":50,\"sortOrderField\":1},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"name\":\"Tops\",\"styleSettings\":{\"margin\":\"-20px 0px 0px 0px\"}}]},\"name\":\"Top Application Filter Hits\",\"styleSettings\":{\"margin\":\"10px\"}}]},\"name\":\"Overview\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## By Filters\"},\"name\":\"text - 4\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"9f55f1ff-f771-485f-82a9-52a9f42251cc\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"FilterTypeParam\",\"label\":\"Filter Type\",\"type\":2,\"isRequired\":true,\"value\":\"CAT_\",\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\r\\n    { \\\"value\\\":\\\"CAT_\\\",  \\\"label\\\":\\\"Category Filters\\\" },\\r\\n    { \\\"value\\\":\\\"APP_\\\", \\\"label\\\":\\\"Application Filters\\\" }\\r\\n]\",\"timeContext\":{\"durationMs\":172800000},\"timeContextFromParameter\":\"TimeRange\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 6 - Copy - Copy - Copy - Copy - Copy - Copy\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by InfobloxDomainCat\\r\\n| top 15 by count_ \\r\\n| project InfobloxDomainCat);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where InfobloxDomainCat in ((Top))\\r\\n| project TimeGenerated, InfobloxDomainCat\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDomainCat\",\"size\":2,\"title\":\"Top Filters by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":15,\"showLegend\":true}},\"name\":\"Top Filters by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Filter in the chart below to further drilldown the filter.\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by InfobloxDomainCat\\r\\n| sort by count_ desc\",\"size\":0,\"title\":\"Hit Count by Filter \",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"InfobloxDomainCat\",\"exportParameterName\":\"filter\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"CategoryFilter\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Filter \",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat\\r\\n| sort by  TimeGenerated desc, SourceIP desc\\r\\n| project TimeGenerated, DestinationDnsDomain, InfobloxDomainCat, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\",\"size\":0,\"showAnalytics\":true,\"title\":\"Events for {filter}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"gray\",\"text\":\"N/A\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Message\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"sortBy\":[{\"itemKey\":\"InfobloxB1SrcOSVersion\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"InfobloxB1SrcOSVersion\",\"sortOrder\":2}]},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Events for {filter}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| summarize count() by SourceIP\\r\\n| top 10 by count_ desc\\r\\n\",\"size\":2,\"title\":\"Top IPs for {filter}\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]}},\"customWidth\":\"25\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top IPs for {filter}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| summarize count() by DestinationDnsDomain\\r\\n| top 10 by count_ \\r\\n| project DestinationDnsDomain);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{filter}' == InfobloxDomainCat \\r\\n| where DestinationDnsDomain in ((Top))\\r\\n| project TimeGenerated, DestinationDnsDomain\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by DestinationDnsDomain\\r\\n\",\"size\":2,\"title\":\"Top Queries for {filter} by Time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"customWidth\":\"74\",\"conditionalVisibility\":{\"parameterName\":\"filter\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Queries for {filter} by Time\",\"styleSettings\":{\"margin\":\"0 0 0 1%\"}}]},\"name\":\"Category Filter By Type\"},{\"type\":1,\"content\":{\"json\":\"---\\r\\n## By Source IP\"},\"name\":\"text - 5\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by SourceIP\\r\\n| top 15 by count_ \\r\\n| project SourceIP);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where SourceIP in ((Top))\\r\\n| project TimeGenerated, SourceIP\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by SourceIP\",\"size\":2,\"title\":\"Top Source IPs by Time\",\"color\":\"red\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"name\":\"Top Source IPs by Time\"},{\"type\":1,\"content\":{\"json\":\"#### Click on a Source IP in the chart below to further drilldown the IP.\\r\\n\\r\\n---\",\"style\":\"info\"},\"name\":\"text - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| summarize count() by SourceIP\\r\\n| sort by count_ desc\",\"size\":0,\"title\":\"Hit Count by Source IP\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"exportFieldName\":\"SourceIP\",\"exportParameterName\":\"ip_cat\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"SourceIP\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"60%\"}},{\"columnMatch\":\"count_\",\"formatter\":3,\"formatOptions\":{\"palette\":\"greenRed\",\"compositeBarSettings\":{\"labelText\":\"\"},\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"CategoryFilter\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"50%\"}}],\"filter\":true,\"labelSettings\":[{\"columnId\":\"count_\",\"label\":\"Hits\"}]},\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"DestinationDnsDomain\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"30\",\"name\":\"Hit Count by Source IP\",\"styleSettings\":{\"margin\":\"0 10px 0 0\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP\\r\\n| sort by TimeGenerated desc, InfobloxDomainCat desc\\r\\n| project TimeGenerated, DestinationDnsDomain, InfobloxDomainCat, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested\\r\\n\\r\\n\",\"size\":2,\"showAnalytics\":true,\"title\":\"Events for {ip_cat}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"showRefreshButton\":true,\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"Default\",\"representation\":\"gray\",\"text\":\"N/A\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Message\",\"formatter\":0,\"formatOptions\":{\"customColumnWidthSetting\":\"40%\"}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true}},\"customWidth\":\"70\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Events for {ip_cat}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| summarize count() by DestinationDnsDomain\",\"size\":2,\"title\":\"Top Queries for {ip_cat}\",\"timeContext\":{\"durationMs\":14400000},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"piechart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":10}},\"customWidth\":\"25\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Queries for {ip_cat}\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let starttime = {TimeRange:start};\\r\\nlet endtime = {TimeRange:end};\\r\\n// Finding Tops \\r\\nlet Top = materialize(InfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| summarize count() by InfobloxDomainCat\\r\\n| top 10 by count_ \\r\\n| project InfobloxDomainCat);\\r\\n// Filtering datasource to Tops and Plot Time chart\\r\\nInfobloxCDC\\r\\n| where TimeGenerated {TimeRange} \\r\\n| where DeviceEventClassID has_cs \\\"RPZ\\\" \\r\\n| where InfobloxB1FeedName has_cs '{FilterTypeParam}' or InfobloxRPZ has_cs '{FilterTypeParam}'\\r\\n| where '{ip_cat}' == SourceIP \\r\\n| where InfobloxDomainCat in ((Top))\\r\\n| project TimeGenerated, InfobloxDomainCat\\r\\n| make-series Total= count() default = 0 on TimeGenerated from {TimeRange:start} to {TimeRange:end} step {TimeRange:grain} by InfobloxDomainCat\",\"size\":2,\"title\":\"Top Filters for {ip_cat} by Time\",\"timeContext\":{\"durationMs\":0},\"timeContextFromParameter\":\"TimeRange\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"LogSeverity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"0\",\"representation\":\"green\",\"text\":\"N/A\"},{\"operator\":\"==\",\"thresholdValue\":\"1\",\"representation\":\"blue\",\"text\":\"Low/Info\"},{\"operator\":\"==\",\"thresholdValue\":\"5\",\"representation\":\"orange\",\"text\":\"Medium\"},{\"operator\":\"==\",\"thresholdValue\":\"8\",\"representation\":\"red\",\"text\":\"High\"},{\"operator\":\"Default\",\"representation\":\"blue\",\"text\":\"{0}{1}\"}],\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"LogSeverity\",\"color\":\"blue\"},{\"columnName\":\"DestinationDnsDomain\",\"color\":\"purple\"}]}}},{\"columnMatch\":\"Count\",\"formatter\":4,\"formatOptions\":{\"min\":0,\"palette\":\"blue\"}}],\"rowLimit\":500,\"filter\":true,\"labelSettings\":[{\"columnId\":\"LogSeverity\",\"label\":\"Threat Level\"}]},\"chartSettings\":{\"createOtherGroup\":0,\"showLegend\":true}},\"customWidth\":\"75\",\"conditionalVisibility\":{\"parameterName\":\"ip_cat\",\"comparison\":\"isNotEqualTo\"},\"showPin\":false,\"name\":\"Top Filters for {ip_cat} by Time\"}]},\"name\":\"Category Filter by IP\"}]},\"conditionalVisibility\":{\"parameterName\":\"view\",\"comparison\":\"isEqualTo\",\"value\":\"Filters\"},\"name\":\"Category Filters\"}],\"styleSettings\":{\"spacingStyle\":\"none\"},\"fromTemplateId\":\"sentinel-InfobloxCDCB1TDWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+                "version": "1.0",
+                "sourceId": "[variables('workspaceResourceId')]",
+                "category": "sentinel"
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]",
+              "properties": {
+                "description": "@{workbookKey=InfobloxCDCB1TDWorkbook; logoFileName=infoblox_logo.svg; description=Sets the time name for analysis; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Infoblox Cloud Data Connector; templateRelativePath=InfobloxCDCB1TDWorkbook.json; subtitle=; provider=InfoBlox}.description",
+                "parentId": "[variables('workbookId1')]",
+                "contentId": "[variables('_workbookContentId1')]",
+                "kind": "Workbook",
+                "version": "[variables('workbookVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                },
+                "dependencies": {
+                  "operator": "AND",
+                  "criteria": [
+                    {
+                      "contentId": "CommonSecurityLog",
+                      "kind": "DataType"
+                    },
+                    {
+                      "contentId": "InfobloxCloudDataConnector",
+                      "kind": "DataConnector"
+                    }
+                  ]
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_workbookContentId1')]",
+        "contentKind": "Workbook",
+        "displayName": "[parameters('workbook1-name')]",
+        "contentProductId": "[variables('_workbookcontentProductId1')]",
+        "id": "[variables('_workbookcontentProductId1')]",
+        "version": "[variables('workbookVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-DataExfiltrationAttack_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId1')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
+                "displayName": "Infoblox - Data Exfiltration Attack",
+                "enabled": false,
+                "query": "let threshold = 1;\nInfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n| where InfobloxB1FeedName == \"Threat Insight - Data Exfiltration\"\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=innerunique (InfobloxCDC\n  | where DeviceEventClassID has_cs \"RPZ\"\n  | where InfobloxB1FeedName == \"Threat Insight - Data Exfiltration\"\n  ) on SourceIP\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog (InfobloxCDC)"
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
+                  }
+                ],
+                "tactics": [
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1498",
+                  "T1565"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
+                      }
+                    ],
+                    "entityType": "IP"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
+                      },
+                      {
+                        "identifier": "OSVersion",
+                        "columnName": "InfobloxB1SrcOSVersion"
+                      },
+                      {
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Name",
+                        "columnName": "InfobloxB1FeedName"
+                      },
+                      {
+                        "identifier": "Category",
+                        "columnName": "InfobloxB1FeedName"
+                      }
+                    ],
+                    "entityType": "Malware"
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "customDetails": {
+                  "InfobloxB1Network": "InfobloxB1Network",
+                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
+                  "InfobloxB1FeedName": "InfobloxB1FeedName",
+                  "InfobloxB1Action": "InfobloxB1PolicyAction",
+                  "SourceMACAddress": "SourceMACAddress"
+                },
+                "incidentConfiguration": {
+                  "createIncident": true,
+                  "groupingConfiguration": {
+                    "reopenClosedIncident": true,
+                    "matchingMethod": "AllEntities",
+                    "enabled": true,
+                    "lookbackDuration": "7d"
+                  }
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
+              "properties": {
+                "description": "Infoblox Cloud Data Connector Analytics Rule 1",
+                "parentId": "[variables('analyticRuleId1')]",
+                "contentId": "[variables('_analyticRulecontentId1')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId1')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Infoblox - Data Exfiltration Attack",
+        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
+        "id": "[variables('_analyticRulecontentProductId1')]",
+        "version": "[variables('analyticRuleVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-HighThreatLevelQueryNotBlockedDetected_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId2')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "At least 1 high threat level query generated by single host in 1 hour that is not blocked or redirected. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).",
+                "displayName": "Infoblox - High Threat Level Query Not Blocked Detected",
+                "enabled": false,
+                "query": "let threshold = 1;\nInfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n| where ThreatLevel_Score >=80\n| where InfobloxB1PolicyAction == \"Log\" or SimplifiedDeviceAction == \"PASSTHRU\"\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n  | where DeviceEventClassID has_cs \"RPZ\"\n  | where ThreatLevel_Score >=80\n  | where InfobloxB1PolicyAction == \"Log\" or SimplifiedDeviceAction == \"PASSTHRU\"\n  ) on SourceIP\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog (InfobloxCDC)"
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
+                  }
+                ],
+                "tactics": [
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1498",
+                  "T1565"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
+                      }
+                    ],
+                    "entityType": "IP"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
+                      },
+                      {
+                        "identifier": "OSVersion",
+                        "columnName": "InfobloxB1SrcOSVersion"
+                      },
+                      {
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "DomainName",
+                        "columnName": "DestinationDnsDomain"
+                      }
+                    ],
+                    "entityType": "DNS"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Name",
+                        "columnName": "ThreatProperty"
+                      },
+                      {
+                        "identifier": "Category",
+                        "columnName": "ThreatClass"
+                      }
+                    ],
+                    "entityType": "Malware"
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "customDetails": {
+                  "InfobloxB1Network": "InfobloxB1Network",
+                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
+                  "InfobloxB1FeedName": "InfobloxB1FeedName",
+                  "InfobloxB1Action": "InfobloxB1PolicyAction",
+                  "SourceMACAddress": "SourceMACAddress"
+                },
+                "incidentConfiguration": {
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId2'),'/'))))]",
+              "properties": {
+                "description": "Infoblox Cloud Data Connector Analytics Rule 2",
+                "parentId": "[variables('analyticRuleId2')]",
+                "contentId": "[variables('_analyticRulecontentId2')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId2')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Infoblox - High Threat Level Query Not Blocked Detected",
+        "contentProductId": "[variables('_analyticRulecontentProductId2')]",
+        "id": "[variables('_analyticRulecontentProductId2')]",
+        "version": "[variables('analyticRuleVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName3')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-ManyHighThreatLevelQueriesFromSingleHostDetected_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion3')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId3')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "At least 200 high threat level queries generated by single host in 1 hour. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
+                "displayName": "Infoblox - Many High Threat Level Queries From Single Host Detected",
+                "enabled": false,
+                "query": "let threshold = 200;\nInfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n| where ThreatLevel_Score >= 80\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n  | where DeviceEventClassID has_cs \"RPZ\"\n  | where ThreatLevel_Score >= 80\n  ) on SourceIP\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog (InfobloxCDC)"
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
+                  }
+                ],
+                "tactics": [
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1498",
+                  "T1565"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
+                      }
+                    ],
+                    "entityType": "IP"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
+                      },
+                      {
+                        "identifier": "OSVersion",
+                        "columnName": "InfobloxB1SrcOSVersion"
+                      },
+                      {
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "customDetails": {
+                  "SourceMACAddress": "SourceMACAddress"
+                },
+                "incidentConfiguration": {
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId3'),'/'))))]",
+              "properties": {
+                "description": "Infoblox Cloud Data Connector Analytics Rule 3",
+                "parentId": "[variables('analyticRuleId3')]",
+                "contentId": "[variables('_analyticRulecontentId3')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion3')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId3')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Infoblox - Many High Threat Level Queries From Single Host Detected",
+        "contentProductId": "[variables('_analyticRulecontentProductId3')]",
+        "id": "[variables('_analyticRulecontentProductId3')]",
+        "version": "[variables('analyticRuleVersion3')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName4')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-ManyHighThreatLevelSingleQueryDetected_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion4')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId4')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Single high threat level domain queried at least 200 times in 1 hour regardless of source. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).",
+                "displayName": "Infoblox - Many High Threat Level Single Query Detected",
+                "enabled": false,
+                "query": "let threshold = 200;\nInfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n| where ThreatLevel_Score >= 80\n| summarize count() by DestinationDnsDomain\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n  | where DeviceEventClassID has_cs \"RPZ\"\n  | where ThreatLevel_Score >= 80\n  ) on DestinationDnsDomain\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog (InfobloxCDC)"
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
+                  }
+                ],
+                "tactics": [
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1498",
+                  "T1565"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "DomainName",
+                        "columnName": "DestinationDnsDomain"
+                      }
+                    ],
+                    "entityType": "DNS"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Name",
+                        "columnName": "ThreatProperty"
+                      },
+                      {
+                        "identifier": "Category",
+                        "columnName": "ThreatClass"
+                      }
+                    ],
+                    "entityType": "Malware"
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "customDetails": {
+                  "InfobloxB1Network": "InfobloxB1Network",
+                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
+                  "InfobloxB1FeedName": "InfobloxB1FeedName"
+                },
+                "incidentConfiguration": {
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId4'),'/'))))]",
+              "properties": {
+                "description": "Infoblox Cloud Data Connector Analytics Rule 4",
+                "parentId": "[variables('analyticRuleId4')]",
+                "contentId": "[variables('_analyticRulecontentId4')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion4')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId4')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Infoblox - Many High Threat Level Single Query Detected",
+        "contentProductId": "[variables('_analyticRulecontentProductId4')]",
+        "id": "[variables('_analyticRulecontentProductId4')]",
+        "version": "[variables('analyticRuleVersion4')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName5')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-ManyNXDOMAINDNSResponsesDetected_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion5')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId5')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Detected at least 200 DNS responses for non-existent domains in 1 hour generated by single host. Queries do not need to be the same. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser).",
+                "displayName": "Infoblox - Many NXDOMAIN DNS Responses Detected",
+                "enabled": false,
+                "query": "let threshold = 200;\nInfobloxCDC\n| where DeviceEventClassID == \"DNS Response\"\n| where InfobloxDNSRCode == \"NXDOMAIN\"\n| summarize count() by SourceIP\n| where count_ > threshold\n| join kind=inner (InfobloxCDC\n  | where DeviceEventClassID == \"DNS Response\"\n  | where InfobloxDNSRCode == \"NXDOMAIN\"\n  ) on SourceIP\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "PT1H",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog (InfobloxCDC)"
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
+                  }
+                ],
+                "tactics": [
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1498",
+                  "T1565"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
+                      }
+                    ],
+                    "entityType": "IP"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
+                      },
+                      {
+                        "identifier": "OSVersion",
+                        "columnName": "InfobloxB1SrcOSVersion"
+                      },
+                      {
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "customDetails": {
+                  "SourceMACAddress": "SourceMACAddress"
+                },
+                "incidentConfiguration": {
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId5'),'/'))))]",
+              "properties": {
+                "description": "Infoblox Cloud Data Connector Analytics Rule 5",
+                "parentId": "[variables('analyticRuleId5')]",
+                "contentId": "[variables('_analyticRulecontentId5')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion5')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId5')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Infoblox - Many NXDOMAIN DNS Responses Detected",
+        "contentProductId": "[variables('_analyticRulecontentProductId5')]",
+        "id": "[variables('_analyticRulecontentProductId5')]",
+        "version": "[variables('analyticRuleVersion5')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName6')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-TI-CommonSecurityLogMatchFound-MalwareC2_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion6')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId6')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "CommonSecurityLog (CEF) MalwareC2/MalwareC2DGA match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired.",
+                "displayName": "Infoblox - TI - CommonSecurityLog Match Found - MalwareC2",
+                "enabled": false,
+                "query": "let dt_lookBack = 1h;\nlet ioc_lookBack = 14d;\nlet TI = ThreatIntelligenceIndicator\n| where TimeGenerated >= ago(ioc_lookBack)\n| summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId\n| where Active == true and ExpirationDateTime > now()  \n| where Description has_cs \"Infoblox\"\n| where Description has_cs \"MalwareC2\"\n| where isnotempty(DomainName)\n;\nlet Data = CommonSecurityLog\n| extend HitTime = TimeGenerated\n| where TimeGenerated >= ago(dt_lookBack)\n| where isnotempty(DestinationDnsDomain)\n//Remove trailing period at end of domain\n| extend DestinationDnsDomain = trim_end(@\"\\.$\", DestinationDnsDomain)\n;\nTI | join kind=innerunique Data on $left.DomainName == $right.DestinationDnsDomain\n| where HitTime >= TimeGenerated and HitTime < ExpirationDateTime\n| project LatestIndicatorTime, HitTime, DeviceEventClassID, DestinationDnsDomain, DeviceAction, SourceIP, DeviceName, SourceMACAddress, SourceUserName, AdditionalExtensions, \nAdditionalInformation, Description, ThreatType, TrafficLightProtocolLevel, Type, ConfidenceScore, ExpirationDateTime, SourceSystem, Action, IndicatorId, ExternalIndicatorId, Tags\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P14D",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog"
+                    ],
+                    "connectorId": "CEF"
+                  },
+                  {
+                    "dataTypes": [
+                      "ThreatIntelligenceIndicator"
+                    ],
+                    "connectorId": "ThreatIntelligence"
+                  }
+                ],
+                "tactics": [
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1498",
+                  "T1565"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
+                      }
+                    ],
+                    "entityType": "IP"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
+                      },
+                      {
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "DomainName",
+                        "columnName": "DestinationDnsDomain"
+                      }
+                    ],
+                    "entityType": "DNS"
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "customDetails": {
+                  "SourceMACAddress": "SourceMACAddress"
+                },
+                "incidentConfiguration": {
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId6'),'/'))))]",
+              "properties": {
+                "description": "Infoblox Cloud Data Connector Analytics Rule 6",
+                "parentId": "[variables('analyticRuleId6')]",
+                "contentId": "[variables('_analyticRulecontentId6')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion6')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId6')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Infoblox - TI - CommonSecurityLog Match Found - MalwareC2",
+        "contentProductId": "[variables('_analyticRulecontentProductId6')]",
+        "id": "[variables('_analyticRulecontentProductId6')]",
+        "version": "[variables('analyticRuleVersion6')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName7')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-TI-InfobloxCDCMatchFound-LookalikeDomains_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion7')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId7')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "InfobloxCDC Lookalike Domain match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired. This rule depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Infoblox%20Cloud%20Data%20Connector/Parsers/InfobloxCDC.txt).",
+                "displayName": "Infoblox - TI - InfobloxCDC Match Found - Lookalike Domains",
+                "enabled": false,
+                "query": "let dt_lookBack = 1h;\nlet ioc_lookBack = 14d;\nlet TI = ThreatIntelligenceIndicator\n| where TimeGenerated >= ago(ioc_lookBack)\n| summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId\n| where Active == true and ExpirationDateTime > now()  \n| where Description == \"Infoblox - HOST - Policy\"\n| where Tags has_cs \"Property: Policy_LookalikeDomains\" \n| where isnotempty(DomainName)\n;\nlet Data = InfobloxCDC\n| extend HitTime = TimeGenerated\n| where TimeGenerated >= ago(dt_lookBack)\n| where isnotempty(DestinationDnsDomain)\n//Remove trailing period at end of domain\n| extend DestinationDnsDomain = trim_end(@\"\\.$\", DestinationDnsDomain)\n;\nTI | join kind=innerunique Data on $left.DomainName == $right.DestinationDnsDomain\n| where HitTime >= TimeGenerated and HitTime < ExpirationDateTime\n| project LatestIndicatorTime, HitTime, DeviceEventClassID, ThreatLevel, ThreatLevel_Score, ThreatConfidence, DestinationDnsDomain, InfobloxB1FeedName, ThreatClass, ThreatProperty, InfobloxB1PolicyAction, DeviceAction, InfobloxB1PolicyName, SourceIP, DeviceName, SourceMACAddress, SourceUserName, InfobloxB1SrcOSVersion, InfobloxB1ConnectionType, InfobloxB1Network, AdditionalExtensionsParsedNested, \nAdditionalInformation, Description, ThreatType, TrafficLightProtocolLevel, Type, ConfidenceScore, ExpirationDateTime, SourceSystem, Action, IndicatorId, ExternalIndicatorId, Tags\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P14D",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "CommonSecurityLog (InfobloxCDC)"
+                    ],
+                    "connectorId": "InfobloxCloudDataConnector"
+                  },
+                  {
+                    "dataTypes": [
+                      "ThreatIntelligenceIndicator"
+                    ],
+                    "connectorId": "ThreatIntelligence"
+                  }
+                ],
+                "tactics": [
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1498",
+                  "T1565"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "SourceIP"
+                      }
+                    ],
+                    "entityType": "IP"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "DeviceName"
+                      },
+                      {
+                        "identifier": "OSVersion",
+                        "columnName": "InfobloxB1SrcOSVersion"
+                      },
+                      {
+                        "identifier": "FullName",
+                        "columnName": "SourceUserName"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "DomainName",
+                        "columnName": "DestinationDnsDomain"
+                      }
+                    ],
+                    "entityType": "DNS"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Name",
+                        "columnName": "ThreatProperty"
+                      },
+                      {
+                        "identifier": "Category",
+                        "columnName": "ThreatClass"
+                      }
+                    ],
+                    "entityType": "Malware"
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "customDetails": {
+                  "InfobloxB1Network": "InfobloxB1Network",
+                  "InfobloxB1PolicyName": "InfobloxB1PolicyName",
+                  "InfobloxB1FeedName": "InfobloxB1FeedName",
+                  "InfobloxB1Action": "InfobloxB1PolicyAction",
+                  "SourceMACAddress": "SourceMACAddress"
+                },
+                "incidentConfiguration": {
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId7'),'/'))))]",
+              "properties": {
+                "description": "Infoblox Cloud Data Connector Analytics Rule 7",
+                "parentId": "[variables('analyticRuleId7')]",
+                "contentId": "[variables('_analyticRulecontentId7')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion7')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId7')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Infoblox - TI - InfobloxCDC Match Found - Lookalike Domains",
+        "contentProductId": "[variables('_analyticRulecontentProductId7')]",
+        "id": "[variables('_analyticRulecontentProductId7')]",
+        "version": "[variables('analyticRuleVersion7')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName8')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-TI-SyslogMatchFound-URL_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion8')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId8')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Syslog URL match found in your Infoblox TIDE Threat Intelligence. Customize query count, scheduling, responses and more. Modify data sources, types and threat properties as desired.",
+                "displayName": "Infoblox - TI - Syslog Match Found - URL",
+                "enabled": false,
+                "query": "let dt_lookBack = 1h;\nlet ioc_lookBack = 14d;\nlet TI = ThreatIntelligenceIndicator\n| where TimeGenerated >= ago(ioc_lookBack)\n| summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId\n| where Active == true and ExpirationDateTime > now()  \n| where Description has_cs \"Infoblox - URL\"\n| where isnotempty(DomainName)\n;\nlet Data = Syslog\n| extend HitTime = TimeGenerated\n| where TimeGenerated >= ago(dt_lookBack)\n//Extract URL patterns from syslog message\n| extend Url = extract(\"(http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\\\\(\\\\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)\", 1,SyslogMessage)\n| where isnotempty(Url)\n;\nTI | join kind=innerunique Data on $left.DomainName == $right.Url\n| where HitTime >= TimeGenerated and HitTime < ExpirationDateTime\n| project LatestIndicatorTime, HitTime, SyslogMessage, Computer, ProcessName, Url, HostIP, \nAdditionalInformation, Description, ThreatType, TrafficLightProtocolLevel, Type, ConfidenceScore, ExpirationDateTime, SourceSystem, Action, IndicatorId, ExternalIndicatorId, Tags\n",
+                "queryFrequency": "PT1H",
+                "queryPeriod": "P14D",
+                "severity": "Medium",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "Syslog"
+                    ],
+                    "connectorId": "Syslog"
+                  },
+                  {
+                    "dataTypes": [
+                      "ThreatIntelligenceIndicator"
+                    ],
+                    "connectorId": "ThreatIntelligence"
+                  }
+                ],
+                "tactics": [
+                  "Impact"
+                ],
+                "techniques": [
+                  "T1498",
+                  "T1565"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Address",
+                        "columnName": "HostIP"
+                      }
+                    ],
+                    "entityType": "IP"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "HostName",
+                        "columnName": "Computer"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "DomainName",
+                        "columnName": "Url"
+                      }
+                    ],
+                    "entityType": "DNS"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Url",
+                        "columnName": "Url"
+                      }
+                    ],
+                    "entityType": "URL"
+                  }
+                ],
+                "eventGroupingSettings": {
+                  "aggregationKind": "SingleAlert"
+                },
+                "incidentConfiguration": {
+                  "createIncident": true
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId8'),'/'))))]",
+              "properties": {
+                "description": "Infoblox Cloud Data Connector Analytics Rule 8",
+                "parentId": "[variables('analyticRuleId8')]",
+                "contentId": "[variables('_analyticRulecontentId8')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion8')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId8')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Infoblox - TI - Syslog Match Found - URL",
+        "contentProductId": "[variables('_analyticRulecontentProductId8')]",
+        "id": "[variables('_analyticRulecontentProductId8')]",
+        "version": "[variables('analyticRuleVersion8')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('dataConnectorTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox Cloud Data Connector data connector with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('dataConnectorVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+              "apiVersion": "2021-03-01-preview",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+              "location": "[parameters('workspace-location')]",
+              "kind": "GenericUI",
+              "properties": {
+                "connectorUiConfig": {
+                  "id": "[variables('_uiConfigId1')]",
+                  "title": "Infoblox Cloud Data Connector",
+                  "publisher": "Infoblox",
+                  "descriptionMarkdown": "The Infoblox Cloud Data Connector allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.",
+                  "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.",
+                  "graphQueries": [
+                    {
+                      "metricName": "Total data received",
+                      "legend": "InfobloxCDC",
+                      "baseQuery": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\""
+                    }
+                  ],
+                  "sampleQueries": [
+                    {
+                      "description": "Return all BloxOne Threat Defense (TD) security events logs",
+                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\""
+                    },
+                    {
+                      "description": "Return all BloxOne Query/Response logs",
+                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"DNS\""
+                    },
+                    {
+                      "description": "Return all Category Filters security events logs",
+                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n | where AdditionalExtensions has_cs \"InfobloxRPZ=CAT_\""
+                    },
+                    {
+                      "description": "Return all Application Filters security events logs",
+                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n | where AdditionalExtensions has_cs \"InfobloxRPZ=APP_\""
+                    },
+                    {
+                      "description": "Return Top 10 TD Domains Hit Count",
+                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\" \n| summarize count() by DestinationDnsDomain \n| top 10 by count_ desc"
+                    },
+                    {
+                      "description": "Return Top 10 TD Source IPs Hit Count",
+                      "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\" \n| summarize count() by SourceIP \n| top 10 by count_ desc"
+                    },
+                    {
+                      "description": "Return Recently Created DHCP Leases",
+                      "query": "InfobloxCDC\n| where DeviceEventClassID == \"DHCP-LEASE-CREATE\""
+                    }
+                  ],
+                  "dataTypes": [
+                    {
+                      "name": "CommonSecurityLog (InfobloxCDC)",
+                      "lastDataReceivedQuery": "InfobloxCDC\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
+                    }
+                  ],
+                  "connectivityCriterias": [
+                    {
+                      "type": "IsConnectedQuery",
+                      "value": [
+                        "InfobloxCDC\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(3d)"
+                      ]
+                    }
+                  ],
+                  "availability": {
+                    "status": 1,
+                    "isPreview": false
+                  },
+                  "permissions": {
+                    "resourceProvider": [
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces",
+                        "permissionsDisplayText": "read and write permissions are required.",
+                        "providerDisplayName": "Workspace",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "read": true,
+                          "write": true,
+                          "delete": true
+                        }
+                      },
+                      {
+                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                        "providerDisplayName": "Keys",
+                        "scope": "Workspace",
+                        "requiredPermissions": {
+                          "action": true
+                        }
+                      }
+                    ]
+                  },
+                  "instructionSteps": [
+                    {
+                      "description": ">**IMPORTANT:** This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the Microsoft Sentinel Solution."
+                    },
+                    {
+                      "description": ">**IMPORTANT:** This Microsoft Sentinel data connector assumes an Infoblox Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the [**Infoblox Data Connector**](https://docs.infoblox.com/display/BloxOneThreatDefense/Deploying+the+Data+Connector+Solution) is a feature of BloxOne Threat Defense, access to an appropriate BloxOne Threat Defense subscription is required. See this [**quick-start guide**](https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf) for more information and licensing requirements."
+                    },
+                    {
+                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
+                      "innerSteps": [
+                        {
+                          "title": "1.1 Select or create a Linux machine",
+                          "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
+                        },
+                        {
+                          "title": "1.2 Install the CEF collector on the Linux machine",
+                          "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
+                          "instructions": [
+                            {
+                              "parameters": {
+                                "fillWith": [
+                                  "WorkspaceId",
+                                  "PrimaryKey"
+                                ],
+                                "label": "Run the following command to install and apply the CEF collector:",
+                                "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
+                              },
+                              "type": "CopyableLabel"
+                            }
+                          ]
+                        }
+                      ],
+                      "title": "1. Linux Syslog agent configuration"
+                    },
+                    {
+                      "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Microsoft Sentinel via the Linux Syslog agent.\n2. Navigate to **Manage > Data Connector**.\n3. Click the **Destination Configuration** tab at the top.\n4. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Azure-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Select desired protocol and CA certificate if applicable.\n - Click **Save & Close**.\n5. Click the **Traffic Flow Configuration** tab at the top.\n6. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Azure-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **CDC Enabled Host** section. \n    - **On-Prem Host**: Select your desired on-prem host for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section.  \n    - **Source**: Select **BloxOne Cloud Source**. \n    - Select all desired **log types** you wish to collect. Currently supported log types are:\n      - Threat Defense Query/Response Log\n      - Threat Defense Threat Feeds Hits Log\n      - DDI Query/Response Log\n      - DDI DHCP Lease Log\n - Expand the **Destination Configuration** section.  \n    - Select the **Destination** you just created. \n - Click **Save & Close**. \n7. Allow the configuration some time to activate.",
+                      "title": "2. Configure Infoblox BloxOne to send Syslog data to the Infoblox Cloud Data Connector to forward to the Syslog agent"
+                    },
+                    {
+                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
+                      "instructions": [
+                        {
+                          "parameters": {
+                            "fillWith": [
+                              "WorkspaceId"
+                            ],
+                            "label": "Run the following command to validate your connectivity:",
+                            "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
+                          },
+                          "type": "CopyableLabel"
+                        }
+                      ],
+                      "title": "3. Validate connection"
+                    },
+                    {
+                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+                      "title": "4. Secure your machine "
+                    }
+                  ]
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2023-04-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+              "properties": {
+                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+                "contentId": "[variables('_dataConnectorContentId1')]",
+                "kind": "DataConnector",
+                "version": "[variables('dataConnectorVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "Infoblox Cloud Data Connector",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
+      "dependsOn": [
+        "[variables('_dataConnectorId1')]"
+      ],
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "kind": "DataConnector",
+        "version": "[variables('dataConnectorVersion1')]",
+        "source": {
+          "kind": "Solution",
+          "name": "Infoblox Cloud Data Connector",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "Microsoft",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Infoblox",
+          "tier": "Partner",
+          "link": "https://support.infoblox.com/"
+        }
+      }
+    },
+    {
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
+      "apiVersion": "2021-03-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
+      "location": "[parameters('workspace-location')]",
+      "kind": "GenericUI",
+      "properties": {
+        "connectorUiConfig": {
+          "title": "Infoblox Cloud Data Connector",
+          "publisher": "Infoblox",
+          "descriptionMarkdown": "The Infoblox Cloud Data Connector allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.",
+          "graphQueries": [
+            {
+              "metricName": "Total data received",
+              "legend": "InfobloxCDC",
+              "baseQuery": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\""
+            }
+          ],
+          "dataTypes": [
+            {
+              "name": "CommonSecurityLog (InfobloxCDC)",
+              "lastDataReceivedQuery": "InfobloxCDC\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
+            }
+          ],
+          "connectivityCriterias": [
+            {
+              "type": "IsConnectedQuery",
+              "value": [
+                "InfobloxCDC\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(3d)"
+              ]
+            }
+          ],
+          "sampleQueries": [
+            {
+              "description": "Return all BloxOne Threat Defense (TD) security events logs",
+              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\""
+            },
+            {
+              "description": "Return all BloxOne Query/Response logs",
+              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"DNS\""
+            },
+            {
+              "description": "Return all Category Filters security events logs",
+              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n | where AdditionalExtensions has_cs \"InfobloxRPZ=CAT_\""
+            },
+            {
+              "description": "Return all Application Filters security events logs",
+              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\"\n | where AdditionalExtensions has_cs \"InfobloxRPZ=APP_\""
+            },
+            {
+              "description": "Return Top 10 TD Domains Hit Count",
+              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\" \n| summarize count() by DestinationDnsDomain \n| top 10 by count_ desc"
+            },
+            {
+              "description": "Return Top 10 TD Source IPs Hit Count",
+              "query": "InfobloxCDC\n| where DeviceEventClassID has_cs \"RPZ\" \n| summarize count() by SourceIP \n| top 10 by count_ desc"
+            },
+            {
+              "description": "Return Recently Created DHCP Leases",
+              "query": "InfobloxCDC\n| where DeviceEventClassID == \"DHCP-LEASE-CREATE\""
+            }
+          ],
+          "availability": {
+            "status": 1,
+            "isPreview": false
+          },
+          "permissions": {
+            "resourceProvider": [
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "read": true,
+                  "write": true,
+                  "delete": true
+                }
+              },
+              {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                  "action": true
+                }
+              }
+            ]
+          },
+          "instructionSteps": [
+            {
+              "description": ">**IMPORTANT:** This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the Microsoft Sentinel Solution."
+            },
+            {
+              "description": ">**IMPORTANT:** This Microsoft Sentinel data connector assumes an Infoblox Data Connector host has already been created and configured in the Infoblox Cloud Services Portal (CSP). As the [**Infoblox Data Connector**](https://docs.infoblox.com/display/BloxOneThreatDefense/Deploying+the+Data+Connector+Solution) is a feature of BloxOne Threat Defense, access to an appropriate BloxOne Threat Defense subscription is required. See this [**quick-start guide**](https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-data-connector.pdf) for more information and licensing requirements."
+            },
+            {
+              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
+              "innerSteps": [
+                {
+                  "title": "1.1 Select or create a Linux machine",
+                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
+                },
+                {
+                  "title": "1.2 Install the CEF collector on the Linux machine",
+                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
+                  "instructions": [
+                    {
+                      "parameters": {
+                        "fillWith": [
+                          "WorkspaceId",
+                          "PrimaryKey"
+                        ],
+                        "label": "Run the following command to install and apply the CEF collector:",
+                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
+                      },
+                      "type": "CopyableLabel"
+                    }
+                  ]
+                }
+              ],
+              "title": "1. Linux Syslog agent configuration"
+            },
+            {
+              "description": "Follow the steps below to configure the Infoblox CDC to send BloxOne data to Microsoft Sentinel via the Linux Syslog agent.\n2. Navigate to **Manage > Data Connector**.\n3. Click the **Destination Configuration** tab at the top.\n4. Click **Create > Syslog**. \n - **Name**: Give the new Destination a meaningful **name**, such as **Azure-Sentinel-Destination**.\n - **Description**: Optionally give it a meaningful **description**.\n - **State**: Set the state to **Enabled**.\n - **Format**: Set the format to **CEF**.\n - **FQDN/IP**: Enter the IP address of the Linux device on which the Linux agent is installed.\n - **Port**: Leave the port number at **514**.\n - **Protocol**: Select desired protocol and CA certificate if applicable.\n - Click **Save & Close**.\n5. Click the **Traffic Flow Configuration** tab at the top.\n6. Click **Create**.\n - **Name**: Give the new Traffic Flow a meaningful **name**, such as **Azure-Sentinel-Flow**.\n - **Description**: Optionally give it a meaningful **description**. \n - **State**: Set the state to **Enabled**. \n - Expand the **CDC Enabled Host** section. \n    - **On-Prem Host**: Select your desired on-prem host for which the Data Connector service is enabled. \n - Expand the **Source Configuration** section.  \n    - **Source**: Select **BloxOne Cloud Source**. \n    - Select all desired **log types** you wish to collect. Currently supported log types are:\n      - Threat Defense Query/Response Log\n      - Threat Defense Threat Feeds Hits Log\n      - DDI Query/Response Log\n      - DDI DHCP Lease Log\n - Expand the **Destination Configuration** section.  \n    - Select the **Destination** you just created. \n - Click **Save & Close**. \n7. Allow the configuration some time to activate.",
+              "title": "2. Configure Infoblox BloxOne to send Syslog data to the Infoblox Cloud Data Connector to forward to the Syslog agent"
+            },
+            {
+              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
+              "instructions": [
+                {
+                  "parameters": {
+                    "fillWith": [
+                      "WorkspaceId"
+                    ],
+                    "label": "Run the following command to validate your connectivity:",
+                    "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
+                  },
+                  "type": "CopyableLabel"
+                }
+              ],
+              "title": "3. Validate connection"
+            },
+            {
+              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
+              "title": "4. Secure your machine "
+            }
+          ],
+          "id": "[variables('_uiConfigId1')]",
+          "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected called [**InfobloxCDC**](https://aka.ms/sentinel-InfobloxCloudDataConnector-parser) which is deployed with the Microsoft Sentinel Solution."
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('parserTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "InfobloxCDC Data Parser with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('parserVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "name": "[variables('_parserName1')]",
+              "apiVersion": "2022-10-01",
+              "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Infoblox Cloud Data Connector Data Parser",
+                "category": "Microsoft Sentinel Parser",
+                "functionAlias": "InfobloxCDC",
+                "query": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\n| extend AEcopy = AdditionalExtensions\n//Remove DHCP Option codes at end of DHCP logs to prevent invalid chars in fieldnames, causing errors. If you require these advanced fields, remove the following line.\n| extend AEcopy = trim_end(\"InfobloxDHCPOptions=;(.*?)\",AEcopy)\n| extend AEcopy = extract_all(@\"(?P<key>[^=;]+)=(?P<value>[^=;]+)\", dynamic([\"key\",\"value\"]), AEcopy)\n| mv-apply AEcopy on (\n    summarize AdditionalExtensionsParsedNested = make_bag(bag_pack(tostring(AEcopy[0]), AEcopy[1]))\n)\n| extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested\n| evaluate bag_unpack(AdditionalExtensionsParsed)\n| extend ThreatLevel_Score = toint(column_ifexists(\"InfobloxThreatLevel\", \"\"))\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\n                       ThreatLevel_Score>=30 and ThreatLevel_Score<80, \"Medium\",\n                       ThreatLevel_Score<30 and ThreatLevel_Score>=1, \"Low\",\n                       ThreatLevel_Score == 0,\"Info\",\n                       \"N/A\" )\n| extend ThreatClass = extract(\"(.*?)_\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\n| extend InfobloxB1FeedName = column_ifexists(\"InfobloxB1FeedName\", \"\")\n| extend InfobloxRPZ = column_ifexists(\"InfobloxRPZ\", \"\")\n| extend InfobloxB1PolicyAction = column_ifexists(\"InfobloxB1PolicyAction\", \"\")\n| extend InfobloxB1PolicyName = column_ifexists(\"InfobloxB1PolicyName\", \"\")\n| extend InfobloxDomainCat = column_ifexists(\"InfobloxDomainCat\", \"\")\n| extend InfobloxB1ConnectionType = column_ifexists(\"InfobloxB1ConnectionType\", \"\")\n| extend InfobloxB1SrcOSVersion = column_ifexists(\"InfobloxB1SrcOSVersion\", \"\")\n| extend InfobloxB1Network = column_ifexists(\"InfobloxB1Network\", \"\")\n| extend DeviceName = column_ifexists(\"DeviceName\", \"\")\n| extend SourceMACAddress = column_ifexists(\"SourceMACAddress\", \"\")\n| extend InfobloxLeaseOp = column_ifexists(\"InfobloxLeaseOp\", \"\")\n| extend InfobloxLifetime = column_ifexists(\"InfobloxLifetime\", \"\")\n| extend InfobloxLeaseUUID = column_ifexists(\"InfobloxLeaseUUID\", \"\")\n| extend InfobloxDNSRCode = column_ifexists(\"InfobloxDNSRCode\", \"\")\n| extend InfobloxDNSQClass = column_ifexists(\"InfobloxDNSQClass\", \"\")\n| extend InfobloxDNSQType = column_ifexists(\"InfobloxDNSQType\", \"\")\n| extend InfobloxThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\n| extend ThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\n",
+                "functionParameters": "",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": ""
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
+              "dependsOn": [
+                "[variables('_parserName1')]"
+              ],
+              "properties": {
+                "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
+                "contentId": "[variables('_parserContentId1')]",
+                "kind": "Parser",
+                "version": "[variables('parserVersion1')]",
+                "source": {
+                  "name": "Infoblox Cloud Data Connector",
+                  "kind": "Solution",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_parserContentId1')]",
+        "contentKind": "Parser",
+        "displayName": "Infoblox Cloud Data Connector Data Parser",
+        "contentProductId": "[variables('_parsercontentProductId1')]",
+        "id": "[variables('_parsercontentProductId1')]",
+        "version": "[variables('parserVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
+      "apiVersion": "2022-10-01",
+      "name": "[variables('_parserName1')]",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "eTag": "*",
+        "displayName": "Infoblox Cloud Data Connector Data Parser",
+        "category": "Microsoft Sentinel Parser",
+        "functionAlias": "InfobloxCDC",
+        "query": "CommonSecurityLog\n| where DeviceVendor == \"Infoblox\" and DeviceProduct == \"Data Connector\"\n| extend AEcopy = AdditionalExtensions\n//Remove DHCP Option codes at end of DHCP logs to prevent invalid chars in fieldnames, causing errors. If you require these advanced fields, remove the following line.\n| extend AEcopy = trim_end(\"InfobloxDHCPOptions=;(.*?)\",AEcopy)\n| extend AEcopy = extract_all(@\"(?P<key>[^=;]+)=(?P<value>[^=;]+)\", dynamic([\"key\",\"value\"]), AEcopy)\n| mv-apply AEcopy on (\n    summarize AdditionalExtensionsParsedNested = make_bag(bag_pack(tostring(AEcopy[0]), AEcopy[1]))\n)\n| extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested\n| evaluate bag_unpack(AdditionalExtensionsParsed)\n| extend ThreatLevel_Score = toint(column_ifexists(\"InfobloxThreatLevel\", \"\"))\n| extend ThreatLevel = case(ThreatLevel_Score>=80, \"High\",\n                       ThreatLevel_Score>=30 and ThreatLevel_Score<80, \"Medium\",\n                       ThreatLevel_Score<30 and ThreatLevel_Score>=1, \"Low\",\n                       ThreatLevel_Score == 0,\"Info\",\n                       \"N/A\" )\n| extend ThreatClass = extract(\"(.*?)_\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\n| extend ThreatProperty = extract(\"([^_]*$)\", 1, tostring(column_ifexists(\"InfobloxThreatProperty\", \"\")))\n| extend InfobloxB1FeedName = column_ifexists(\"InfobloxB1FeedName\", \"\")\n| extend InfobloxRPZ = column_ifexists(\"InfobloxRPZ\", \"\")\n| extend InfobloxB1PolicyAction = column_ifexists(\"InfobloxB1PolicyAction\", \"\")\n| extend InfobloxB1PolicyName = column_ifexists(\"InfobloxB1PolicyName\", \"\")\n| extend InfobloxDomainCat = column_ifexists(\"InfobloxDomainCat\", \"\")\n| extend InfobloxB1ConnectionType = column_ifexists(\"InfobloxB1ConnectionType\", \"\")\n| extend InfobloxB1SrcOSVersion = column_ifexists(\"InfobloxB1SrcOSVersion\", \"\")\n| extend InfobloxB1Network = column_ifexists(\"InfobloxB1Network\", \"\")\n| extend DeviceName = column_ifexists(\"DeviceName\", \"\")\n| extend SourceMACAddress = column_ifexists(\"SourceMACAddress\", \"\")\n| extend InfobloxLeaseOp = column_ifexists(\"InfobloxLeaseOp\", \"\")\n| extend InfobloxLifetime = column_ifexists(\"InfobloxLifetime\", \"\")\n| extend InfobloxLeaseUUID = column_ifexists(\"InfobloxLeaseUUID\", \"\")\n| extend InfobloxDNSRCode = column_ifexists(\"InfobloxDNSRCode\", \"\")\n| extend InfobloxDNSQClass = column_ifexists(\"InfobloxDNSQClass\", \"\")\n| extend InfobloxDNSQType = column_ifexists(\"InfobloxDNSQType\", \"\")\n| extend InfobloxThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\n| extend ThreatConfidence = toint(column_ifexists(\"InfobloxThreatConfidence\", \"\"))\n",
+        "functionParameters": "",
+        "version": 2,
+        "tags": [
+          {
+            "name": "description",
+            "value": ""
+          }
+        ]
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+      "apiVersion": "2022-01-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
+      "dependsOn": [
+        "[variables('_parserId1')]"
+      ],
+      "properties": {
+        "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
+        "contentId": "[variables('_parserContentId1')]",
+        "kind": "Parser",
+        "version": "[variables('parserVersion1')]",
+        "source": {
+          "kind": "Solution",
+          "name": "Infoblox Cloud Data Connector",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "Microsoft",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Infoblox",
+          "tier": "Partner",
+          "link": "https://support.infoblox.com/"
+        }
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Import-AISCOMM-Weekly Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion1')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Import-AISCOMM-Weekly",
+              "type": "string"
+            },
+            "AD Application Secret": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for AD Application Secret"
+              }
+            },
+            "Client ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Client ID"
+              }
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            },
+            "Tenant ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Tenant ID"
+              }
+            }
+          },
+          "variables": {
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "AD Application Secret": {
+                      "defaultValue": "[[parameters('AD Application Secret')]",
+                      "type": "string"
+                    },
+                    "Client ID": {
+                      "defaultValue": "[[parameters('Client ID')]",
+                      "type": "string"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    },
+                    "Tenant ID": {
+                      "defaultValue": "[[parameters('Tenant ID')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Recurrence": {
+                      "recurrence": {
+                        "frequency": "Week",
+                        "interval": 1
+                      },
+                      "evaluatedRecurrence": {
+                        "frequency": "Week",
+                        "interval": 1
+                      },
+                      "type": "Recurrence"
+                    }
+                  },
+                  "actions": {
+                    "For_Each_Indicator_(Threat)": {
+                      "foreach": "@body('Parse_JSON')?['threat']",
+                      "actions": {
+                        "Switch": {
+                          "cases": {
+                            "EMAIL": {
+                              "case": "EMAIL",
+                              "actions": {
+                                "Send_Emails_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "emailSenderAddress": "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                      "emailSourceDomain": "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HASH": {
+                              "case": "HASH",
+                              "actions": {
+                                "Send_Hashes_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "fileHashType": "@{toLower(items('For_Each_Indicator_(Threat)')?['hash_type'])}",
+                                      "fileHashValue": "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                        "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HOST": {
+                              "case": "HOST",
+                              "actions": {
+                                "Send_Hosts_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "domainName": "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "IP": {
+                              "case": "IP",
+                              "actions": {
+                                "Send_IPs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "networkIPv4": "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "URL": {
+                              "case": "URL",
+                              "actions": {
+                                "Send_URLs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white",
+                                      "url": "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            }
+                          },
+                          "expression": "@items('For_Each_Indicator_(Threat)')?['type']",
+                          "type": "Switch"
+                        }
+                      },
+                      "runAfter": {
+                        "Parse_JSON": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Get_TIDE_Data": {
+                      "type": "Http",
+                      "inputs": {
+                        "headers": {
+                          "Authorization": "Token @{parameters('TIDE API Key')}"
+                        },
+                        "method": "GET",
+                        "queries": {
+                          "fields": "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                          "profile": "AISCOMM",
+                          "rlimit": "90000"
+                        },
+                        "uri": "https://csp.infoblox.com/tide/api/data/threats/"
+                      }
+                    },
+                    "Parse_JSON": {
+                      "runAfter": {
+                        "Get_TIDE_Data": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@body('Get_TIDE_Data')",
+                        "schema": {
+                          "properties": {
+                            "record_count": {
+                              "type": "integer"
+                            },
+                            "threat": {
+                              "items": {
+                                "properties": {
+                                  "batch_id": {
+                                    "type": "string"
+                                  },
+                                  "class": {
+                                    "type": "string"
+                                  },
+                                  "confidence": {
+                                    "type": "integer"
+                                  },
+                                  "confidence_score": {
+                                    "type": "number"
+                                  },
+                                  "confidence_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "confidence_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "detected": {
+                                    "type": "string"
+                                  },
+                                  "domain": {
+                                    "type": "string"
+                                  },
+                                  "email": {
+                                    "type": "string"
+                                  },
+                                  "expiration": {
+                                    "type": "string"
+                                  },
+                                  "extended": {
+                                    "properties": {
+                                      "ais_consent": {
+                                        "type": "string"
+                                      },
+                                      "cyberint_guid": {
+                                        "type": "string"
+                                      },
+                                      "no_whitelist": {
+                                        "type": "string"
+                                      },
+                                      "notes": {
+                                        "type": "string"
+                                      },
+                                      "protocol": {
+                                        "type": "string"
+                                      },
+                                      "url_hash": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "type": "object"
+                                  },
+                                  "hash": {
+                                    "type": "string"
+                                  },
+                                  "hash_type": {
+                                    "type": "string"
+                                  },
+                                  "host": {
+                                    "type": "string"
+                                  },
+                                  "id": {
+                                    "type": "string"
+                                  },
+                                  "imported": {
+                                    "type": "string"
+                                  },
+                                  "ip": {
+                                    "type": "string"
+                                  },
+                                  "profile": {
+                                    "type": "string"
+                                  },
+                                  "property": {
+                                    "type": "string"
+                                  },
+                                  "received": {
+                                    "type": "string"
+                                  },
+                                  "risk_score": {
+                                    "type": "number"
+                                  },
+                                  "risk_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "risk_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "threat_level": {
+                                    "type": "integer"
+                                  },
+                                  "threat_score": {
+                                    "type": "number"
+                                  },
+                                  "threat_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "threat_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "tld": {
+                                    "type": "string"
+                                  },
+                                  "type": {
+                                    "type": "string"
+                                  },
+                                  "url": {
+                                    "type": "string"
+                                  }
+                                },
+                                "required": [
+                                  "id"
+                                ],
+                                "type": "object"
+                              },
+                              "type": "array"
+                            }
+                          },
+                          "type": "object"
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Import-AISCOMM-Weekly",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": "[variables('TemplateEmptyArray')]"
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId1')]",
+                "contentId": "[variables('_playbookContentId1')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Import AISCOMM Weekly",
+            "description": "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports all indicators from the AISCOMM data provider on a scheduled weekly basis.",
+            "prerequisites": [
+              "Infoblox TIDE API key."
+            ],
+            "postDeployment": [
+              "Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId1')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Import-AISCOMM-Weekly",
+        "contentProductId": "[variables('_playbookcontentProductId1')]",
+        "id": "[variables('_playbookcontentProductId1')]",
+        "version": "[variables('playbookVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Import-Emails-Weekly Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion2')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Import-Emails-Weekly",
+              "type": "string"
+            },
+            "AD Application Secret": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for AD Application Secret"
+              }
+            },
+            "Client ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Client ID"
+              }
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            },
+            "Tenant ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Tenant ID"
+              }
+            }
+          },
+          "variables": {
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "AD Application Secret": {
+                      "defaultValue": "[[parameters('AD Application Secret')]",
+                      "type": "string"
+                    },
+                    "Client ID": {
+                      "defaultValue": "[[parameters('Client ID')]",
+                      "type": "string"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    },
+                    "Tenant ID": {
+                      "defaultValue": "[[parameters('Tenant ID')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Recurrence": {
+                      "recurrence": {
+                        "frequency": "Week",
+                        "interval": 1
+                      },
+                      "evaluatedRecurrence": {
+                        "frequency": "Week",
+                        "interval": 1
+                      },
+                      "type": "Recurrence"
+                    }
+                  },
+                  "actions": {
+                    "For_Each_Indicator_(Threat)": {
+                      "foreach": "@body('Parse_JSON')?['threat']",
+                      "actions": {
+                        "Switch": {
+                          "cases": {
+                            "EMAIL": {
+                              "case": "EMAIL",
+                              "actions": {
+                                "Send_Emails_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "emailSenderAddress": "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                      "emailSourceDomain": "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HASH": {
+                              "case": "HASH",
+                              "actions": {
+                                "Send_Hashes_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "fileHashType": "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                      "fileHashValue": "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                        "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HOST": {
+                              "case": "HOST",
+                              "actions": {
+                                "Send_Hosts_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "domainName": "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "IP": {
+                              "case": "IP",
+                              "actions": {
+                                "Send_IPs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "networkIPv4": "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "URL": {
+                              "case": "URL",
+                              "actions": {
+                                "Send_URLs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white",
+                                      "url": "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            }
+                          },
+                          "expression": "@items('For_Each_Indicator_(Threat)')?['type']",
+                          "type": "Switch"
+                        }
+                      },
+                      "runAfter": {
+                        "Parse_JSON": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Get_TIDE_Data": {
+                      "type": "Http",
+                      "inputs": {
+                        "headers": {
+                          "Authorization": "Token @{parameters('TIDE API Key')}"
+                        },
+                        "method": "GET",
+                        "queries": {
+                          "fields": "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                          "rlimit": "90000"
+                        },
+                        "uri": "https://csp.infoblox.com/tide/api/data/threats/email/"
+                      }
+                    },
+                    "Parse_JSON": {
+                      "runAfter": {
+                        "Get_TIDE_Data": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@body('Get_TIDE_Data')",
+                        "schema": {
+                          "properties": {
+                            "record_count": {
+                              "type": "integer"
+                            },
+                            "threat": {
+                              "items": {
+                                "properties": {
+                                  "batch_id": {
+                                    "type": "string"
+                                  },
+                                  "class": {
+                                    "type": "string"
+                                  },
+                                  "confidence": {
+                                    "type": "integer"
+                                  },
+                                  "confidence_score": {
+                                    "type": "number"
+                                  },
+                                  "confidence_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "confidence_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "detected": {
+                                    "type": "string"
+                                  },
+                                  "domain": {
+                                    "type": "string"
+                                  },
+                                  "email": {
+                                    "type": "string"
+                                  },
+                                  "expiration": {
+                                    "type": "string"
+                                  },
+                                  "extended": {
+                                    "properties": {
+                                      "ais_consent": {
+                                        "type": "string"
+                                      },
+                                      "cyberint_guid": {
+                                        "type": "string"
+                                      },
+                                      "no_whitelist": {
+                                        "type": "string"
+                                      },
+                                      "notes": {
+                                        "type": "string"
+                                      },
+                                      "protocol": {
+                                        "type": "string"
+                                      },
+                                      "url_hash": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "type": "object"
+                                  },
+                                  "hash": {
+                                    "type": "string"
+                                  },
+                                  "hash_type": {
+                                    "type": "string"
+                                  },
+                                  "host": {
+                                    "type": "string"
+                                  },
+                                  "id": {
+                                    "type": "string"
+                                  },
+                                  "imported": {
+                                    "type": "string"
+                                  },
+                                  "ip": {
+                                    "type": "string"
+                                  },
+                                  "profile": {
+                                    "type": "string"
+                                  },
+                                  "property": {
+                                    "type": "string"
+                                  },
+                                  "received": {
+                                    "type": "string"
+                                  },
+                                  "risk_score": {
+                                    "type": "number"
+                                  },
+                                  "risk_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "risk_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "threat_level": {
+                                    "type": "integer"
+                                  },
+                                  "threat_score": {
+                                    "type": "number"
+                                  },
+                                  "threat_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "threat_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "tld": {
+                                    "type": "string"
+                                  },
+                                  "type": {
+                                    "type": "string"
+                                  },
+                                  "url": {
+                                    "type": "string"
+                                  }
+                                },
+                                "required": [
+                                  "id"
+                                ],
+                                "type": "object"
+                              },
+                              "type": "array"
+                            }
+                          },
+                          "type": "object"
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Import-Emails-Weekly",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": "[variables('TemplateEmptyArray')]"
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId2'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId2')]",
+                "contentId": "[variables('_playbookContentId2')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Import Emails Weekly",
+            "description": "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports newly detected emails on a scheduled weekly basis.",
+            "prerequisites": [
+              "Infoblox TIDE API key."
+            ],
+            "postDeployment": [
+              "Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId2')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Import-Emails-Weekly",
+        "contentProductId": "[variables('_playbookcontentProductId2')]",
+        "id": "[variables('_playbookcontentProductId2')]",
+        "version": "[variables('playbookVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName3')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Import-Hashes-Weekly Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion3')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Import-Hashes-Weekly",
+              "type": "string"
+            },
+            "AD Application Secret": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for AD Application Secret"
+              }
+            },
+            "Client ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Client ID"
+              }
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            },
+            "Tenant ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Tenant ID"
+              }
+            }
+          },
+          "variables": {
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "AD Application Secret": {
+                      "defaultValue": "[[parameters('AD Application Secret')]",
+                      "type": "string"
+                    },
+                    "Client ID": {
+                      "defaultValue": "[[parameters('Client ID')]",
+                      "type": "string"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    },
+                    "Tenant ID": {
+                      "defaultValue": "[[parameters('Tenant ID')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Recurrence": {
+                      "recurrence": {
+                        "frequency": "Week",
+                        "interval": 1
+                      },
+                      "evaluatedRecurrence": {
+                        "frequency": "Week",
+                        "interval": 1
+                      },
+                      "type": "Recurrence"
+                    }
+                  },
+                  "actions": {
+                    "For_Each_Indicator_(Threat)": {
+                      "foreach": "@body('Parse_JSON')?['threat']",
+                      "actions": {
+                        "Switch": {
+                          "cases": {
+                            "EMAIL": {
+                              "case": "EMAIL",
+                              "actions": {
+                                "Send_Emails_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "emailSenderAddress": "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                      "emailSourceDomain": "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HASH": {
+                              "case": "HASH",
+                              "actions": {
+                                "Send_Hashes_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "fileHashType": "@{toLower(items('For_Each_Indicator_(Threat)')?['hash_type'])}",
+                                      "fileHashValue": "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                        "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HOST": {
+                              "case": "HOST",
+                              "actions": {
+                                "Send_Hosts_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "domainName": "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "IP": {
+                              "case": "IP",
+                              "actions": {
+                                "Send_IPs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "networkIPv4": "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "URL": {
+                              "case": "URL",
+                              "actions": {
+                                "Send_URLs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white",
+                                      "url": "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            }
+                          },
+                          "expression": "@items('For_Each_Indicator_(Threat)')?['type']",
+                          "type": "Switch"
+                        }
+                      },
+                      "runAfter": {
+                        "Parse_JSON": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Get_TIDE_Data": {
+                      "type": "Http",
+                      "inputs": {
+                        "headers": {
+                          "Authorization": "Token @{parameters('TIDE API Key')}"
+                        },
+                        "method": "GET",
+                        "queries": {
+                          "fields": "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                          "rlimit": "90000"
+                        },
+                        "uri": "https://csp.infoblox.com/tide/api/data/threats/hash/weekly"
+                      }
+                    },
+                    "Parse_JSON": {
+                      "runAfter": {
+                        "Get_TIDE_Data": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@body('Get_TIDE_Data')",
+                        "schema": {
+                          "properties": {
+                            "record_count": {
+                              "type": "integer"
+                            },
+                            "threat": {
+                              "items": {
+                                "properties": {
+                                  "batch_id": {
+                                    "type": "string"
+                                  },
+                                  "class": {
+                                    "type": "string"
+                                  },
+                                  "confidence": {
+                                    "type": "integer"
+                                  },
+                                  "confidence_score": {
+                                    "type": "number"
+                                  },
+                                  "confidence_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "confidence_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "detected": {
+                                    "type": "string"
+                                  },
+                                  "domain": {
+                                    "type": "string"
+                                  },
+                                  "email": {
+                                    "type": "string"
+                                  },
+                                  "expiration": {
+                                    "type": "string"
+                                  },
+                                  "extended": {
+                                    "properties": {
+                                      "ais_consent": {
+                                        "type": "string"
+                                      },
+                                      "cyberint_guid": {
+                                        "type": "string"
+                                      },
+                                      "no_whitelist": {
+                                        "type": "string"
+                                      },
+                                      "notes": {
+                                        "type": "string"
+                                      },
+                                      "protocol": {
+                                        "type": "string"
+                                      },
+                                      "url_hash": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "type": "object"
+                                  },
+                                  "hash": {
+                                    "type": "string"
+                                  },
+                                  "hash_type": {
+                                    "type": "string"
+                                  },
+                                  "host": {
+                                    "type": "string"
+                                  },
+                                  "id": {
+                                    "type": "string"
+                                  },
+                                  "imported": {
+                                    "type": "string"
+                                  },
+                                  "ip": {
+                                    "type": "string"
+                                  },
+                                  "profile": {
+                                    "type": "string"
+                                  },
+                                  "property": {
+                                    "type": "string"
+                                  },
+                                  "received": {
+                                    "type": "string"
+                                  },
+                                  "risk_score": {
+                                    "type": "number"
+                                  },
+                                  "risk_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "risk_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "threat_level": {
+                                    "type": "integer"
+                                  },
+                                  "threat_score": {
+                                    "type": "number"
+                                  },
+                                  "threat_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "threat_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "tld": {
+                                    "type": "string"
+                                  },
+                                  "type": {
+                                    "type": "string"
+                                  },
+                                  "url": {
+                                    "type": "string"
+                                  }
+                                },
+                                "required": [
+                                  "id"
+                                ],
+                                "type": "object"
+                              },
+                              "type": "array"
+                            }
+                          },
+                          "type": "object"
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Import-Hashes-Weekly",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": "[variables('TemplateEmptyArray')]"
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId3'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId3')]",
+                "contentId": "[variables('_playbookContentId3')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion3')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Import Hashes Weekly",
+            "description": "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports newly detected hashes on a scheduled weekly basis.",
+            "prerequisites": [
+              "Infoblox TIDE API key."
+            ],
+            "postDeployment": [
+              "Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId3')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Import-Hashes-Weekly",
+        "contentProductId": "[variables('_playbookcontentProductId3')]",
+        "id": "[variables('_playbookcontentProductId3')]",
+        "version": "[variables('playbookVersion3')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName4')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Import-Hosts-Daily-LookalikeDomains Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion4')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Import-Hosts-Daily-LookalikeDomains",
+              "type": "string"
+            },
+            "AD Application Secret": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for AD Application Secret"
+              }
+            },
+            "Client ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Client ID"
+              }
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            },
+            "Tenant ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Tenant ID"
+              }
+            }
+          },
+          "variables": {
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "AD Application Secret": {
+                      "defaultValue": "[[parameters('AD Application Secret')]",
+                      "type": "string"
+                    },
+                    "Client ID": {
+                      "defaultValue": "[[parameters('Client ID')]",
+                      "type": "string"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    },
+                    "Tenant ID": {
+                      "defaultValue": "[[parameters('Tenant ID')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Recurrence": {
+                      "recurrence": {
+                        "frequency": "Day",
+                        "interval": 1
+                      },
+                      "evaluatedRecurrence": {
+                        "frequency": "Day",
+                        "interval": 1
+                      },
+                      "type": "Recurrence"
+                    }
+                  },
+                  "actions": {
+                    "For_Each_Indicator_(Threat)": {
+                      "foreach": "@body('Parse_JSON')?['threat']",
+                      "actions": {
+                        "Switch": {
+                          "cases": {
+                            "EMAIL": {
+                              "case": "EMAIL",
+                              "actions": {
+                                "Send_Emails_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "emailSenderAddress": "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                      "emailSourceDomain": "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HASH": {
+                              "case": "HASH",
+                              "actions": {
+                                "Send_Hashes_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "fileHashType": "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                      "fileHashValue": "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                        "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HOST": {
+                              "case": "HOST",
+                              "actions": {
+                                "Send_Hosts_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "domainName": "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "IP": {
+                              "case": "IP",
+                              "actions": {
+                                "Send_IPs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "networkIPv4": "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "URL": {
+                              "case": "URL",
+                              "actions": {
+                                "Send_URLs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white",
+                                      "url": "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            }
+                          },
+                          "expression": "@items('For_Each_Indicator_(Threat)')?['type']",
+                          "type": "Switch"
+                        }
+                      },
+                      "runAfter": {
+                        "Parse_JSON": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Get_TIDE_Data": {
+                      "type": "Http",
+                      "inputs": {
+                        "headers": {
+                          "Authorization": "Token @{parameters('TIDE API Key')}"
+                        },
+                        "method": "GET",
+                        "queries": {
+                          "fields": "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                          "property": "Policy_LookalikeDomains",
+                          "rlimit": "90000"
+                        },
+                        "uri": "https://csp.infoblox.com/tide/api/data/threats/host/daily"
+                      }
+                    },
+                    "Parse_JSON": {
+                      "runAfter": {
+                        "Get_TIDE_Data": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@body('Get_TIDE_Data')",
+                        "schema": {
+                          "properties": {
+                            "record_count": {
+                              "type": "integer"
+                            },
+                            "threat": {
+                              "items": {
+                                "properties": {
+                                  "batch_id": {
+                                    "type": "string"
+                                  },
+                                  "class": {
+                                    "type": "string"
+                                  },
+                                  "confidence": {
+                                    "type": "integer"
+                                  },
+                                  "confidence_score": {
+                                    "type": "number"
+                                  },
+                                  "confidence_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "confidence_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "detected": {
+                                    "type": "string"
+                                  },
+                                  "domain": {
+                                    "type": "string"
+                                  },
+                                  "email": {
+                                    "type": "string"
+                                  },
+                                  "expiration": {
+                                    "type": "string"
+                                  },
+                                  "extended": {
+                                    "properties": {
+                                      "ais_consent": {
+                                        "type": "string"
+                                      },
+                                      "cyberint_guid": {
+                                        "type": "string"
+                                      },
+                                      "no_whitelist": {
+                                        "type": "string"
+                                      },
+                                      "notes": {
+                                        "type": "string"
+                                      },
+                                      "protocol": {
+                                        "type": "string"
+                                      },
+                                      "url_hash": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "type": "object"
+                                  },
+                                  "hash": {
+                                    "type": "string"
+                                  },
+                                  "hash_type": {
+                                    "type": "string"
+                                  },
+                                  "host": {
+                                    "type": "string"
+                                  },
+                                  "id": {
+                                    "type": "string"
+                                  },
+                                  "imported": {
+                                    "type": "string"
+                                  },
+                                  "ip": {
+                                    "type": "string"
+                                  },
+                                  "profile": {
+                                    "type": "string"
+                                  },
+                                  "property": {
+                                    "type": "string"
+                                  },
+                                  "received": {
+                                    "type": "string"
+                                  },
+                                  "risk_score": {
+                                    "type": "number"
+                                  },
+                                  "risk_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "risk_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "threat_level": {
+                                    "type": "integer"
+                                  },
+                                  "threat_score": {
+                                    "type": "number"
+                                  },
+                                  "threat_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "threat_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "tld": {
+                                    "type": "string"
+                                  },
+                                  "type": {
+                                    "type": "string"
+                                  },
+                                  "url": {
+                                    "type": "string"
+                                  }
+                                },
+                                "required": [
+                                  "id"
+                                ],
+                                "type": "object"
+                              },
+                              "type": "array"
+                            }
+                          },
+                          "type": "object"
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Import-Hosts-Daily-LookalikeDomains",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": "[variables('TemplateEmptyArray')]"
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId4'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId4')]",
+                "contentId": "[variables('_playbookContentId4')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion4')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Import Hosts Daily Lookalike Domains",
+            "description": "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports newly detected Lookalike domains on a scheduled daily basis.",
+            "prerequisites": [
+              "Infoblox TIDE API key."
+            ],
+            "postDeployment": [
+              "Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId4')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Import-Hosts-Daily-LookalikeDomains",
+        "contentProductId": "[variables('_playbookcontentProductId4')]",
+        "id": "[variables('_playbookcontentProductId4')]",
+        "version": "[variables('playbookVersion4')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName5')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Import-Hosts-Daily-MalwareC2DGA Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion5')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Import-Hosts-Daily-MalwareC2DGA",
+              "type": "string"
+            },
+            "AD Application Secret": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for AD Application Secret"
+              }
+            },
+            "Client ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Client ID"
+              }
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            },
+            "Tenant ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Tenant ID"
+              }
+            }
+          },
+          "variables": {
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "AD Application Secret": {
+                      "defaultValue": "[[parameters('AD Application Secret')]",
+                      "type": "string"
+                    },
+                    "Client ID": {
+                      "defaultValue": "[[parameters('Client ID')]",
+                      "type": "string"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    },
+                    "Tenant ID": {
+                      "defaultValue": "[[parameters('Tenant ID')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Recurrence": {
+                      "recurrence": {
+                        "frequency": "Day",
+                        "interval": 1
+                      },
+                      "evaluatedRecurrence": {
+                        "frequency": "Day",
+                        "interval": 1
+                      },
+                      "type": "Recurrence"
+                    }
+                  },
+                  "actions": {
+                    "For_Each_Indicator_(Threat)": {
+                      "foreach": "@body('Parse_JSON')?['threat']",
+                      "actions": {
+                        "Switch": {
+                          "cases": {
+                            "EMAIL": {
+                              "case": "EMAIL",
+                              "actions": {
+                                "Send_Emails_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "emailSenderAddress": "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                      "emailSourceDomain": "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HASH": {
+                              "case": "HASH",
+                              "actions": {
+                                "Send_Hashes_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "fileHashType": "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                      "fileHashValue": "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                        "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HOST": {
+                              "case": "HOST",
+                              "actions": {
+                                "Send_Hosts_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "domainName": "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "IP": {
+                              "case": "IP",
+                              "actions": {
+                                "Send_IPs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "networkIPv4": "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "URL": {
+                              "case": "URL",
+                              "actions": {
+                                "Send_URLs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white",
+                                      "url": "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            }
+                          },
+                          "expression": "@items('For_Each_Indicator_(Threat)')?['type']",
+                          "type": "Switch"
+                        }
+                      },
+                      "runAfter": {
+                        "Parse_JSON": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Get_TIDE_Data": {
+                      "type": "Http",
+                      "inputs": {
+                        "headers": {
+                          "Authorization": "Token @{parameters('TIDE API Key')}"
+                        },
+                        "method": "GET",
+                        "queries": {
+                          "class": "MalwareC2DGA",
+                          "fields": "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                          "rlimit": "90000"
+                        },
+                        "uri": "https://csp.infoblox.com/tide/api/data/threats/host/daily"
+                      }
+                    },
+                    "Parse_JSON": {
+                      "runAfter": {
+                        "Get_TIDE_Data": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@body('Get_TIDE_Data')",
+                        "schema": {
+                          "properties": {
+                            "record_count": {
+                              "type": "integer"
+                            },
+                            "threat": {
+                              "items": {
+                                "properties": {
+                                  "batch_id": {
+                                    "type": "string"
+                                  },
+                                  "class": {
+                                    "type": "string"
+                                  },
+                                  "confidence": {
+                                    "type": "integer"
+                                  },
+                                  "confidence_score": {
+                                    "type": "number"
+                                  },
+                                  "confidence_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "confidence_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "detected": {
+                                    "type": "string"
+                                  },
+                                  "domain": {
+                                    "type": "string"
+                                  },
+                                  "email": {
+                                    "type": "string"
+                                  },
+                                  "expiration": {
+                                    "type": "string"
+                                  },
+                                  "extended": {
+                                    "properties": {
+                                      "ais_consent": {
+                                        "type": "string"
+                                      },
+                                      "cyberint_guid": {
+                                        "type": "string"
+                                      },
+                                      "no_whitelist": {
+                                        "type": "string"
+                                      },
+                                      "notes": {
+                                        "type": "string"
+                                      },
+                                      "protocol": {
+                                        "type": "string"
+                                      },
+                                      "url_hash": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "type": "object"
+                                  },
+                                  "hash": {
+                                    "type": "string"
+                                  },
+                                  "hash_type": {
+                                    "type": "string"
+                                  },
+                                  "host": {
+                                    "type": "string"
+                                  },
+                                  "id": {
+                                    "type": "string"
+                                  },
+                                  "imported": {
+                                    "type": "string"
+                                  },
+                                  "ip": {
+                                    "type": "string"
+                                  },
+                                  "profile": {
+                                    "type": "string"
+                                  },
+                                  "property": {
+                                    "type": "string"
+                                  },
+                                  "received": {
+                                    "type": "string"
+                                  },
+                                  "risk_score": {
+                                    "type": "number"
+                                  },
+                                  "risk_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "risk_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "threat_level": {
+                                    "type": "integer"
+                                  },
+                                  "threat_score": {
+                                    "type": "number"
+                                  },
+                                  "threat_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "threat_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "tld": {
+                                    "type": "string"
+                                  },
+                                  "type": {
+                                    "type": "string"
+                                  },
+                                  "url": {
+                                    "type": "string"
+                                  }
+                                },
+                                "required": [
+                                  "id"
+                                ],
+                                "type": "object"
+                              },
+                              "type": "array"
+                            }
+                          },
+                          "type": "object"
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Import-Hosts-Daily-MalwareC2DGA",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": "[variables('TemplateEmptyArray')]"
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId5'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId5')]",
+                "contentId": "[variables('_playbookContentId5')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion5')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Import Hosts Daily MalwareC2DGA",
+            "description": "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports newly detected MalwareC2DGA domains on a scheduled daily basis.",
+            "prerequisites": [
+              "Infoblox TIDE API key."
+            ],
+            "postDeployment": [
+              "Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId5')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Import-Hosts-Daily-MalwareC2DGA",
+        "contentProductId": "[variables('_playbookcontentProductId5')]",
+        "id": "[variables('_playbookcontentProductId5')]",
+        "version": "[variables('playbookVersion5')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName6')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Import-Hosts-Daily-Phishing Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion6')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Import-Hosts-Daily-Phishing",
+              "type": "string"
+            },
+            "AD Application Secret": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for AD Application Secret"
+              }
+            },
+            "Client ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Client ID"
+              }
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            },
+            "Tenant ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Tenant ID"
+              }
+            }
+          },
+          "variables": {
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "AD Application Secret": {
+                      "defaultValue": "[[parameters('AD Application Secret')]",
+                      "type": "string"
+                    },
+                    "Client ID": {
+                      "defaultValue": "[[parameters('Client ID')]",
+                      "type": "string"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    },
+                    "Tenant ID": {
+                      "defaultValue": "[[parameters('Tenant ID')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Recurrence": {
+                      "recurrence": {
+                        "frequency": "Day",
+                        "interval": 1
+                      },
+                      "evaluatedRecurrence": {
+                        "frequency": "Day",
+                        "interval": 1
+                      },
+                      "type": "Recurrence"
+                    }
+                  },
+                  "actions": {
+                    "For_Each_Indicator_(Threat)": {
+                      "foreach": "@body('Parse_JSON')?['threat']",
+                      "actions": {
+                        "Switch": {
+                          "cases": {
+                            "EMAIL": {
+                              "case": "EMAIL",
+                              "actions": {
+                                "Send_Emails_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "emailSenderAddress": "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                      "emailSourceDomain": "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HASH": {
+                              "case": "HASH",
+                              "actions": {
+                                "Send_Hashes_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "fileHashType": "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                      "fileHashValue": "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                        "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HOST": {
+                              "case": "HOST",
+                              "actions": {
+                                "Send_Hosts_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "domainName": "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "IP": {
+                              "case": "IP",
+                              "actions": {
+                                "Send_IPs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "networkIPv4": "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "URL": {
+                              "case": "URL",
+                              "actions": {
+                                "Send_URLs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white",
+                                      "url": "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            }
+                          },
+                          "expression": "@items('For_Each_Indicator_(Threat)')?['type']",
+                          "type": "Switch"
+                        }
+                      },
+                      "runAfter": {
+                        "Parse_JSON": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Get_TIDE_Data": {
+                      "type": "Http",
+                      "inputs": {
+                        "headers": {
+                          "Authorization": "Token @{parameters('TIDE API Key')}"
+                        },
+                        "method": "GET",
+                        "queries": {
+                          "class": "Phishing",
+                          "fields": "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                          "rlimit": "90000"
+                        },
+                        "uri": "https://csp.infoblox.com/tide/api/data/threats/host/daily"
+                      }
+                    },
+                    "Parse_JSON": {
+                      "runAfter": {
+                        "Get_TIDE_Data": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@body('Get_TIDE_Data')",
+                        "schema": {
+                          "properties": {
+                            "record_count": {
+                              "type": "integer"
+                            },
+                            "threat": {
+                              "items": {
+                                "properties": {
+                                  "batch_id": {
+                                    "type": "string"
+                                  },
+                                  "class": {
+                                    "type": "string"
+                                  },
+                                  "confidence": {
+                                    "type": "integer"
+                                  },
+                                  "confidence_score": {
+                                    "type": "number"
+                                  },
+                                  "confidence_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "confidence_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "detected": {
+                                    "type": "string"
+                                  },
+                                  "domain": {
+                                    "type": "string"
+                                  },
+                                  "email": {
+                                    "type": "string"
+                                  },
+                                  "expiration": {
+                                    "type": "string"
+                                  },
+                                  "extended": {
+                                    "properties": {
+                                      "ais_consent": {
+                                        "type": "string"
+                                      },
+                                      "cyberint_guid": {
+                                        "type": "string"
+                                      },
+                                      "no_whitelist": {
+                                        "type": "string"
+                                      },
+                                      "notes": {
+                                        "type": "string"
+                                      },
+                                      "protocol": {
+                                        "type": "string"
+                                      },
+                                      "url_hash": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "type": "object"
+                                  },
+                                  "hash": {
+                                    "type": "string"
+                                  },
+                                  "hash_type": {
+                                    "type": "string"
+                                  },
+                                  "host": {
+                                    "type": "string"
+                                  },
+                                  "id": {
+                                    "type": "string"
+                                  },
+                                  "imported": {
+                                    "type": "string"
+                                  },
+                                  "ip": {
+                                    "type": "string"
+                                  },
+                                  "profile": {
+                                    "type": "string"
+                                  },
+                                  "property": {
+                                    "type": "string"
+                                  },
+                                  "received": {
+                                    "type": "string"
+                                  },
+                                  "risk_score": {
+                                    "type": "number"
+                                  },
+                                  "risk_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "risk_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "threat_level": {
+                                    "type": "integer"
+                                  },
+                                  "threat_score": {
+                                    "type": "number"
+                                  },
+                                  "threat_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "threat_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "tld": {
+                                    "type": "string"
+                                  },
+                                  "type": {
+                                    "type": "string"
+                                  },
+                                  "url": {
+                                    "type": "string"
+                                  }
+                                },
+                                "required": [
+                                  "id"
+                                ],
+                                "type": "object"
+                              },
+                              "type": "array"
+                            }
+                          },
+                          "type": "object"
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Import-Hosts-Daily-Phishing",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": "[variables('TemplateEmptyArray')]"
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId6')]",
+                "contentId": "[variables('_playbookContentId6')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion6')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Import Hosts Daily Phishing",
+            "description": "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports newly detected Phishing domains on a scheduled daily basis.",
+            "prerequisites": [
+              "Infoblox TIDE API key."
+            ],
+            "postDeployment": [
+              "Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId6')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Import-Hosts-Daily-Phishing",
+        "contentProductId": "[variables('_playbookcontentProductId6')]",
+        "id": "[variables('_playbookcontentProductId6')]",
+        "version": "[variables('playbookVersion6')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName7')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Import-Hosts-Hourly Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion7')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Import-Hosts-Hourly",
+              "type": "string"
+            },
+            "AD Application Secret": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for AD Application Secret"
+              }
+            },
+            "Client ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Client ID"
+              }
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            },
+            "Tenant ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Tenant ID"
+              }
+            }
+          },
+          "variables": {
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "AD Application Secret": {
+                      "defaultValue": "[[parameters('AD Application Secret')]",
+                      "type": "string"
+                    },
+                    "Client ID": {
+                      "defaultValue": "[[parameters('Client ID')]",
+                      "type": "string"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    },
+                    "Tenant ID": {
+                      "defaultValue": "[[parameters('Tenant ID')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Recurrence": {
+                      "recurrence": {
+                        "frequency": "Hour",
+                        "interval": 1
+                      },
+                      "evaluatedRecurrence": {
+                        "frequency": "Hour",
+                        "interval": 1
+                      },
+                      "type": "Recurrence"
+                    }
+                  },
+                  "actions": {
+                    "For_Each_Indicator_(Threat)": {
+                      "foreach": "@body('Parse_JSON')?['threat']",
+                      "actions": {
+                        "Switch": {
+                          "cases": {
+                            "EMAIL": {
+                              "case": "EMAIL",
+                              "actions": {
+                                "Send_Emails_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "emailSenderAddress": "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                      "emailSourceDomain": "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HASH": {
+                              "case": "HASH",
+                              "actions": {
+                                "Send_Hashes_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "fileHashType": "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                      "fileHashValue": "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                        "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HOST": {
+                              "case": "HOST",
+                              "actions": {
+                                "Send_Hosts_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "domainName": "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "IP": {
+                              "case": "IP",
+                              "actions": {
+                                "Send_IPs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "networkIPv4": "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "URL": {
+                              "case": "URL",
+                              "actions": {
+                                "Send_URLs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white",
+                                      "url": "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            }
+                          },
+                          "expression": "@items('For_Each_Indicator_(Threat)')?['type']",
+                          "type": "Switch"
+                        }
+                      },
+                      "runAfter": {
+                        "Parse_JSON": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Get_TIDE_Data": {
+                      "type": "Http",
+                      "inputs": {
+                        "headers": {
+                          "Authorization": "Token @{parameters('TIDE API Key')}"
+                        },
+                        "method": "GET",
+                        "queries": {
+                          "fields": "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                          "rlimit": "90000"
+                        },
+                        "uri": "https://csp.infoblox.com/tide/api/data/threats/host/hourly"
+                      }
+                    },
+                    "Parse_JSON": {
+                      "runAfter": {
+                        "Get_TIDE_Data": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@body('Get_TIDE_Data')",
+                        "schema": {
+                          "properties": {
+                            "record_count": {
+                              "type": "integer"
+                            },
+                            "threat": {
+                              "items": {
+                                "properties": {
+                                  "batch_id": {
+                                    "type": "string"
+                                  },
+                                  "class": {
+                                    "type": "string"
+                                  },
+                                  "confidence": {
+                                    "type": "integer"
+                                  },
+                                  "confidence_score": {
+                                    "type": "number"
+                                  },
+                                  "confidence_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "confidence_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "detected": {
+                                    "type": "string"
+                                  },
+                                  "domain": {
+                                    "type": "string"
+                                  },
+                                  "email": {
+                                    "type": "string"
+                                  },
+                                  "expiration": {
+                                    "type": "string"
+                                  },
+                                  "extended": {
+                                    "properties": {
+                                      "ais_consent": {
+                                        "type": "string"
+                                      },
+                                      "cyberint_guid": {
+                                        "type": "string"
+                                      },
+                                      "no_whitelist": {
+                                        "type": "string"
+                                      },
+                                      "notes": {
+                                        "type": "string"
+                                      },
+                                      "protocol": {
+                                        "type": "string"
+                                      },
+                                      "url_hash": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "type": "object"
+                                  },
+                                  "hash": {
+                                    "type": "string"
+                                  },
+                                  "hash_type": {
+                                    "type": "string"
+                                  },
+                                  "host": {
+                                    "type": "string"
+                                  },
+                                  "id": {
+                                    "type": "string"
+                                  },
+                                  "imported": {
+                                    "type": "string"
+                                  },
+                                  "ip": {
+                                    "type": "string"
+                                  },
+                                  "profile": {
+                                    "type": "string"
+                                  },
+                                  "property": {
+                                    "type": "string"
+                                  },
+                                  "received": {
+                                    "type": "string"
+                                  },
+                                  "risk_score": {
+                                    "type": "number"
+                                  },
+                                  "risk_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "risk_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "threat_level": {
+                                    "type": "integer"
+                                  },
+                                  "threat_score": {
+                                    "type": "number"
+                                  },
+                                  "threat_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "threat_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "tld": {
+                                    "type": "string"
+                                  },
+                                  "type": {
+                                    "type": "string"
+                                  },
+                                  "url": {
+                                    "type": "string"
+                                  }
+                                },
+                                "required": [
+                                  "id"
+                                ],
+                                "type": "object"
+                              },
+                              "type": "array"
+                            }
+                          },
+                          "type": "object"
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Import-Hosts-Hourly",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": "[variables('TemplateEmptyArray')]"
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId7'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId7')]",
+                "contentId": "[variables('_playbookContentId7')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion7')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Import Hosts Hourly",
+            "description": "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports all newly detected hosts on a scheduled hourly basis.",
+            "prerequisites": [
+              "Infoblox TIDE API key."
+            ],
+            "postDeployment": [
+              "Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId7')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Import-Hosts-Hourly",
+        "contentProductId": "[variables('_playbookcontentProductId7')]",
+        "id": "[variables('_playbookcontentProductId7')]",
+        "version": "[variables('playbookVersion7')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName8')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Import-IPs-Hourly Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion8')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Import-IPs-Hourly",
+              "type": "string"
+            },
+            "AD Application Secret": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for AD Application Secret"
+              }
+            },
+            "Client ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Client ID"
+              }
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            },
+            "Tenant ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Tenant ID"
+              }
+            }
+          },
+          "variables": {
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "AD Application Secret": {
+                      "defaultValue": "[[parameters('AD Application Secret')]",
+                      "type": "string"
+                    },
+                    "Client ID": {
+                      "defaultValue": "[[parameters('Client ID')]",
+                      "type": "string"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    },
+                    "Tenant ID": {
+                      "defaultValue": "[[parameters('Tenant ID')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Recurrence": {
+                      "recurrence": {
+                        "frequency": "Hour",
+                        "interval": 1
+                      },
+                      "evaluatedRecurrence": {
+                        "frequency": "Hour",
+                        "interval": 1
+                      },
+                      "type": "Recurrence"
+                    }
+                  },
+                  "actions": {
+                    "For_Each_Indicator_(Threat)": {
+                      "foreach": "@body('Parse_JSON')?['threat']",
+                      "actions": {
+                        "Switch": {
+                          "cases": {
+                            "EMAIL": {
+                              "case": "EMAIL",
+                              "actions": {
+                                "Send_Emails_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "emailSenderAddress": "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                      "emailSourceDomain": "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HASH": {
+                              "case": "HASH",
+                              "actions": {
+                                "Send_Hashes_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "fileHashType": "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                      "fileHashValue": "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                        "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HOST": {
+                              "case": "HOST",
+                              "actions": {
+                                "Send_Hosts_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "domainName": "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "IP": {
+                              "case": "IP",
+                              "actions": {
+                                "Send_IPs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "networkIPv4": "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "URL": {
+                              "case": "URL",
+                              "actions": {
+                                "Send_URLs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white",
+                                      "url": "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            }
+                          },
+                          "expression": "@items('For_Each_Indicator_(Threat)')?['type']",
+                          "type": "Switch"
+                        }
+                      },
+                      "runAfter": {
+                        "Parse_JSON": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Get_TIDE_Data": {
+                      "type": "Http",
+                      "inputs": {
+                        "headers": {
+                          "Authorization": "Token @{parameters('TIDE API Key')}"
+                        },
+                        "method": "GET",
+                        "queries": {
+                          "fields": "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                          "rlimit": "90000"
+                        },
+                        "uri": "https://csp.infoblox.com/tide/api/data/threats/ip/hourly"
+                      }
+                    },
+                    "Parse_JSON": {
+                      "runAfter": {
+                        "Get_TIDE_Data": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@body('Get_TIDE_Data')",
+                        "schema": {
+                          "properties": {
+                            "record_count": {
+                              "type": "integer"
+                            },
+                            "threat": {
+                              "items": {
+                                "properties": {
+                                  "batch_id": {
+                                    "type": "string"
+                                  },
+                                  "class": {
+                                    "type": "string"
+                                  },
+                                  "confidence": {
+                                    "type": "integer"
+                                  },
+                                  "confidence_score": {
+                                    "type": "number"
+                                  },
+                                  "confidence_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "confidence_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "detected": {
+                                    "type": "string"
+                                  },
+                                  "domain": {
+                                    "type": "string"
+                                  },
+                                  "email": {
+                                    "type": "string"
+                                  },
+                                  "expiration": {
+                                    "type": "string"
+                                  },
+                                  "extended": {
+                                    "properties": {
+                                      "ais_consent": {
+                                        "type": "string"
+                                      },
+                                      "cyberint_guid": {
+                                        "type": "string"
+                                      },
+                                      "no_whitelist": {
+                                        "type": "string"
+                                      },
+                                      "notes": {
+                                        "type": "string"
+                                      },
+                                      "protocol": {
+                                        "type": "string"
+                                      },
+                                      "url_hash": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "type": "object"
+                                  },
+                                  "hash": {
+                                    "type": "string"
+                                  },
+                                  "hash_type": {
+                                    "type": "string"
+                                  },
+                                  "host": {
+                                    "type": "string"
+                                  },
+                                  "id": {
+                                    "type": "string"
+                                  },
+                                  "imported": {
+                                    "type": "string"
+                                  },
+                                  "ip": {
+                                    "type": "string"
+                                  },
+                                  "profile": {
+                                    "type": "string"
+                                  },
+                                  "property": {
+                                    "type": "string"
+                                  },
+                                  "received": {
+                                    "type": "string"
+                                  },
+                                  "risk_score": {
+                                    "type": "number"
+                                  },
+                                  "risk_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "risk_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "threat_level": {
+                                    "type": "integer"
+                                  },
+                                  "threat_score": {
+                                    "type": "number"
+                                  },
+                                  "threat_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "threat_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "tld": {
+                                    "type": "string"
+                                  },
+                                  "type": {
+                                    "type": "string"
+                                  },
+                                  "url": {
+                                    "type": "string"
+                                  }
+                                },
+                                "required": [
+                                  "id"
+                                ],
+                                "type": "object"
+                              },
+                              "type": "array"
+                            }
+                          },
+                          "type": "object"
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Import-IPs-Hourly",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": "[variables('TemplateEmptyArray')]"
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId8'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId8')]",
+                "contentId": "[variables('_playbookContentId8')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion8')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Import IPs Hourly",
+            "description": "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports all newly detected IPs on a scheduled hourly basis.",
+            "prerequisites": [
+              "Infoblox TIDE API key."
+            ],
+            "postDeployment": [
+              "Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId8')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Import-IPs-Hourly",
+        "contentProductId": "[variables('_playbookcontentProductId8')]",
+        "id": "[variables('_playbookcontentProductId8')]",
+        "version": "[variables('playbookVersion8')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName9')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Import-URLs-Hourly Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion9')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Import-URLs-Hourly",
+              "type": "string"
+            },
+            "AD Application Secret": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for AD Application Secret"
+              }
+            },
+            "Client ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Client ID"
+              }
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            },
+            "Tenant ID": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Tenant ID"
+              }
+            }
+          },
+          "variables": {
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "AD Application Secret": {
+                      "defaultValue": "[[parameters('AD Application Secret')]",
+                      "type": "string"
+                    },
+                    "Client ID": {
+                      "defaultValue": "[[parameters('Client ID')]",
+                      "type": "string"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    },
+                    "Tenant ID": {
+                      "defaultValue": "[[parameters('Tenant ID')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Recurrence": {
+                      "recurrence": {
+                        "frequency": "Hour",
+                        "interval": 1
+                      },
+                      "evaluatedRecurrence": {
+                        "frequency": "Hour",
+                        "interval": 1
+                      },
+                      "type": "Recurrence"
+                    }
+                  },
+                  "actions": {
+                    "For_Each_Indicator_(Threat)": {
+                      "foreach": "@body('Parse_JSON')?['threat']",
+                      "actions": {
+                        "Switch": {
+                          "cases": {
+                            "EMAIL": {
+                              "case": "EMAIL",
+                              "actions": {
+                                "Send_Emails_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "emailSenderAddress": "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                      "emailSourceDomain": "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HASH": {
+                              "case": "HASH",
+                              "actions": {
+                                "Send_Hashes_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "fileHashType": "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                      "fileHashValue": "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                        "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "HOST": {
+                              "case": "HOST",
+                              "actions": {
+                                "Send_Hosts_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "domainName": "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "IP": {
+                              "case": "IP",
+                              "actions": {
+                                "Send_IPs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "networkIPv4": "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            },
+                            "URL": {
+                              "case": "URL",
+                              "actions": {
+                                "Send_URLs_to_Sentinel": {
+                                  "type": "Http",
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://graph.microsoft.com",
+                                      "clientId": "@parameters('Client ID')",
+                                      "secret": "@parameters('AD Application Secret')",
+                                      "tenant": "@parameters('Tenant ID')",
+                                      "type": "ActiveDirectoryOAuth"
+                                    },
+                                    "body": {
+                                      "action": "alert",
+                                      "additionalInformation": "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                      "confidence": "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                      "description": "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                      "expirationDateTime": "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                      "externalId": "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                      "indicatorProvider": "Infoblox TIDE",
+                                      "lastReportedDateTime": "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                      "tags": [
+                                        "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                        "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                        "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                        "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                        "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                      ],
+                                      "targetProduct": "Azure Sentinel",
+                                      "threatType": "WatchList",
+                                      "tlpLevel": "white",
+                                      "url": "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://graph.microsoft.com/beta/security/tiIndicators"
+                                  }
+                                }
+                              }
+                            }
+                          },
+                          "expression": "@items('For_Each_Indicator_(Threat)')?['type']",
+                          "type": "Switch"
+                        }
+                      },
+                      "runAfter": {
+                        "Parse_JSON": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Get_TIDE_Data": {
+                      "type": "Http",
+                      "inputs": {
+                        "headers": {
+                          "Authorization": "Token @{parameters('TIDE API Key')}"
+                        },
+                        "method": "GET",
+                        "queries": {
+                          "fields": "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                          "rlimit": "90000"
+                        },
+                        "uri": "https://csp.infoblox.com/tide/api/data/threats/url/hourly"
+                      }
+                    },
+                    "Parse_JSON": {
+                      "runAfter": {
+                        "Get_TIDE_Data": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ParseJson",
+                      "inputs": {
+                        "content": "@body('Get_TIDE_Data')",
+                        "schema": {
+                          "properties": {
+                            "record_count": {
+                              "type": "integer"
+                            },
+                            "threat": {
+                              "items": {
+                                "properties": {
+                                  "batch_id": {
+                                    "type": "string"
+                                  },
+                                  "class": {
+                                    "type": "string"
+                                  },
+                                  "confidence": {
+                                    "type": "integer"
+                                  },
+                                  "confidence_score": {
+                                    "type": "number"
+                                  },
+                                  "confidence_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "confidence_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "detected": {
+                                    "type": "string"
+                                  },
+                                  "domain": {
+                                    "type": "string"
+                                  },
+                                  "email": {
+                                    "type": "string"
+                                  },
+                                  "expiration": {
+                                    "type": "string"
+                                  },
+                                  "extended": {
+                                    "properties": {
+                                      "ais_consent": {
+                                        "type": "string"
+                                      },
+                                      "cyberint_guid": {
+                                        "type": "string"
+                                      },
+                                      "no_whitelist": {
+                                        "type": "string"
+                                      },
+                                      "notes": {
+                                        "type": "string"
+                                      },
+                                      "protocol": {
+                                        "type": "string"
+                                      },
+                                      "url_hash": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "type": "object"
+                                  },
+                                  "hash": {
+                                    "type": "string"
+                                  },
+                                  "hash_type": {
+                                    "type": "string"
+                                  },
+                                  "host": {
+                                    "type": "string"
+                                  },
+                                  "id": {
+                                    "type": "string"
+                                  },
+                                  "imported": {
+                                    "type": "string"
+                                  },
+                                  "ip": {
+                                    "type": "string"
+                                  },
+                                  "profile": {
+                                    "type": "string"
+                                  },
+                                  "property": {
+                                    "type": "string"
+                                  },
+                                  "received": {
+                                    "type": "string"
+                                  },
+                                  "risk_score": {
+                                    "type": "number"
+                                  },
+                                  "risk_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "risk_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "threat_level": {
+                                    "type": "integer"
+                                  },
+                                  "threat_score": {
+                                    "type": "number"
+                                  },
+                                  "threat_score_rating": {
+                                    "type": "string"
+                                  },
+                                  "threat_score_vector": {
+                                    "type": "string"
+                                  },
+                                  "tld": {
+                                    "type": "string"
+                                  },
+                                  "type": {
+                                    "type": "string"
+                                  },
+                                  "url": {
+                                    "type": "string"
+                                  }
+                                },
+                                "required": [
+                                  "id"
+                                ],
+                                "type": "object"
+                              },
+                              "type": "array"
+                            }
+                          },
+                          "type": "object"
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Import-URLs-Hourly",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": "[variables('TemplateEmptyArray')]"
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId9'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId9')]",
+                "contentId": "[variables('_playbookContentId9')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion9')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Import URLs Hourly",
+            "description": "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports all newly detected URLs on a scheduled hourly basis.",
+            "prerequisites": [
+              "Infoblox TIDE API key."
+            ],
+            "postDeployment": [
+              "Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId9')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Import-URLs-Hourly",
+        "contentProductId": "[variables('_playbookcontentProductId9')]",
+        "id": "[variables('_playbookcontentProductId9')]",
+        "version": "[variables('playbookVersion9')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName10')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Incident-Enrichment-Domains Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion10')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Incident-Enrichment-Domains",
+              "type": "string"
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            }
+          },
+          "variables": {
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Entities_-_Get_DNS": {
+                      "runAfter": {
+                        "Initialize_HTML": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/entities/dnsresolution"
+                      }
+                    },
+                    "For_each_DNS_Domain_Entity": {
+                      "foreach": "@body('Entities_-_Get_DNS')?['Dnsresolutions']",
+                      "actions": {
+                        "For_each_Threat_IoC": {
+                          "foreach": "@body('Parse_JSON')?['threat']",
+                          "actions": {
+                            "Enrich_Incident_with_TIDE_Data_if_it_exists": {
+                              "else": {
+                                "actions": {
+                                  "Add_comment_to_incident": {
+                                    "runAfter": {
+                                      "Set_HTML_Table_with_TIDE_Data": [
+                                        "Succeeded"
+                                      ]
+                                    },
+                                    "type": "ApiConnection",
+                                    "inputs": {
+                                      "body": {
+                                        "incidentArmId": "@triggerBody()?['object']?['id']",
+                                        "message": "<p>IoC - @{items('For_each_DNS_Domain_Entity')?['DomainName']} - @{items('For_each_Threat_IoC')?['type']} - @{items('For_each_Threat_IoC')?['class']}<br>\n@{variables('html')}</p>"
+                                      },
+                                      "host": {
+                                        "connection": {
+                                          "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                        }
+                                      },
+                                      "method": "post",
+                                      "path": "/Incidents/Comment"
+                                    }
+                                  },
+                                  "Set_HTML_Table_with_TIDE_Data": {
+                                    "type": "SetVariable",
+                                    "inputs": {
+                                      "name": "html",
+                                      "value": "<p style=\"height:0px\"><table><tbody> \n<tr><td>ID</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['id']}</td></tr>\n<tr><td>Type</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['type']}</td></tr>\n<tr><td>Host</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['host']}</td></tr>\n<tr><td>Domain</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['domain']}</td></tr>\n<tr><td>URL</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['url']}</td></tr>\n<tr><td>IP</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['ip']}</td></tr>\n<td>Email</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['email']}</td></tr>\n<tr><td>Hash</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['hash']}       @{items('For_each_Threat_IoC')?['hash_type']}</td></tr>\n<tr><td>Profile</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['profile']}</td></tr>\n<tr><td>Property</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['property']}</td></tr>\n<tr><td>Threat Level</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['threat_level']}</td></tr>\n<tr><td>Confidence</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['confidence']}</td>\n</tr>\n<tr><td>Detected</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['detected']}</td></tr>\n<tr><td>Received</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['received']}</td></tr>\n<tr><td>Imported</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['imported']}</td></tr>\n<tr><td>Expiration</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['expiration']}</td></tr>\n<tr><td >Description</td><td style=\"text-align:left\">@{items('For_each_Threat_IoC')?['extended']?['notes']}</td></tr>\n<tr><td >Open in CSP</td><td style=\"text-align:left\">https://csp.infoblox.com/#/security_research/search/auto/@{items('For_each_Threat_IoC')?['host']}/summary</td></tr>\n</tbody></table></p>"
+                                    }
+                                  },
+                                  "Update_incident_Tags": {
+                                    "runAfter": {
+                                      "Add_comment_to_incident": [
+                                        "Succeeded"
+                                      ]
+                                    },
+                                    "type": "ApiConnection",
+                                    "inputs": {
+                                      "body": {
+                                        "incidentArmId": "@triggerBody()?['object']?['id']",
+                                        "tagsToAdd": {
+                                          "TagsToAdd": [
+                                            {
+                                              "Tag": "@items('For_each_Threat_IoC')?['type']"
+                                            },
+                                            {
+                                              "Tag": "Imported: @{items('For_each_Threat_IoC')?['imported']}"
+                                            },
+                                            {
+                                              "Tag": "Profile: @{items('For_each_Threat_IoC')?['profile']}"
+                                            },
+                                            {
+                                              "Tag": "Property: @{items('For_each_Threat_IoC')?['property']}"
+                                            },
+                                            {
+                                              "Tag": "Threat Level: @{items('For_each_Threat_IoC')?['threat_level']}"
+                                            }
+                                          ]
+                                        }
+                                      },
+                                      "host": {
+                                        "connection": {
+                                          "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                        }
+                                      },
+                                      "method": "put",
+                                      "path": "/Incidents"
+                                    }
+                                  }
+                                }
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "equals": [
+                                      "@body('Parse_JSON')?['record_count']",
+                                      0
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            }
+                          },
+                          "runAfter": {
+                            "Parse_JSON": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "Foreach"
+                        },
+                        "HTTP_-_Get_TIDE_Data_(Hosts)": {
+                          "type": "Http",
+                          "inputs": {
+                            "headers": {
+                              "Authorization": "Token @{parameters('TIDE API Key')}"
+                            },
+                            "method": "GET",
+                            "queries": {
+                              "host": "@items('For_each_DNS_Domain_Entity')?['DomainName']",
+                              "rlimit": "1"
+                            },
+                            "uri": "https://csp.infoblox.com/tide/api/data/threats"
+                          }
+                        },
+                        "Parse_JSON": {
+                          "runAfter": {
+                            "HTTP_-_Get_TIDE_Data_(Hosts)": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ParseJson",
+                          "inputs": {
+                            "content": "@body('HTTP_-_Get_TIDE_Data_(Hosts)')",
+                            "schema": {
+                              "properties": {
+                                "record_count": {
+                                  "type": "integer"
+                                },
+                                "threat": {
+                                  "items": {
+                                    "properties": {
+                                      "batch_id": {
+                                        "type": "string"
+                                      },
+                                      "class": {
+                                        "type": "string"
+                                      },
+                                      "confidence": {
+                                        "type": "integer"
+                                      },
+                                      "confidence_score": {
+                                        "type": "number"
+                                      },
+                                      "confidence_score_rating": {
+                                        "type": "string"
+                                      },
+                                      "confidence_score_vector": {
+                                        "type": "string"
+                                      },
+                                      "detected": {
+                                        "type": "string"
+                                      },
+                                      "domain": {
+                                        "type": "string"
+                                      },
+                                      "email": {
+                                        "type": "string"
+                                      },
+                                      "expiration": {
+                                        "type": "string"
+                                      },
+                                      "extended": {
+                                        "properties": {
+                                          "ais_consent": {
+                                            "type": "string"
+                                          },
+                                          "cyberint_guid": {
+                                            "type": "string"
+                                          },
+                                          "no_whitelist": {
+                                            "type": "string"
+                                          },
+                                          "notes": {
+                                            "type": "string"
+                                          },
+                                          "protocol": {
+                                            "type": "string"
+                                          },
+                                          "url_hash": {
+                                            "type": "string"
+                                          }
+                                        },
+                                        "type": "object"
+                                      },
+                                      "hash": {
+                                        "type": "string"
+                                      },
+                                      "hash_type": {
+                                        "type": "string"
+                                      },
+                                      "host": {
+                                        "type": "string"
+                                      },
+                                      "id": {
+                                        "type": "string"
+                                      },
+                                      "imported": {
+                                        "type": "string"
+                                      },
+                                      "ip": {
+                                        "type": "string"
+                                      },
+                                      "profile": {
+                                        "type": "string"
+                                      },
+                                      "property": {
+                                        "type": "string"
+                                      },
+                                      "received": {
+                                        "type": "string"
+                                      },
+                                      "risk_score": {
+                                        "type": "number"
+                                      },
+                                      "risk_score_rating": {
+                                        "type": "string"
+                                      },
+                                      "risk_score_vector": {
+                                        "type": "string"
+                                      },
+                                      "threat_level": {
+                                        "type": "integer"
+                                      },
+                                      "threat_score": {
+                                        "type": "number"
+                                      },
+                                      "threat_score_rating": {
+                                        "type": "string"
+                                      },
+                                      "threat_score_vector": {
+                                        "type": "string"
+                                      },
+                                      "tld": {
+                                        "type": "string"
+                                      },
+                                      "type": {
+                                        "type": "string"
+                                      },
+                                      "url": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "required": [
+                                      "id"
+                                    ],
+                                    "type": "object"
+                                  },
+                                  "type": "array"
+                                }
+                              },
+                              "type": "object"
+                            }
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Entities_-_Get_DNS": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Initialize_HTML": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "html",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Incident-Enrichment-Domains",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId10'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId10')]",
+                "contentId": "[variables('_playbookContentId10')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion10')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Incident Enrichment Domains",
+            "description": "Leverages the Infoblox TIDE API to enrich Microsoft Sentinel incidents with detailed TIDE data. This playbook can be configured to run automatically when an incident occurs (recommended) or run on demand.",
+            "prerequisites": [
+              "Infoblox TIDE API key."
+            ],
+            "postDeployment": [
+              "1. Grant playbook's Managed Identity **Microsoft Sentinel Responder** or greater to Resource Group.",
+              "2. Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "entities": [
+              "DnsResolution"
+            ],
+            "tags": [
+              "Enrichment"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId10')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Incident-Enrichment-Domains",
+        "contentProductId": "[variables('_playbookcontentProductId10')]",
+        "id": "[variables('_playbookcontentProductId10')]",
+        "version": "[variables('playbookVersion10')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName11')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Infoblox-Incident-Send-Email Playbook with template version 3.0.0",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion11')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Infoblox-Incident-Send-Email",
+              "type": "string"
+            },
+            "Email Recipient": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for Email Recipient"
+              }
+            },
+            "TIDE API Key": {
+              "type": "string",
+              "metadata": {
+                "description": "Enter value for TIDE API Key"
+              }
+            }
+          },
+          "variables": {
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "Office365ConnectionName": "[[concat('Office365-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Office365')]",
+            "_connection-3": "[[variables('connection-3')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Disabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    },
+                    "Email Recipient": {
+                      "defaultValue": "[[parameters('Email Recipient')]",
+                      "type": "string"
+                    },
+                    "TIDE API Key": {
+                      "defaultValue": "[[parameters('TIDE API Key')]",
+                      "type": "string"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Create_HTML_table_with_Entities": {
+                      "runAfter": {
+                        "Select_Entities": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Table",
+                      "inputs": {
+                        "format": "HTML",
+                        "from": "@body('Select_Entities')"
+                      }
+                    },
+                    "Entities_-_Get_DNS": {
+                      "runAfter": {
+                        "Set_Entities_HTML": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/entities/dnsresolution"
+                      }
+                    },
+                    "For_each_DNS_Domain_Entity": {
+                      "foreach": "@body('Entities_-_Get_DNS')?['Dnsresolutions']",
+                      "actions": {
+                        "For_each_Threat_IoC": {
+                          "foreach": "@body('Parse_JSON')?['threat']",
+                          "actions": {
+                            "Enrich_Email_with_TIDE_Data_if_it_exists": {
+                              "else": {
+                                "actions": {
+                                  "Append_HTML_Table_with_TIDE_Data": {
+                                    "type": "AppendToStringVariable",
+                                    "inputs": {
+                                      "name": "html_tide",
+                                      "value": "<style>\n@{variables('css')}\n</style>\n<div class=\"title\">IoC - @{items('For_each_DNS_Domain_Entity')?['DomainName']} - @{items('For_each_Threat_IoC')?['type']} - @{items('For_each_Threat_IoC')?['class']}</div>\n<table class=\"table\"><tbody> \n<tr>\n<td class=\"tkey\">ID</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['id']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Type</td>\n<td class=\"tvalue\" >@{items('For_each_Threat_IoC')?['type']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Host</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['host']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Domain</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['domain']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">URL</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['url']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">IP</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['ip']}</td>\n</tr>\n<td class=\"tkey\">Email</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['email']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Hash</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['hash']}       @{items('For_each_Threat_IoC')?['hash_type']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Profile</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['profile']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Property</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['property']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Threat Level</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['threat_level']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Confidence</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['confidence']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Detected</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['detected']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Received</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['received']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Imported</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['imported']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Expiration</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['expiration']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Description</td>\n<td class=\"tvalue\">@{items('For_each_Threat_IoC')?['extended']?['notes']}</td>\n</tr>\n<tr>\n<td class=\"tkey\">Open in CSP</td>\n<td class=\"tvalue\">https://csp.infoblox.com/#/security_research/search/auto/@{items('For_each_Threat_IoC')?['host']}/summary</td>\n</tr>\n</tbody>\n</table>"
+                                    }
+                                  }
+                                }
+                              },
+                              "expression": {
+                                "and": [
+                                  {
+                                    "equals": [
+                                      "@body('Parse_JSON')?['record_count']",
+                                      0
+                                    ]
+                                  }
+                                ]
+                              },
+                              "type": "If"
+                            }
+                          },
+                          "runAfter": {
+                            "Parse_JSON": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "Foreach"
+                        },
+                        "HTTP_-_Get_TIDE_Data_(Hosts)": {
+                          "type": "Http",
+                          "inputs": {
+                            "headers": {
+                              "Authorization": "Token @{parameters('TIDE API Key')}"
+                            },
+                            "method": "GET",
+                            "queries": {
+                              "host": "@items('For_each_DNS_Domain_Entity')?['DomainName']",
+                              "rlimit": "1"
+                            },
+                            "uri": "https://csp.infoblox.com/tide/api/data/threats"
+                          }
+                        },
+                        "Parse_JSON": {
+                          "runAfter": {
+                            "HTTP_-_Get_TIDE_Data_(Hosts)": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ParseJson",
+                          "inputs": {
+                            "content": "@body('HTTP_-_Get_TIDE_Data_(Hosts)')",
+                            "schema": {
+                              "properties": {
+                                "record_count": {
+                                  "type": "integer"
+                                },
+                                "threat": {
+                                  "items": {
+                                    "properties": {
+                                      "batch_id": {
+                                        "type": "string"
+                                      },
+                                      "class": {
+                                        "type": "string"
+                                      },
+                                      "confidence": {
+                                        "type": "integer"
+                                      },
+                                      "confidence_score": {
+                                        "type": "number"
+                                      },
+                                      "confidence_score_rating": {
+                                        "type": "string"
+                                      },
+                                      "confidence_score_vector": {
+                                        "type": "string"
+                                      },
+                                      "detected": {
+                                        "type": "string"
+                                      },
+                                      "domain": {
+                                        "type": "string"
+                                      },
+                                      "email": {
+                                        "type": "string"
+                                      },
+                                      "expiration": {
+                                        "type": "string"
+                                      },
+                                      "extended": {
+                                        "properties": {
+                                          "ais_consent": {
+                                            "type": "string"
+                                          },
+                                          "cyberint_guid": {
+                                            "type": "string"
+                                          },
+                                          "no_whitelist": {
+                                            "type": "string"
+                                          },
+                                          "notes": {
+                                            "type": "string"
+                                          },
+                                          "protocol": {
+                                            "type": "string"
+                                          },
+                                          "url_hash": {
+                                            "type": "string"
+                                          }
+                                        },
+                                        "type": "object"
+                                      },
+                                      "hash": {
+                                        "type": "string"
+                                      },
+                                      "hash_type": {
+                                        "type": "string"
+                                      },
+                                      "host": {
+                                        "type": "string"
+                                      },
+                                      "id": {
+                                        "type": "string"
+                                      },
+                                      "imported": {
+                                        "type": "string"
+                                      },
+                                      "ip": {
+                                        "type": "string"
+                                      },
+                                      "profile": {
+                                        "type": "string"
+                                      },
+                                      "property": {
+                                        "type": "string"
+                                      },
+                                      "received": {
+                                        "type": "string"
+                                      },
+                                      "risk_score": {
+                                        "type": "number"
+                                      },
+                                      "risk_score_rating": {
+                                        "type": "string"
+                                      },
+                                      "risk_score_vector": {
+                                        "type": "string"
+                                      },
+                                      "threat_level": {
+                                        "type": "integer"
+                                      },
+                                      "threat_score": {
+                                        "type": "number"
+                                      },
+                                      "threat_score_rating": {
+                                        "type": "string"
+                                      },
+                                      "threat_score_vector": {
+                                        "type": "string"
+                                      },
+                                      "tld": {
+                                        "type": "string"
+                                      },
+                                      "type": {
+                                        "type": "string"
+                                      },
+                                      "url": {
+                                        "type": "string"
+                                      }
+                                    },
+                                    "required": [
+                                      "id"
+                                    ],
+                                    "type": "object"
+                                  },
+                                  "type": "array"
+                                }
+                              },
+                              "type": "object"
+                            }
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Entities_-_Get_DNS": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Initialize_CSS": {
+                      "runAfter": {
+                        "Initialize_Incident_HTML": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "css",
+                            "type": "string",
+                            "value": ".title {\n    color: #1F2A47;\n    font-size: 2rem;\n    letter-spacing: .04em;\n    padding: 8px;\n    border-bottom: 1px solid #7B7B7B;\n    font-weight: bold;\n}\n\ntable  {\n    border-collapse: collapse;\n    border-spacing: 0;\n    padding: 0;\n    margin: 0 0 20px;\n}\n\n.tkey {\n    text-align: right;\n    border-right: 1px solid #7B7B7B;\n}\n.tvalue {\n    text-align: left;\n    border-top: 1px solid #eee !important;\n    padding-left: 10px;\n}\n.value {\n    font-size: 1.4rem;\n    font-weight: bold;\n}\n\n.tkey, .key{\n    color: #263137;\n    letter-spacing: .04em;\n    font-style: italic;\n    padding-right: 10px;\n}\n.tvalue, .value {\n    color: #1f4728 !important;\n    letter-spacing: .02rem;\n}\n\n"
+                          }
+                        ]
+                      }
+                    },
+                    "Initialize_Entities_HTML": {
+                      "runAfter": {
+                        "Initialize_CSS": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "html_entities",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Initialize_Incident_HTML": {
+                      "runAfter": {
+                        "Initialize_TIDE_HTML": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "html_incident",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Initialize_TIDE_HTML": {
+                      "type": "InitializeVariable",
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "html_tide",
+                            "type": "string"
+                          }
+                        ]
+                      }
+                    },
+                    "Select_Entities": {
+                      "runAfter": {
+                        "Initialize_Entities_HTML": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Select",
+                      "inputs": {
+                        "from": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "select": {
+                          "Entity": "@item()?['properties']?['friendlyName']",
+                          "Type": "@item()?['kind']"
+                        }
+                      }
+                    },
+                    "Send_an_email_with_Incident_details": {
+                      "runAfter": {
+                        "Set_Incident_HTML": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": {
+                          "Body": "<p><span style=\"font-size: 14px\"></span><span style=\"font-size: 14px\">@{variables('html_incident')}</span><span style=\"font-size: 14px\"><br>\n</span><span style=\"font-size: 14px\">@{variables('html_tide')}</span><span style=\"font-size: 14px\"></span></p>",
+                          "Importance": "Normal",
+                          "Subject": "New Sentinel Incident - @{triggerBody()?['object']?['properties']?['title']}",
+                          "To": "@parameters('Email Recipient')"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['office365_1']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/v2/Mail"
+                      }
+                    },
+                    "Set_Entities_HTML": {
+                      "runAfter": {
+                        "Create_HTML_table_with_Entities": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "SetVariable",
+                      "inputs": {
+                        "name": "html_entities",
+                        "value": "<style>\n@{variables('css')}\ntable, table td, table th {\n    text-align: left;\n    color: #1f4728 !important;\n    border-top: 1px solid #eee !important;\n    letter-spacing: .02rem;\n    padding-left: 10px;\n}\n</style>\n@{body('Create_HTML_table_with_Entities')}\n"
+                      }
+                    },
+                    "Set_Incident_HTML": {
+                      "runAfter": {
+                        "For_each_DNS_Domain_Entity": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "SetVariable",
+                      "inputs": {
+                        "name": "html_incident",
+                        "value": "<style>\n@{variables('css')}\np {\n    margin-bottom:  15px !important;\n}\n</style>\n<div class=\"title\"> New incident created in Microsoft Sentinel </div>\n\n<p><span class=\"key\"> Triggered - </span ><span  class=\"value\">@{triggerBody()?['object']?['properties']?['title']} </span ></p>\n\n<p><span class=\"key\"> Incident ID - </span><span class=\"value\"> @{triggerBody()?['object']?['properties']?['incidentNumber']}</span></p>\n\n<p><span class=\"key\"> Triggered on - </span ><span class=\"value\"> @{triggerBody()?['object']?['properties']?['createdTimeUtc']}</span></p>\n\n<p><span class=\"key\"> Severity - </span ><span class=\"value\">@{triggerBody()?['object']?['properties']?['severity']}</span></p>\n\n<p><span class=\"key\"> Alert providers - </span ><span class=\"value\">@{join(triggerBody()?['object']?['properties']?['additionalData']?['alertProductNames'], '<br />')}</span></p>\n\n<p><span class=\"key\"> Tactics - </span ><span class=\"value\">\n@{join(triggerBody()?['object']?['properties']?['additionalData']?['tactics'], '<br />')}</span></p>\n\n<p><span class=\"key\"> Description - </span ><span class=\"value\">\n@{triggerBody()?['object']?['properties']?['description']}</span></p>\n\n<p><span class=\"key\"> Entities - </span ><span class=\"value\">\n@{variables('html_entities')}</span></p>\n\n<p><span class=\"key\"> Incident link - </span ><span class=\"value\">\n<a href=\"@{triggerBody()?['object']?['properties']?['incidentUrl']}\">@{triggerBody()?['object']?['properties']?['incidentUrl']}</a></span></p>\n\n<div class=\"title\"> TIDE Data </div >"
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "office365_1": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('Office365ConnectionName'))]",
+                        "connectionName": "[[variables('Office365ConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Office365')]"
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Infoblox-Incident-Send-Email",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('Office365ConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('Office365ConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('Office365ConnectionName')]",
+                "api": {
+                  "id": "[[variables('_connection-3')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId11'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId11')]",
+                "contentId": "[variables('_playbookContentId11')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion11')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "Infoblox Cloud Data Connector",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Infoblox",
+                  "tier": "Partner",
+                  "link": "https://support.infoblox.com/"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Infoblox Incident Send Email",
+            "description": "Sends a detailed email when an incident occurs. Optionally enriches an applicable entity within the email with Infoblox TIDE data. This playbook can be configured to run automatically when an incident occurs (recommended) or run on demand.",
+            "prerequisites": [
+              "Infoblox TIDE API key (optional)."
+            ],
+            "postDeployment": [
+              "1. Grant playbook's Managed Identity **Microsoft Sentinel Responder** or greater to Resource Group.",
+              "2. Authorize connections."
+            ],
+            "lastUpdateTime": "2023-08-07T00:00:00Z",
+            "entities": [
+              "DnsResolution"
+            ],
+            "tags": [
+              "Enrichment",
+              "Notification"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId11')]",
+        "contentKind": "Playbook",
+        "displayName": "Infoblox-Incident-Send-Email",
+        "contentProductId": "[variables('_playbookcontentProductId11')]",
+        "id": "[variables('_playbookcontentProductId11')]",
+        "version": "[variables('playbookVersion11')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
+      "location": "[parameters('workspace-location')]",
+      "properties": {
+        "version": "3.0.0",
+        "kind": "Solution",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Infoblox Cloud Data Connector",
+        "publisherDisplayName": "Infoblox",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://www.infoblox.com/\">Infoblox</a> Cloud solution allows you to easily connect your Infoblox BloxOne data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search &amp; correlation, alerting, and threat intelligence enrichment for each log.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/azure-monitor/agents/data-sources-custom-logs\">Agent based logs collection from Windows and Linux machines </a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 8, <strong>Playbooks:</strong> 11</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\" width=\"75px\" height=\"75px\">",
+        "contentId": "[variables('_solutionId')]",
+        "parentId": "[variables('_solutionId')]",
+        "source": {
+          "kind": "Solution",
+          "name": "Infoblox Cloud Data Connector",
+          "sourceId": "[variables('_solutionId')]"
+        },
+        "author": {
+          "name": "Microsoft",
+          "email": "[variables('_email')]"
+        },
+        "support": {
+          "name": "Infoblox",
+          "tier": "Partner",
+          "link": "https://support.infoblox.com/"
+        },
+        "dependencies": {
+          "operator": "AND",
+          "criteria": [
+            {
+              "kind": "Workbook",
+              "contentId": "[variables('_workbookContentId1')]",
+              "version": "[variables('workbookVersion1')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId1')]",
+              "version": "[variables('analyticRuleVersion1')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId2')]",
+              "version": "[variables('analyticRuleVersion2')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId3')]",
+              "version": "[variables('analyticRuleVersion3')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId4')]",
+              "version": "[variables('analyticRuleVersion4')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId5')]",
+              "version": "[variables('analyticRuleVersion5')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId6')]",
+              "version": "[variables('analyticRuleVersion6')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId7')]",
+              "version": "[variables('analyticRuleVersion7')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId8')]",
+              "version": "[variables('analyticRuleVersion8')]"
+            },
+            {
+              "kind": "DataConnector",
+              "contentId": "[variables('_dataConnectorContentId1')]",
+              "version": "[variables('dataConnectorVersion1')]"
+            },
+            {
+              "kind": "Parser",
+              "contentId": "[variables('_parserContentId1')]",
+              "version": "[variables('parserVersion1')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Import-AISCOMM-Weekly')]",
+              "version": "[variables('playbookVersion1')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Import-Emails-Weekly')]",
+              "version": "[variables('playbookVersion2')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Import-Hashes-Weekly')]",
+              "version": "[variables('playbookVersion3')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Import-Hosts-Daily-LookalikeDomains')]",
+              "version": "[variables('playbookVersion4')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Import-Hosts-Daily-MalwareC2DGA')]",
+              "version": "[variables('playbookVersion5')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Import-Hosts-Daily-Phishing')]",
+              "version": "[variables('playbookVersion6')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Import-Hosts-Hourly')]",
+              "version": "[variables('playbookVersion7')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Import-IPs-Hourly')]",
+              "version": "[variables('playbookVersion8')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Import-URLs-Hourly')]",
+              "version": "[variables('playbookVersion9')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Incident-Enrichment-Domains')]",
+              "version": "[variables('playbookVersion10')]"
+            },
+            {
+              "kind": "Playbook",
+              "contentId": "[variables('_Infoblox-Incident-Send-Email')]",
+              "version": "[variables('playbookVersion11')]"
+            }
+          ]
+        },
+        "firstPublishDate": "2021-10-20",
+        "providers": [
+          "Infoblox"
+        ],
+        "categories": {
+          "domains": [
+            "Networking",
+            "Security - Threat Protection",
+            "Security - Network",
+            "Security - Threat Intelligence"
+          ]
+        }
+      },
+      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]"
+    }
+  ],
+  "outputs": {}
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.txt b/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.txt
deleted file mode 100644
index d4cf22a5375..00000000000
--- a/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.txt	
+++ /dev/null
@@ -1,52 +0,0 @@
-// Title:           Infoblox Cloud Data Connector Parser
-// Author:          Infoblox
-// Version:         2.0.9
-// Last Updated:    4/10/2023
-// Comment:         
-//  
-// DESCRIPTION:
-// This parser takes raw Infoblox Cloud Data Connector (CDC) logs from a Syslog (CEF) stream and parses the logs into a normalized schema.
-//
-// USAGE:
-// 1. Open Log Analytics/Microsoft Sentinel Logs blade. Copy the query below and paste into the Logs query window. 
-// 2. Click the Save button above the query. A pane will appear on the right, select "as Function" from the drop down. Enter the Function Name as InfobloxCDC.
-// 3. Kusto Functions can typically take up to 15 minutes to activate. You can then use Function Alias for other queries.
-//
-// REFERENCES: 
-// Using functions in Azure monitor log queries: https://docs.microsoft.com/azure/azure-monitor/log-query/functions
-// 
-CommonSecurityLog
-| where DeviceVendor == "Infoblox" and DeviceProduct == "Data Connector"
-| extend AEcopy = AdditionalExtensions
-//Remove DHCP Option codes at end of DHCP logs to prevent invalid chars in fieldnames, causing errors. If you require these advanced fields, remove the following line.
-| extend AEcopy = trim_end("InfobloxDHCPOptions=;(.*?)",AEcopy)
-| extend AEcopy = extract_all(@"(?P<key>[^=;]+)=(?P<value>[^=;]+)", dynamic(["key","value"]), AEcopy)
-| mv-apply AEcopy on (
-    summarize AdditionalExtensionsParsedNested = make_bag(pack(tostring(AEcopy[0]), AEcopy[1]))
-)
-| extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested
-| evaluate bag_unpack(AdditionalExtensionsParsed)
-| extend ThreatLevel_Score = toint(column_ifexists("InfobloxThreatLevel", ""))
-| extend ThreatLevel = case(ThreatLevel_Score>=80, "High",
-                       ThreatLevel_Score>=30 and ThreatLevel_Score<80, "Medium",
-                       ThreatLevel_Score<30 and ThreatLevel_Score>=1, "Low",
-                       ThreatLevel_Score == 0,"Info",
-                       "N/A" )
-| extend ThreatClass = extract("(.*?)_", 1, tostring(column_ifexists("InfobloxThreatProperty", "")))
-| extend ThreatProperty = extract("([^_]*$)", 1, tostring(column_ifexists("InfobloxThreatProperty", "")))
-| extend InfobloxB1FeedName = column_ifexists("InfobloxB1FeedName", "")
-| extend InfobloxRPZ = column_ifexists("InfobloxRPZ", "")
-| extend InfobloxB1PolicyAction = column_ifexists("InfobloxB1PolicyAction", "")
-| extend InfobloxB1PolicyName = column_ifexists("InfobloxB1PolicyName", "")
-| extend InfobloxDomainCat = column_ifexists("InfobloxDomainCat", "")
-| extend InfobloxB1ConnectionType = column_ifexists("InfobloxB1ConnectionType", "")
-| extend InfobloxB1SrcOSVersion = column_ifexists("InfobloxB1SrcOSVersion", "")
-| extend InfobloxB1Network = column_ifexists("InfobloxB1Network", "")
-| extend DeviceName = column_ifexists("DeviceName", "")
-| extend SourceMACAddress = column_ifexists("SourceMACAddress", "")
-| extend InfobloxLeaseOp = column_ifexists("InfobloxLeaseOp", "")
-| extend InfobloxLifetime = column_ifexists("InfobloxLifetime", "")
-| extend InfobloxLeaseUUID = column_ifexists("InfobloxLeaseUUID", "")
-| extend InfobloxDNSRCode = column_ifexists("InfobloxDNSRCode", "")
-| extend InfobloxDNSQClass = column_ifexists("InfobloxDNSQClass", "")
-| extend InfobloxDNSQType = column_ifexists("InfobloxDNSQType", "")
diff --git a/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.yaml b/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.yaml
index 147eceea09e..0ca20c60e5b 100644
--- a/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.yaml	
+++ b/Solutions/Infoblox Cloud Data Connector/Parsers/InfobloxCDC.yaml	
@@ -14,7 +14,7 @@ FunctionQuery: |
     | extend AEcopy = trim_end("InfobloxDHCPOptions=;(.*?)",AEcopy)
     | extend AEcopy = extract_all(@"(?P<key>[^=;]+)=(?P<value>[^=;]+)", dynamic(["key","value"]), AEcopy)
     | mv-apply AEcopy on (
-        summarize AdditionalExtensionsParsedNested = make_bag(pack(tostring(AEcopy[0]), AEcopy[1]))
+        summarize AdditionalExtensionsParsedNested = make_bag(bag_pack(tostring(AEcopy[0]), AEcopy[1]))
     )
     | extend AdditionalExtensionsParsed = AdditionalExtensionsParsedNested
     | evaluate bag_unpack(AdditionalExtensionsParsed)
@@ -41,4 +41,6 @@ FunctionQuery: |
     | extend InfobloxLeaseUUID = column_ifexists("InfobloxLeaseUUID", "")
     | extend InfobloxDNSRCode = column_ifexists("InfobloxDNSRCode", "")
     | extend InfobloxDNSQClass = column_ifexists("InfobloxDNSQClass", "")
-    | extend InfobloxDNSQType = column_ifexists("InfobloxDNSQType", "")
\ No newline at end of file
+    | extend InfobloxDNSQType = column_ifexists("InfobloxDNSQType", "")
+    | extend InfobloxThreatConfidence = toint(column_ifexists("InfobloxThreatConfidence", ""))
+    | extend ThreatConfidence = toint(column_ifexists("InfobloxThreatConfidence", ""))
\ No newline at end of file
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-AISCOMM-Weekly/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-AISCOMM-Weekly/azuredeploy.json
new file mode 100644
index 00000000000..6638e0488ab
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-AISCOMM-Weekly/azuredeploy.json	
@@ -0,0 +1,518 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Import AISCOMM Weekly",
+        "description":  "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports all indicators from the AISCOMM data provider on a scheduled weekly basis.",
+        "prerequisites":  [
+            "Infoblox TIDE API key."
+        ],        
+        "postDeployment":  [ 
+            "Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [
+        ],
+        "tags":  [
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Import-AISCOMM-Weekly",
+            "type":  "string"
+        },
+        "AD Application Secret":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for AD Application Secret"
+            }
+        },
+        "Client ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Client ID"
+            }
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        },
+        "Tenant ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Tenant ID"
+            }
+        }
+    },
+    "variables":  {
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "AD Application Secret":  {
+                            "defaultValue":  "[parameters('AD Application Secret')]",
+                            "type":  "string"
+                        },
+                        "Client ID":  {
+                            "defaultValue":  "[parameters('Client ID')]",
+                            "type":  "string"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        },
+                        "Tenant ID":  {
+                            "defaultValue":  "[parameters('Tenant ID')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Recurrence":  {
+                            "recurrence":  {
+                                "frequency":  "Week",
+                                "interval":  1
+                            },
+                            "evaluatedRecurrence":  {
+                                "frequency":  "Week",
+                                "interval":  1
+                            },
+                            "type":  "Recurrence"
+                        }
+                    },
+                    "actions":  {
+                        "For_Each_Indicator_(Threat)":  {
+                            "foreach":  "@body('Parse_JSON')?['threat']",
+                            "actions":  {
+                                "Switch":  {
+                                    "runAfter":  {
+                                    },
+                                    "cases":  {
+                                        "EMAIL":  {
+                                            "case":  "EMAIL",
+                                            "actions":  {
+                                                "Send_Emails_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "emailSenderAddress":  "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                                            "emailSourceDomain":  "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HASH":  {
+                                            "case":  "HASH",
+                                            "actions":  {
+                                                "Send_Hashes_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "fileHashType":  "@{toLower(items('For_Each_Indicator_(Threat)')?['hash_type'])}",
+                                                            "fileHashValue":  "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                                                "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HOST":  {
+                                            "case":  "HOST",
+                                            "actions":  {
+                                                "Send_Hosts_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "domainName":  "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "IP":  {
+                                            "case":  "IP",
+                                            "actions":  {
+                                                "Send_IPs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "networkIPv4":  "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "URL":  {
+                                            "case":  "URL",
+                                            "actions":  {
+                                                "Send_URLs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white",
+                                                            "url":  "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        }
+                                    },
+                                    "default":  {
+                                        "actions":  {
+                                        }
+                                    },
+                                    "expression":  "@items('For_Each_Indicator_(Threat)')?['type']",
+                                    "type":  "Switch"
+                                }
+                            },
+                            "runAfter":  {
+                                "Parse_JSON":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Get_TIDE_Data":  {
+                            "runAfter":  {
+                            },
+                            "type":  "Http",
+                            "inputs":  {
+                                "headers":  {
+                                    "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                },
+                                "method":  "GET",
+                                "queries":  {
+                                    "fields":  "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                                    "profile":  "AISCOMM",
+                                    "rlimit":  "90000"
+                                },
+                                "uri":  "https://csp.infoblox.com/tide/api/data/threats/"
+                            }
+                        },
+                        "Parse_JSON":  {
+                            "runAfter":  {
+                                "Get_TIDE_Data":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ParseJson",
+                            "inputs":  {
+                                "content":  "@body('Get_TIDE_Data')",
+                                "schema":  {
+                                    "properties":  {
+                                        "record_count":  {
+                                            "type":  "integer"
+                                        },
+                                        "threat":  {
+                                            "items":  {
+                                                "properties":  {
+                                                    "batch_id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "class":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "confidence_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "confidence_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "detected":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "dga":  {
+                                                    },
+                                                    "domain":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "email":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "expiration":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "extended":  {
+                                                        "properties":  {
+                                                            "ais_consent":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "cyberint_guid":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "no_whitelist":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "notes":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "protocol":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "url_hash":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "type":  "object"
+                                                    },
+                                                    "hash":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "hash_type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "host":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "imported":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "ip":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "profile":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "property":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "received":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "risk_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_level":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "threat_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "threat_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "tld":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "up":  {
+                                                    },
+                                                    "url":  {
+                                                        "type":  "string"
+                                                    }
+                                                },
+                                                "required":  [
+                                                    "id"
+                                                ],
+                                                "type":  "object"
+                                            },
+                                            "type":  "array"
+                                        }
+                                    },
+                                    "type":  "object"
+                                }
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Import-AISCOMM-Weekly",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+            ]
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Emails-Weekly/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Emails-Weekly/azuredeploy.json
new file mode 100644
index 00000000000..e18cad3d847
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Emails-Weekly/azuredeploy.json	
@@ -0,0 +1,517 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Import Emails Weekly",
+        "description":  "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports newly detected emails on a scheduled weekly basis.",
+        "prerequisites":  [
+            "Infoblox TIDE API key."
+        ],        
+        "postDeployment":  [
+            "Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [
+        ],
+        "tags":  [
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Import-Emails-Weekly",
+            "type":  "string"
+        },
+        "AD Application Secret":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for AD Application Secret"
+            }
+        },
+        "Client ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Client ID"
+            }
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        },
+        "Tenant ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Tenant ID"
+            }
+        }
+    },
+    "variables":  {
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "AD Application Secret":  {
+                            "defaultValue":  "[parameters('AD Application Secret')]",
+                            "type":  "string"
+                        },
+                        "Client ID":  {
+                            "defaultValue":  "[parameters('Client ID')]",
+                            "type":  "string"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        },
+                        "Tenant ID":  {
+                            "defaultValue":  "[parameters('Tenant ID')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Recurrence":  {
+                            "recurrence":  {
+                                "frequency":  "Week",
+                                "interval":  1
+                            },
+                            "evaluatedRecurrence":  {
+                                "frequency":  "Week",
+                                "interval":  1
+                            },
+                            "type":  "Recurrence"
+                        }
+                    },
+                    "actions":  {
+                        "For_Each_Indicator_(Threat)":  {
+                            "foreach":  "@body('Parse_JSON')?['threat']",
+                            "actions":  {
+                                "Switch":  {
+                                    "runAfter":  {
+                                    },
+                                    "cases":  {
+                                        "EMAIL":  {
+                                            "case":  "EMAIL",
+                                            "actions":  {
+                                                "Send_Emails_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "emailSenderAddress":  "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                                            "emailSourceDomain":  "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HASH":  {
+                                            "case":  "HASH",
+                                            "actions":  {
+                                                "Send_Hashes_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "fileHashType":  "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                                            "fileHashValue":  "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                                                "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HOST":  {
+                                            "case":  "HOST",
+                                            "actions":  {
+                                                "Send_Hosts_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "domainName":  "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "IP":  {
+                                            "case":  "IP",
+                                            "actions":  {
+                                                "Send_IPs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "networkIPv4":  "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "URL":  {
+                                            "case":  "URL",
+                                            "actions":  {
+                                                "Send_URLs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white",
+                                                            "url":  "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        }
+                                    },
+                                    "default":  {
+                                        "actions":  {
+                                        }
+                                    },
+                                    "expression":  "@items('For_Each_Indicator_(Threat)')?['type']",
+                                    "type":  "Switch"
+                                }
+                            },
+                            "runAfter":  {
+                                "Parse_JSON":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Get_TIDE_Data":  {
+                            "runAfter":  {
+                            },
+                            "type":  "Http",
+                            "inputs":  {
+                                "headers":  {
+                                    "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                },
+                                "method":  "GET",
+                                "queries":  {
+                                    "fields":  "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                                    "rlimit":  "90000"
+                                },
+                                "uri":  "https://csp.infoblox.com/tide/api/data/threats/email/"
+                            }
+                        },
+                        "Parse_JSON":  {
+                            "runAfter":  {
+                                "Get_TIDE_Data":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ParseJson",
+                            "inputs":  {
+                                "content":  "@body('Get_TIDE_Data')",
+                                "schema":  {
+                                    "properties":  {
+                                        "record_count":  {
+                                            "type":  "integer"
+                                        },
+                                        "threat":  {
+                                            "items":  {
+                                                "properties":  {
+                                                    "batch_id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "class":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "confidence_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "confidence_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "detected":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "dga":  {
+                                                    },
+                                                    "domain":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "email":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "expiration":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "extended":  {
+                                                        "properties":  {
+                                                            "ais_consent":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "cyberint_guid":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "no_whitelist":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "notes":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "protocol":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "url_hash":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "type":  "object"
+                                                    },
+                                                    "hash":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "hash_type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "host":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "imported":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "ip":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "profile":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "property":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "received":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "risk_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_level":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "threat_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "threat_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "tld":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "up":  {
+                                                    },
+                                                    "url":  {
+                                                        "type":  "string"
+                                                    }
+                                                },
+                                                "required":  [
+                                                    "id"
+                                                ],
+                                                "type":  "object"
+                                            },
+                                            "type":  "array"
+                                        }
+                                    },
+                                    "type":  "object"
+                                }
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Import-Emails-Weekly",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+            ]
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hashes-Weekly/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hashes-Weekly/azuredeploy.json
new file mode 100644
index 00000000000..709395cec33
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hashes-Weekly/azuredeploy.json	
@@ -0,0 +1,517 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Import Hashes Weekly",
+        "description":  "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports newly detected hashes on a scheduled weekly basis.",
+        "prerequisites":  [
+            "Infoblox TIDE API key."
+        ],        
+        "postDeployment":  [
+            "Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [
+        ],
+        "tags":  [
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Import-Hashes-Weekly",
+            "type":  "string"
+        },
+        "AD Application Secret":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for AD Application Secret"
+            }
+        },
+        "Client ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Client ID"
+            }
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        },
+        "Tenant ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Tenant ID"
+            }
+        }
+    },
+    "variables":  {
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "AD Application Secret":  {
+                            "defaultValue":  "[parameters('AD Application Secret')]",
+                            "type":  "string"
+                        },
+                        "Client ID":  {
+                            "defaultValue":  "[parameters('Client ID')]",
+                            "type":  "string"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        },
+                        "Tenant ID":  {
+                            "defaultValue":  "[parameters('Tenant ID')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Recurrence":  {
+                            "recurrence":  {
+                                "frequency":  "Week",
+                                "interval":  1
+                            },
+                            "evaluatedRecurrence":  {
+                                "frequency":  "Week",
+                                "interval":  1
+                            },
+                            "type":  "Recurrence"
+                        }
+                    },
+                    "actions":  {
+                        "For_Each_Indicator_(Threat)":  {
+                            "foreach":  "@body('Parse_JSON')?['threat']",
+                            "actions":  {
+                                "Switch":  {
+                                    "runAfter":  {
+                                    },
+                                    "cases":  {
+                                        "EMAIL":  {
+                                            "case":  "EMAIL",
+                                            "actions":  {
+                                                "Send_Emails_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "emailSenderAddress":  "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                                            "emailSourceDomain":  "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HASH":  {
+                                            "case":  "HASH",
+                                            "actions":  {
+                                                "Send_Hashes_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "fileHashType":  "@{toLower(items('For_Each_Indicator_(Threat)')?['hash_type'])}",
+                                                            "fileHashValue":  "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                                                "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HOST":  {
+                                            "case":  "HOST",
+                                            "actions":  {
+                                                "Send_Hosts_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "domainName":  "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "IP":  {
+                                            "case":  "IP",
+                                            "actions":  {
+                                                "Send_IPs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "networkIPv4":  "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "URL":  {
+                                            "case":  "URL",
+                                            "actions":  {
+                                                "Send_URLs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white",
+                                                            "url":  "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        }
+                                    },
+                                    "default":  {
+                                        "actions":  {
+                                        }
+                                    },
+                                    "expression":  "@items('For_Each_Indicator_(Threat)')?['type']",
+                                    "type":  "Switch"
+                                }
+                            },
+                            "runAfter":  {
+                                "Parse_JSON":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Get_TIDE_Data":  {
+                            "runAfter":  {
+                            },
+                            "type":  "Http",
+                            "inputs":  {
+                                "headers":  {
+                                    "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                },
+                                "method":  "GET",
+                                "queries":  {
+                                    "fields":  "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                                    "rlimit":  "90000"
+                                },
+                                "uri":  "https://csp.infoblox.com/tide/api/data/threats/hash/weekly"
+                            }
+                        },
+                        "Parse_JSON":  {
+                            "runAfter":  {
+                                "Get_TIDE_Data":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ParseJson",
+                            "inputs":  {
+                                "content":  "@body('Get_TIDE_Data')",
+                                "schema":  {
+                                    "properties":  {
+                                        "record_count":  {
+                                            "type":  "integer"
+                                        },
+                                        "threat":  {
+                                            "items":  {
+                                                "properties":  {
+                                                    "batch_id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "class":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "confidence_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "confidence_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "detected":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "dga":  {
+                                                    },
+                                                    "domain":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "email":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "expiration":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "extended":  {
+                                                        "properties":  {
+                                                            "ais_consent":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "cyberint_guid":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "no_whitelist":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "notes":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "protocol":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "url_hash":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "type":  "object"
+                                                    },
+                                                    "hash":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "hash_type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "host":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "imported":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "ip":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "profile":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "property":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "received":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "risk_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_level":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "threat_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "threat_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "tld":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "up":  {
+                                                    },
+                                                    "url":  {
+                                                        "type":  "string"
+                                                    }
+                                                },
+                                                "required":  [
+                                                    "id"
+                                                ],
+                                                "type":  "object"
+                                            },
+                                            "type":  "array"
+                                        }
+                                    },
+                                    "type":  "object"
+                                }
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Import-Hashes-Weekly",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+            ]
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Daily-LookalikeDomains/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Daily-LookalikeDomains/azuredeploy.json
new file mode 100644
index 00000000000..04f8a6a35bb
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Daily-LookalikeDomains/azuredeploy.json	
@@ -0,0 +1,518 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Import Hosts Daily Lookalike Domains",
+        "description":  "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports newly detected Lookalike domains on a scheduled daily basis.",
+        "prerequisites":  [
+            "Infoblox TIDE API key."
+        ],        
+        "postDeployment":  [
+            "Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [
+        ],
+        "tags":  [
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Import-Hosts-Daily-LookalikeDomains",
+            "type":  "string"
+        },
+        "AD Application Secret":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for AD Application Secret"
+            }
+        },
+        "Client ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Client ID"
+            }
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        },
+        "Tenant ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Tenant ID"
+            }
+        }
+    },
+    "variables":  {
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "AD Application Secret":  {
+                            "defaultValue":  "[parameters('AD Application Secret')]",
+                            "type":  "string"
+                        },
+                        "Client ID":  {
+                            "defaultValue":  "[parameters('Client ID')]",
+                            "type":  "string"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        },
+                        "Tenant ID":  {
+                            "defaultValue":  "[parameters('Tenant ID')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Recurrence":  {
+                            "recurrence":  {
+                                "frequency":  "Day",
+                                "interval":  1
+                            },
+                            "evaluatedRecurrence":  {
+                                "frequency":  "Day",
+                                "interval":  1
+                            },
+                            "type":  "Recurrence"
+                        }
+                    },
+                    "actions":  {
+                        "For_Each_Indicator_(Threat)":  {
+                            "foreach":  "@body('Parse_JSON')?['threat']",
+                            "actions":  {
+                                "Switch":  {
+                                    "runAfter":  {
+                                    },
+                                    "cases":  {
+                                        "EMAIL":  {
+                                            "case":  "EMAIL",
+                                            "actions":  {
+                                                "Send_Emails_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "emailSenderAddress":  "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                                            "emailSourceDomain":  "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HASH":  {
+                                            "case":  "HASH",
+                                            "actions":  {
+                                                "Send_Hashes_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "fileHashType":  "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                                            "fileHashValue":  "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                                                "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HOST":  {
+                                            "case":  "HOST",
+                                            "actions":  {
+                                                "Send_Hosts_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "domainName":  "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "IP":  {
+                                            "case":  "IP",
+                                            "actions":  {
+                                                "Send_IPs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "networkIPv4":  "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "URL":  {
+                                            "case":  "URL",
+                                            "actions":  {
+                                                "Send_URLs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white",
+                                                            "url":  "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        }
+                                    },
+                                    "default":  {
+                                        "actions":  {
+                                        }
+                                    },
+                                    "expression":  "@items('For_Each_Indicator_(Threat)')?['type']",
+                                    "type":  "Switch"
+                                }
+                            },
+                            "runAfter":  {
+                                "Parse_JSON":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Get_TIDE_Data":  {
+                            "runAfter":  {
+                            },
+                            "type":  "Http",
+                            "inputs":  {
+                                "headers":  {
+                                    "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                },
+                                "method":  "GET",
+                                "queries":  {
+                                    "fields":  "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                                    "property":  "Policy_LookalikeDomains",
+                                    "rlimit":  "90000"
+                                },
+                                "uri":  "https://csp.infoblox.com/tide/api/data/threats/host/daily"
+                            }
+                        },
+                        "Parse_JSON":  {
+                            "runAfter":  {
+                                "Get_TIDE_Data":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ParseJson",
+                            "inputs":  {
+                                "content":  "@body('Get_TIDE_Data')",
+                                "schema":  {
+                                    "properties":  {
+                                        "record_count":  {
+                                            "type":  "integer"
+                                        },
+                                        "threat":  {
+                                            "items":  {
+                                                "properties":  {
+                                                    "batch_id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "class":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "confidence_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "confidence_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "detected":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "dga":  {
+                                                    },
+                                                    "domain":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "email":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "expiration":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "extended":  {
+                                                        "properties":  {
+                                                            "ais_consent":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "cyberint_guid":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "no_whitelist":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "notes":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "protocol":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "url_hash":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "type":  "object"
+                                                    },
+                                                    "hash":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "hash_type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "host":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "imported":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "ip":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "profile":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "property":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "received":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "risk_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_level":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "threat_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "threat_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "tld":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "up":  {
+                                                    },
+                                                    "url":  {
+                                                        "type":  "string"
+                                                    }
+                                                },
+                                                "required":  [
+                                                    "id"
+                                                ],
+                                                "type":  "object"
+                                            },
+                                            "type":  "array"
+                                        }
+                                    },
+                                    "type":  "object"
+                                }
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Import-Hosts-Daily-LookalikeDomains",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+            ]
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Daily-MalwareC2DGA/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Daily-MalwareC2DGA/azuredeploy.json
new file mode 100644
index 00000000000..8d291e97d7a
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Daily-MalwareC2DGA/azuredeploy.json	
@@ -0,0 +1,518 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Import Hosts Daily MalwareC2DGA",
+        "description":  "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports newly detected MalwareC2DGA domains on a scheduled daily basis.",
+        "prerequisites":  [
+            "Infoblox TIDE API key."
+        ],        
+        "postDeployment":  [
+            "Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [
+        ],
+        "tags":  [
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Import-Hosts-Daily-MalwareC2DGA",
+            "type":  "string"
+        },
+        "AD Application Secret":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for AD Application Secret"
+            }
+        },
+        "Client ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Client ID"
+            }
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        },
+        "Tenant ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Tenant ID"
+            }
+        }
+    },
+    "variables":  {
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "AD Application Secret":  {
+                            "defaultValue":  "[parameters('AD Application Secret')]",
+                            "type":  "string"
+                        },
+                        "Client ID":  {
+                            "defaultValue":  "[parameters('Client ID')]",
+                            "type":  "string"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        },
+                        "Tenant ID":  {
+                            "defaultValue":  "[parameters('Tenant ID')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Recurrence":  {
+                            "recurrence":  {
+                                "frequency":  "Day",
+                                "interval":  1
+                            },
+                            "evaluatedRecurrence":  {
+                                "frequency":  "Day",
+                                "interval":  1
+                            },
+                            "type":  "Recurrence"
+                        }
+                    },
+                    "actions":  {
+                        "For_Each_Indicator_(Threat)":  {
+                            "foreach":  "@body('Parse_JSON')?['threat']",
+                            "actions":  {
+                                "Switch":  {
+                                    "runAfter":  {
+                                    },
+                                    "cases":  {
+                                        "EMAIL":  {
+                                            "case":  "EMAIL",
+                                            "actions":  {
+                                                "Send_Emails_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "emailSenderAddress":  "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                                            "emailSourceDomain":  "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HASH":  {
+                                            "case":  "HASH",
+                                            "actions":  {
+                                                "Send_Hashes_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "fileHashType":  "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                                            "fileHashValue":  "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                                                "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HOST":  {
+                                            "case":  "HOST",
+                                            "actions":  {
+                                                "Send_Hosts_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "domainName":  "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "IP":  {
+                                            "case":  "IP",
+                                            "actions":  {
+                                                "Send_IPs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "networkIPv4":  "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "URL":  {
+                                            "case":  "URL",
+                                            "actions":  {
+                                                "Send_URLs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white",
+                                                            "url":  "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        }
+                                    },
+                                    "default":  {
+                                        "actions":  {
+                                        }
+                                    },
+                                    "expression":  "@items('For_Each_Indicator_(Threat)')?['type']",
+                                    "type":  "Switch"
+                                }
+                            },
+                            "runAfter":  {
+                                "Parse_JSON":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Get_TIDE_Data":  {
+                            "runAfter":  {
+                            },
+                            "type":  "Http",
+                            "inputs":  {
+                                "headers":  {
+                                    "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                },
+                                "method":  "GET",
+                                "queries":  {
+                                    "class":  "MalwareC2DGA",
+                                    "fields":  "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                                    "rlimit":  "90000"
+                                },
+                                "uri":  "https://csp.infoblox.com/tide/api/data/threats/host/daily"
+                            }
+                        },
+                        "Parse_JSON":  {
+                            "runAfter":  {
+                                "Get_TIDE_Data":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ParseJson",
+                            "inputs":  {
+                                "content":  "@body('Get_TIDE_Data')",
+                                "schema":  {
+                                    "properties":  {
+                                        "record_count":  {
+                                            "type":  "integer"
+                                        },
+                                        "threat":  {
+                                            "items":  {
+                                                "properties":  {
+                                                    "batch_id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "class":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "confidence_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "confidence_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "detected":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "dga":  {
+                                                    },
+                                                    "domain":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "email":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "expiration":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "extended":  {
+                                                        "properties":  {
+                                                            "ais_consent":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "cyberint_guid":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "no_whitelist":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "notes":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "protocol":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "url_hash":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "type":  "object"
+                                                    },
+                                                    "hash":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "hash_type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "host":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "imported":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "ip":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "profile":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "property":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "received":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "risk_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_level":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "threat_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "threat_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "tld":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "up":  {
+                                                    },
+                                                    "url":  {
+                                                        "type":  "string"
+                                                    }
+                                                },
+                                                "required":  [
+                                                    "id"
+                                                ],
+                                                "type":  "object"
+                                            },
+                                            "type":  "array"
+                                        }
+                                    },
+                                    "type":  "object"
+                                }
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Import-Hosts-Daily-MalwareC2DGA",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+            ]
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Daily-Phishing/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Daily-Phishing/azuredeploy.json
new file mode 100644
index 00000000000..9967fff694c
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Daily-Phishing/azuredeploy.json	
@@ -0,0 +1,518 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Import Hosts Daily Phishing",
+        "description":  "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports newly detected Phishing domains on a scheduled daily basis.",
+        "prerequisites":  [
+            "Infoblox TIDE API key."
+        ],        
+        "postDeployment":  [
+            "Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [
+        ],
+        "tags":  [
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Import-Hosts-Daily-Phishing",
+            "type":  "string"
+        },
+        "AD Application Secret":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for AD Application Secret"
+            }
+        },
+        "Client ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Client ID"
+            }
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        },
+        "Tenant ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Tenant ID"
+            }
+        }
+    },
+    "variables":  {
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "AD Application Secret":  {
+                            "defaultValue":  "[parameters('AD Application Secret')]",
+                            "type":  "string"
+                        },
+                        "Client ID":  {
+                            "defaultValue":  "[parameters('Client ID')]",
+                            "type":  "string"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        },
+                        "Tenant ID":  {
+                            "defaultValue":  "[parameters('Tenant ID')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Recurrence":  {
+                            "recurrence":  {
+                                "frequency":  "Day",
+                                "interval":  1
+                            },
+                            "evaluatedRecurrence":  {
+                                "frequency":  "Day",
+                                "interval":  1
+                            },
+                            "type":  "Recurrence"
+                        }
+                    },
+                    "actions":  {
+                        "For_Each_Indicator_(Threat)":  {
+                            "foreach":  "@body('Parse_JSON')?['threat']",
+                            "actions":  {
+                                "Switch":  {
+                                    "runAfter":  {
+                                    },
+                                    "cases":  {
+                                        "EMAIL":  {
+                                            "case":  "EMAIL",
+                                            "actions":  {
+                                                "Send_Emails_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "emailSenderAddress":  "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                                            "emailSourceDomain":  "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HASH":  {
+                                            "case":  "HASH",
+                                            "actions":  {
+                                                "Send_Hashes_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "fileHashType":  "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                                            "fileHashValue":  "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                                                "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HOST":  {
+                                            "case":  "HOST",
+                                            "actions":  {
+                                                "Send_Hosts_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "domainName":  "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "IP":  {
+                                            "case":  "IP",
+                                            "actions":  {
+                                                "Send_IPs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "networkIPv4":  "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "URL":  {
+                                            "case":  "URL",
+                                            "actions":  {
+                                                "Send_URLs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white",
+                                                            "url":  "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        }
+                                    },
+                                    "default":  {
+                                        "actions":  {
+                                        }
+                                    },
+                                    "expression":  "@items('For_Each_Indicator_(Threat)')?['type']",
+                                    "type":  "Switch"
+                                }
+                            },
+                            "runAfter":  {
+                                "Parse_JSON":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Get_TIDE_Data":  {
+                            "runAfter":  {
+                            },
+                            "type":  "Http",
+                            "inputs":  {
+                                "headers":  {
+                                    "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                },
+                                "method":  "GET",
+                                "queries":  {
+                                    "class":  "Phishing",
+                                    "fields":  "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                                    "rlimit":  "90000"
+                                },
+                                "uri":  "https://csp.infoblox.com/tide/api/data/threats/host/daily"
+                            }
+                        },
+                        "Parse_JSON":  {
+                            "runAfter":  {
+                                "Get_TIDE_Data":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ParseJson",
+                            "inputs":  {
+                                "content":  "@body('Get_TIDE_Data')",
+                                "schema":  {
+                                    "properties":  {
+                                        "record_count":  {
+                                            "type":  "integer"
+                                        },
+                                        "threat":  {
+                                            "items":  {
+                                                "properties":  {
+                                                    "batch_id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "class":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "confidence_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "confidence_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "detected":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "dga":  {
+                                                    },
+                                                    "domain":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "email":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "expiration":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "extended":  {
+                                                        "properties":  {
+                                                            "ais_consent":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "cyberint_guid":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "no_whitelist":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "notes":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "protocol":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "url_hash":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "type":  "object"
+                                                    },
+                                                    "hash":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "hash_type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "host":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "imported":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "ip":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "profile":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "property":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "received":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "risk_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_level":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "threat_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "threat_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "tld":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "up":  {
+                                                    },
+                                                    "url":  {
+                                                        "type":  "string"
+                                                    }
+                                                },
+                                                "required":  [
+                                                    "id"
+                                                ],
+                                                "type":  "object"
+                                            },
+                                            "type":  "array"
+                                        }
+                                    },
+                                    "type":  "object"
+                                }
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Import-Hosts-Daily-Phishing",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+            ]
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Hourly/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Hourly/azuredeploy.json
new file mode 100644
index 00000000000..2f1152a29bc
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-Hosts-Hourly/azuredeploy.json	
@@ -0,0 +1,517 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Import Hosts Hourly",
+        "description":  "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports all newly detected hosts on a scheduled hourly basis.",
+        "prerequisites":  [
+            "Infoblox TIDE API key."
+        ],        
+        "postDeployment":  [
+            "Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [
+        ],
+        "tags":  [
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Import-Hosts-Hourly",
+            "type":  "string"
+        },
+        "AD Application Secret":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for AD Application Secret"
+            }
+        },
+        "Client ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Client ID"
+            }
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        },
+        "Tenant ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Tenant ID"
+            }
+        }
+    },
+    "variables":  {
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "AD Application Secret":  {
+                            "defaultValue":  "[parameters('AD Application Secret')]",
+                            "type":  "string"
+                        },
+                        "Client ID":  {
+                            "defaultValue":  "[parameters('Client ID')]",
+                            "type":  "string"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        },
+                        "Tenant ID":  {
+                            "defaultValue":  "[parameters('Tenant ID')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Recurrence":  {
+                            "recurrence":  {
+                                "frequency":  "Hour",
+                                "interval":  1
+                            },
+                            "evaluatedRecurrence":  {
+                                "frequency":  "Hour",
+                                "interval":  1
+                            },
+                            "type":  "Recurrence"
+                        }
+                    },
+                    "actions":  {
+                        "For_Each_Indicator_(Threat)":  {
+                            "foreach":  "@body('Parse_JSON')?['threat']",
+                            "actions":  {
+                                "Switch":  {
+                                    "runAfter":  {
+                                    },
+                                    "cases":  {
+                                        "EMAIL":  {
+                                            "case":  "EMAIL",
+                                            "actions":  {
+                                                "Send_Emails_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "emailSenderAddress":  "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                                            "emailSourceDomain":  "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HASH":  {
+                                            "case":  "HASH",
+                                            "actions":  {
+                                                "Send_Hashes_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "fileHashType":  "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                                            "fileHashValue":  "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                                                "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HOST":  {
+                                            "case":  "HOST",
+                                            "actions":  {
+                                                "Send_Hosts_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "domainName":  "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "IP":  {
+                                            "case":  "IP",
+                                            "actions":  {
+                                                "Send_IPs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "networkIPv4":  "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "URL":  {
+                                            "case":  "URL",
+                                            "actions":  {
+                                                "Send_URLs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white",
+                                                            "url":  "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        }
+                                    },
+                                    "default":  {
+                                        "actions":  {
+                                        }
+                                    },
+                                    "expression":  "@items('For_Each_Indicator_(Threat)')?['type']",
+                                    "type":  "Switch"
+                                }
+                            },
+                            "runAfter":  {
+                                "Parse_JSON":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Get_TIDE_Data":  {
+                            "runAfter":  {
+                            },
+                            "type":  "Http",
+                            "inputs":  {
+                                "headers":  {
+                                    "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                },
+                                "method":  "GET",
+                                "queries":  {
+                                    "fields":  "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                                    "rlimit":  "90000"
+                                },
+                                "uri":  "https://csp.infoblox.com/tide/api/data/threats/host/hourly"
+                            }
+                        },
+                        "Parse_JSON":  {
+                            "runAfter":  {
+                                "Get_TIDE_Data":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ParseJson",
+                            "inputs":  {
+                                "content":  "@body('Get_TIDE_Data')",
+                                "schema":  {
+                                    "properties":  {
+                                        "record_count":  {
+                                            "type":  "integer"
+                                        },
+                                        "threat":  {
+                                            "items":  {
+                                                "properties":  {
+                                                    "batch_id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "class":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "confidence_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "confidence_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "detected":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "dga":  {
+                                                    },
+                                                    "domain":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "email":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "expiration":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "extended":  {
+                                                        "properties":  {
+                                                            "ais_consent":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "cyberint_guid":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "no_whitelist":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "notes":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "protocol":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "url_hash":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "type":  "object"
+                                                    },
+                                                    "hash":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "hash_type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "host":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "imported":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "ip":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "profile":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "property":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "received":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "risk_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_level":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "threat_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "threat_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "tld":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "up":  {
+                                                    },
+                                                    "url":  {
+                                                        "type":  "string"
+                                                    }
+                                                },
+                                                "required":  [
+                                                    "id"
+                                                ],
+                                                "type":  "object"
+                                            },
+                                            "type":  "array"
+                                        }
+                                    },
+                                    "type":  "object"
+                                }
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Import-Hosts-Hourly",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+            ]
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-IPs-Hourly/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-IPs-Hourly/azuredeploy.json
new file mode 100644
index 00000000000..e163c5bb1f2
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-IPs-Hourly/azuredeploy.json	
@@ -0,0 +1,517 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Import IPs Hourly",
+        "description":  "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports all newly detected IPs on a scheduled hourly basis.",
+        "prerequisites":  [
+            "Infoblox TIDE API key."
+        ],        
+        "postDeployment":  [
+            "Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [
+        ],
+        "tags":  [
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Import-IPs-Hourly",
+            "type":  "string"
+        },
+        "AD Application Secret":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for AD Application Secret"
+            }
+        },
+        "Client ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Client ID"
+            }
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        },
+        "Tenant ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Tenant ID"
+            }
+        }
+    },
+    "variables":  {
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "AD Application Secret":  {
+                            "defaultValue":  "[parameters('AD Application Secret')]",
+                            "type":  "string"
+                        },
+                        "Client ID":  {
+                            "defaultValue":  "[parameters('Client ID')]",
+                            "type":  "string"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        },
+                        "Tenant ID":  {
+                            "defaultValue":  "[parameters('Tenant ID')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Recurrence":  {
+                            "recurrence":  {
+                                "frequency":  "Hour",
+                                "interval":  1
+                            },
+                            "evaluatedRecurrence":  {
+                                "frequency":  "Hour",
+                                "interval":  1
+                            },
+                            "type":  "Recurrence"
+                        }
+                    },
+                    "actions":  {
+                        "For_Each_Indicator_(Threat)":  {
+                            "foreach":  "@body('Parse_JSON')?['threat']",
+                            "actions":  {
+                                "Switch":  {
+                                    "runAfter":  {
+                                    },
+                                    "cases":  {
+                                        "EMAIL":  {
+                                            "case":  "EMAIL",
+                                            "actions":  {
+                                                "Send_Emails_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "emailSenderAddress":  "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                                            "emailSourceDomain":  "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HASH":  {
+                                            "case":  "HASH",
+                                            "actions":  {
+                                                "Send_Hashes_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "fileHashType":  "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                                            "fileHashValue":  "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                                                "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HOST":  {
+                                            "case":  "HOST",
+                                            "actions":  {
+                                                "Send_Hosts_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "domainName":  "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "IP":  {
+                                            "case":  "IP",
+                                            "actions":  {
+                                                "Send_IPs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "networkIPv4":  "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "URL":  {
+                                            "case":  "URL",
+                                            "actions":  {
+                                                "Send_URLs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white",
+                                                            "url":  "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        }
+                                    },
+                                    "default":  {
+                                        "actions":  {
+                                        }
+                                    },
+                                    "expression":  "@items('For_Each_Indicator_(Threat)')?['type']",
+                                    "type":  "Switch"
+                                }
+                            },
+                            "runAfter":  {
+                                "Parse_JSON":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Get_TIDE_Data":  {
+                            "runAfter":  {
+                            },
+                            "type":  "Http",
+                            "inputs":  {
+                                "headers":  {
+                                    "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                },
+                                "method":  "GET",
+                                "queries":  {
+                                    "fields":  "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                                    "rlimit":  "90000"
+                                },
+                                "uri":  "https://csp.infoblox.com/tide/api/data/threats/ip/hourly"
+                            }
+                        },
+                        "Parse_JSON":  {
+                            "runAfter":  {
+                                "Get_TIDE_Data":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ParseJson",
+                            "inputs":  {
+                                "content":  "@body('Get_TIDE_Data')",
+                                "schema":  {
+                                    "properties":  {
+                                        "record_count":  {
+                                            "type":  "integer"
+                                        },
+                                        "threat":  {
+                                            "items":  {
+                                                "properties":  {
+                                                    "batch_id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "class":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "confidence_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "confidence_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "detected":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "dga":  {
+                                                    },
+                                                    "domain":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "email":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "expiration":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "extended":  {
+                                                        "properties":  {
+                                                            "ais_consent":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "cyberint_guid":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "no_whitelist":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "notes":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "protocol":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "url_hash":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "type":  "object"
+                                                    },
+                                                    "hash":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "hash_type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "host":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "imported":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "ip":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "profile":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "property":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "received":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "risk_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_level":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "threat_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "threat_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "tld":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "up":  {
+                                                    },
+                                                    "url":  {
+                                                        "type":  "string"
+                                                    }
+                                                },
+                                                "required":  [
+                                                    "id"
+                                                ],
+                                                "type":  "object"
+                                            },
+                                            "type":  "array"
+                                        }
+                                    },
+                                    "type":  "object"
+                                }
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Import-IPs-Hourly",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+            ]
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-URLs-Hourly/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-URLs-Hourly/azuredeploy.json
new file mode 100644
index 00000000000..641c0b62cb0
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Import-URLs-Hourly/azuredeploy.json	
@@ -0,0 +1,517 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Import URLs Hourly",
+        "description":  "Leverages the Infoblox TIDE API to automatically import threat indicators into the ThreatIntelligenceIndicator table. This playbook imports all newly detected URLs on a scheduled hourly basis.",
+        "prerequisites":  [
+            "Infoblox TIDE API key."
+        ],        
+        "postDeployment":  [
+            "Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [
+        ],
+        "tags":  [
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Import-URLs-Hourly",
+            "type":  "string"
+        },
+        "AD Application Secret":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for AD Application Secret"
+            }
+        },
+        "Client ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Client ID"
+            }
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        },
+        "Tenant ID":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Tenant ID"
+            }
+        }
+    },
+    "variables":  {
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "AD Application Secret":  {
+                            "defaultValue":  "[parameters('AD Application Secret')]",
+                            "type":  "string"
+                        },
+                        "Client ID":  {
+                            "defaultValue":  "[parameters('Client ID')]",
+                            "type":  "string"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        },
+                        "Tenant ID":  {
+                            "defaultValue":  "[parameters('Tenant ID')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Recurrence":  {
+                            "recurrence":  {
+                                "frequency":  "Hour",
+                                "interval":  1
+                            },
+                            "evaluatedRecurrence":  {
+                                "frequency":  "Hour",
+                                "interval":  1
+                            },
+                            "type":  "Recurrence"
+                        }
+                    },
+                    "actions":  {
+                        "For_Each_Indicator_(Threat)":  {
+                            "foreach":  "@body('Parse_JSON')?['threat']",
+                            "actions":  {
+                                "Switch":  {
+                                    "runAfter":  {
+                                    },
+                                    "cases":  {
+                                        "EMAIL":  {
+                                            "case":  "EMAIL",
+                                            "actions":  {
+                                                "Send_Emails_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "emailSenderAddress":  "@{items('For_Each_Indicator_(Threat)')?['email']}",
+                                                            "emailSourceDomain":  "@{items('For_Each_Indicator_(Threat)')?['domain']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HASH":  {
+                                            "case":  "HASH",
+                                            "actions":  {
+                                                "Send_Hashes_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "fileHashType":  "@{items('For_Each_Indicator_(Threat)')?['hash_type']}",
+                                                            "fileHashValue":  "@{items('For_Each_Indicator_(Threat)')?['hash']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}",
+                                                                "Hash Type: @{items('For_Each_Indicator_(Threat)')?['hash_type']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "HOST":  {
+                                            "case":  "HOST",
+                                            "actions":  {
+                                                "Send_Hosts_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "domainName":  "@{items('For_Each_Indicator_(Threat)')?['host']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "IP":  {
+                                            "case":  "IP",
+                                            "actions":  {
+                                                "Send_IPs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "networkIPv4":  "@{items('For_Each_Indicator_(Threat)')?['ip']}",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        },
+                                        "URL":  {
+                                            "case":  "URL",
+                                            "actions":  {
+                                                "Send_URLs_to_Sentinel":  {
+                                                    "runAfter":  {
+                                                    },
+                                                    "type":  "Http",
+                                                    "inputs":  {
+                                                        "authentication":  {
+                                                            "audience":  "https://graph.microsoft.com",
+                                                            "clientId":  "@parameters('Client ID')",
+                                                            "secret":  "@parameters('AD Application Secret')",
+                                                            "tenant":  "@parameters('Tenant ID')",
+                                                            "type":  "ActiveDirectoryOAuth"
+                                                        },
+                                                        "body":  {
+                                                            "action":  "alert",
+                                                            "additionalInformation":  "@{items('For_Each_Indicator_(Threat)')?['extended']?['notes']}",
+                                                            "confidence":  "@items('For_Each_Indicator_(Threat)')?['confidence']",
+                                                            "description":  "Infoblox - @{items('For_Each_Indicator_(Threat)')?['type']} - @{items('For_Each_Indicator_(Threat)')?['class']}",
+                                                            "expirationDateTime":  "@items('For_Each_Indicator_(Threat)')?['expiration']",
+                                                            "externalId":  "@{items('For_Each_Indicator_(Threat)')?['id']}",
+                                                            "indicatorProvider":  "Infoblox TIDE",
+                                                            "lastReportedDateTime":  "@items('For_Each_Indicator_(Threat)')?['imported']",
+                                                            "tags":  [
+                                                                "@{items('For_Each_Indicator_(Threat)')?['type']}",
+                                                                "Imported: @{items('For_Each_Indicator_(Threat)')?['imported']}",
+                                                                "Profile: @{items('For_Each_Indicator_(Threat)')?['profile']}",
+                                                                "Property: @{items('For_Each_Indicator_(Threat)')?['property']}",
+                                                                "Threat Level: @{items('For_Each_Indicator_(Threat)')?['threat_level']}"
+                                                            ],
+                                                            "targetProduct":  "Azure Sentinel",
+                                                            "threatType":  "WatchList",
+                                                            "tlpLevel":  "white",
+                                                            "url":  "@{items('For_Each_Indicator_(Threat)')?['url']}"
+                                                        },
+                                                        "method":  "POST",
+                                                        "uri":  "https://graph.microsoft.com/beta/security/tiIndicators"
+                                                    }
+                                                }
+                                            }
+                                        }
+                                    },
+                                    "default":  {
+                                        "actions":  {
+                                        }
+                                    },
+                                    "expression":  "@items('For_Each_Indicator_(Threat)')?['type']",
+                                    "type":  "Switch"
+                                }
+                            },
+                            "runAfter":  {
+                                "Parse_JSON":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Get_TIDE_Data":  {
+                            "runAfter":  {
+                            },
+                            "type":  "Http",
+                            "inputs":  {
+                                "headers":  {
+                                    "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                },
+                                "method":  "GET",
+                                "queries":  {
+                                    "fields":  "notes,confidence,type,class,host,expiration,id,imported,type,profile,property,threat_level,extended,email,domain,hash,hash_type,ip,url",
+                                    "rlimit":  "90000"
+                                },
+                                "uri":  "https://csp.infoblox.com/tide/api/data/threats/url/hourly"
+                            }
+                        },
+                        "Parse_JSON":  {
+                            "runAfter":  {
+                                "Get_TIDE_Data":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ParseJson",
+                            "inputs":  {
+                                "content":  "@body('Get_TIDE_Data')",
+                                "schema":  {
+                                    "properties":  {
+                                        "record_count":  {
+                                            "type":  "integer"
+                                        },
+                                        "threat":  {
+                                            "items":  {
+                                                "properties":  {
+                                                    "batch_id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "class":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "confidence_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "confidence_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "confidence_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "detected":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "dga":  {
+                                                    },
+                                                    "domain":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "email":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "expiration":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "extended":  {
+                                                        "properties":  {
+                                                            "ais_consent":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "cyberint_guid":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "no_whitelist":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "notes":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "protocol":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "url_hash":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "type":  "object"
+                                                    },
+                                                    "hash":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "hash_type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "host":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "id":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "imported":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "ip":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "profile":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "property":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "received":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "risk_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "risk_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_level":  {
+                                                        "type":  "integer"
+                                                    },
+                                                    "threat_score":  {
+                                                        "type":  "number"
+                                                    },
+                                                    "threat_score_rating":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "threat_score_vector":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "tld":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "type":  {
+                                                        "type":  "string"
+                                                    },
+                                                    "up":  {
+                                                    },
+                                                    "url":  {
+                                                        "type":  "string"
+                                                    }
+                                                },
+                                                "required":  [
+                                                    "id"
+                                                ],
+                                                "type":  "object"
+                                            },
+                                            "type":  "array"
+                                        }
+                                    },
+                                    "type":  "object"
+                                }
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Import-URLs-Hourly",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+            ]
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Incident-Enrichment-Domains/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Incident-Enrichment-Domains/azuredeploy.json
new file mode 100644
index 00000000000..95e828185da
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Incident-Enrichment-Domains/azuredeploy.json	
@@ -0,0 +1,435 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Incident Enrichment Domains",
+        "description":  "Leverages the Infoblox TIDE API to enrich Sentinel incidents with detailed TIDE data. This playbook can be configured to run automatically when an incident occurs (recommended) or run on demand.",
+        "prerequisites":  [
+            "Infoblox TIDE API key."
+        ],        
+        "postDeployment":  [
+            "1. Grant playbook's Managed Identity **Microsoft Sentinel Responder** or greater to Resource Group.",
+            "2. Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [ "DnsResolution"
+        ],
+        "tags":  [ "Enrichment"
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Incident-Enrichment-Domains",
+            "type":  "string"
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        }
+    },
+    "variables":  {
+        "MicrosoftSentinelConnectionName":  "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]"
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "$connections":  {
+                            "defaultValue":  {
+                            },
+                            "type":  "Object"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Microsoft_Sentinel_incident":  {
+                            "type":  "ApiConnectionWebhook",
+                            "inputs":  {
+                                "body":  {
+                                    "callback_url":  "@{listCallbackUrl()}"
+                                },
+                                "host":  {
+                                    "connection":  {
+                                        "name":  "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                },
+                                "path":  "/incident-creation"
+                            }
+                        }
+                    },
+                    "actions":  {
+                        "Entities_-_Get_DNS":  {
+                            "runAfter":  {
+                                "Initialize_HTML":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ApiConnection",
+                            "inputs":  {
+                                "body":  "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                                "host":  {
+                                    "connection":  {
+                                        "name":  "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                },
+                                "method":  "post",
+                                "path":  "/entities/dnsresolution"
+                            }
+                        },
+                        "For_each_DNS_Domain_Entity":  {
+                            "foreach":  "@body('Entities_-_Get_DNS')?['Dnsresolutions']",
+                            "actions":  {
+                                "For_each_Threat_IoC":  {
+                                    "foreach":  "@body('Parse_JSON')?['threat']",
+                                    "actions":  {
+                                        "Enrich_Incident_with_TIDE_Data_if_it_exists":  {
+                                            "actions":  {
+                                            },
+                                            "runAfter":  {
+                                            },
+                                            "else":  {
+                                                "actions":  {
+                                                    "Add_comment_to_incident":  {
+                                                        "runAfter":  {
+                                                            "Set_HTML_Table_with_TIDE_Data":  [
+                                                                "Succeeded"
+                                                            ]
+                                                        },
+                                                        "type":  "ApiConnection",
+                                                        "inputs":  {
+                                                            "body":  {
+                                                                "incidentArmId":  "@triggerBody()?['object']?['id']",
+                                                                "message":  "\u003cp\u003eIoC - @{items('For_each_DNS_Domain_Entity')?['DomainName']} - @{items('For_each_Threat_IoC')?['type']} - @{items('For_each_Threat_IoC')?['class']}\u003cbr\u003e\n@{variables('html')}\u003c/p\u003e"
+                                                            },
+                                                            "host":  {
+                                                                "connection":  {
+                                                                    "name":  "@parameters('$connections')['azuresentinel']['connectionId']"
+                                                                }
+                                                            },
+                                                            "method":  "post",
+                                                            "path":  "/Incidents/Comment"
+                                                        }
+                                                    },
+                                                    "Set_HTML_Table_with_TIDE_Data":  {
+                                                        "runAfter":  {
+                                                        },
+                                                        "type":  "SetVariable",
+                                                        "inputs":  {
+                                                            "name":  "html",
+                                                            "value":  "\u003cp style=\"height:0px\"\u003e\u003ctable\u003e\u003ctbody\u003e \n\u003ctr\u003e\u003ctd\u003eID\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['id']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eType\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['type']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eHost\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['host']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eDomain\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['domain']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eURL\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['url']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eIP\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['ip']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctd\u003eEmail\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['email']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eHash\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['hash']}       @{items('For_each_Threat_IoC')?['hash_type']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eProfile\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['profile']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eProperty\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['property']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eThreat Level\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['threat_level']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eConfidence\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['confidence']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eDetected\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['detected']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eReceived\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['received']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eImported\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['imported']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eExpiration\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['expiration']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd \u003eDescription\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003e@{items('For_each_Threat_IoC')?['extended']?['notes']}\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd \u003eOpen in CSP\u003c/td\u003e\u003ctd style=\"text-align:left\"\u003ehttps://csp.infoblox.com/#/security_research/search/auto/@{items('For_each_Threat_IoC')?['host']}/summary\u003c/td\u003e\u003c/tr\u003e\n\u003c/tbody\u003e\u003c/table\u003e\u003c/p\u003e"
+                                                        }
+                                                    },
+                                                    "Update_incident_Tags":  {
+                                                        "runAfter":  {
+                                                            "Add_comment_to_incident":  [
+                                                                "Succeeded"
+                                                            ]
+                                                        },
+                                                        "type":  "ApiConnection",
+                                                        "inputs":  {
+                                                            "body":  {
+                                                                "incidentArmId":  "@triggerBody()?['object']?['id']",
+                                                                "tagsToAdd":  {
+                                                                    "TagsToAdd":  [
+                                                                        {
+                                                                            "Tag":  "@items('For_each_Threat_IoC')?['type']"
+                                                                        },
+                                                                        {
+                                                                            "Tag":  "Imported: @{items('For_each_Threat_IoC')?['imported']}"
+                                                                        },
+                                                                        {
+                                                                            "Tag":  "Profile: @{items('For_each_Threat_IoC')?['profile']}"
+                                                                        },
+                                                                        {
+                                                                            "Tag":  "Property: @{items('For_each_Threat_IoC')?['property']}"
+                                                                        },
+                                                                        {
+                                                                            "Tag":  "Threat Level: @{items('For_each_Threat_IoC')?['threat_level']}"
+                                                                        }
+                                                                    ]
+                                                                }
+                                                            },
+                                                            "host":  {
+                                                                "connection":  {
+                                                                    "name":  "@parameters('$connections')['azuresentinel']['connectionId']"
+                                                                }
+                                                            },
+                                                            "method":  "put",
+                                                            "path":  "/Incidents"
+                                                        }
+                                                    }
+                                                }
+                                            },
+                                            "expression":  {
+                                                "and":  [
+                                                    {
+                                                        "equals":  [
+                                                            "@body('Parse_JSON')?['record_count']",
+                                                            0
+                                                        ]
+                                                    }
+                                                ]
+                                            },
+                                            "type":  "If"
+                                        }
+                                    },
+                                    "runAfter":  {
+                                        "Parse_JSON":  [
+                                            "Succeeded"
+                                        ]
+                                    },
+                                    "type":  "Foreach"
+                                },
+                                "HTTP_-_Get_TIDE_Data_(Hosts)":  {
+                                    "runAfter":  {
+                                    },
+                                    "type":  "Http",
+                                    "inputs":  {
+                                        "headers":  {
+                                            "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                        },
+                                        "method":  "GET",
+                                        "queries":  {
+                                            "host":  "@items('For_each_DNS_Domain_Entity')?['DomainName']",
+                                            "rlimit":  "1"
+                                        },
+                                        "uri":  "https://csp.infoblox.com/tide/api/data/threats"
+                                    }
+                                },
+                                "Parse_JSON":  {
+                                    "runAfter":  {
+                                        "HTTP_-_Get_TIDE_Data_(Hosts)":  [
+                                            "Succeeded"
+                                        ]
+                                    },
+                                    "type":  "ParseJson",
+                                    "inputs":  {
+                                        "content":  "@body('HTTP_-_Get_TIDE_Data_(Hosts)')",
+                                        "schema":  {
+                                            "properties":  {
+                                                "record_count":  {
+                                                    "type":  "integer"
+                                                },
+                                                "threat":  {
+                                                    "items":  {
+                                                        "properties":  {
+                                                            "batch_id":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "class":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "confidence":  {
+                                                                "type":  "integer"
+                                                            },
+                                                            "confidence_score":  {
+                                                                "type":  "number"
+                                                            },
+                                                            "confidence_score_rating":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "confidence_score_vector":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "detected":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "dga":  {
+                                                            },
+                                                            "domain":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "email":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "expiration":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "extended":  {
+                                                                "properties":  {
+                                                                    "ais_consent":  {
+                                                                        "type":  "string"
+                                                                    },
+                                                                    "cyberint_guid":  {
+                                                                        "type":  "string"
+                                                                    },
+                                                                    "no_whitelist":  {
+                                                                        "type":  "string"
+                                                                    },
+                                                                    "notes":  {
+                                                                        "type":  "string"
+                                                                    },
+                                                                    "protocol":  {
+                                                                        "type":  "string"
+                                                                    },
+                                                                    "url_hash":  {
+                                                                        "type":  "string"
+                                                                    }
+                                                                },
+                                                                "type":  "object"
+                                                            },
+                                                            "hash":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "hash_type":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "host":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "id":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "imported":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "ip":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "profile":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "property":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "received":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "risk_score":  {
+                                                                "type":  "number"
+                                                            },
+                                                            "risk_score_rating":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "risk_score_vector":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "threat_level":  {
+                                                                "type":  "integer"
+                                                            },
+                                                            "threat_score":  {
+                                                                "type":  "number"
+                                                            },
+                                                            "threat_score_rating":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "threat_score_vector":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "tld":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "type":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "up":  {
+                                                            },
+                                                            "url":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "required":  [
+                                                            "id"
+                                                        ],
+                                                        "type":  "object"
+                                                    },
+                                                    "type":  "array"
+                                                }
+                                            },
+                                            "type":  "object"
+                                        }
+                                    }
+                                }
+                            },
+                            "runAfter":  {
+                                "Entities_-_Get_DNS":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Initialize_HTML":  {
+                            "runAfter":  {
+                            },
+                            "type":  "InitializeVariable",
+                            "inputs":  {
+                                "variables":  [
+                                    {
+                                        "name":  "html",
+                                        "type":  "string"
+                                    }
+                                ]
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                    "$connections":  {
+                        "value":  {
+                            "azuresentinel":  {
+                                "connectionId":  "[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                                "connectionName":  "[variables('MicrosoftSentinelConnectionName')]",
+                                "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azuresentinel')]",
+                                "connectionProperties":  {
+                                    "authentication":  {
+                                        "type":  "ManagedServiceIdentity"
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Incident-Enrichment-Domains",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+                "[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+            ]
+        },
+        {
+            "type":  "Microsoft.Web/connections",
+            "apiVersion":  "2016-06-01",
+            "name":  "[variables('MicrosoftSentinelConnectionName')]",
+            "location":  "[resourceGroup().location]",
+            "kind":  "V1",
+            "properties":  {
+                "displayName":  "[variables('MicrosoftSentinelConnectionName')]",
+                "customParameterValues":  {
+                },
+                "parameterValueType":  "Alternative",
+                "api":  {
+                    "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azuresentinel')]"
+                }
+            }
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Incident-Send-Email/azuredeploy.json b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Incident-Send-Email/azuredeploy.json
new file mode 100644
index 00000000000..c37598c5ece
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/Infoblox-Incident-Send-Email/azuredeploy.json	
@@ -0,0 +1,530 @@
+{
+    "$schema":  "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion":  "1.0.0.0",
+    "metadata":  {
+        "title":  "Infoblox Incident Send Email",
+        "description":  "Sends a detailed email when an incident occurs. Optionally enriches an applicable entity within the email with Infoblox TIDE data. This playbook can be configured to run automatically when an incident occurs (recommended) or run on demand.",
+        "prerequisites":  [
+            "Infoblox TIDE API key (optional)."
+        ],
+        "postDeployment":  [
+            "1. Grant playbook's Managed Identity **Microsoft Sentinel Responder** or greater to Resource Group.",
+            "2. Authorize connections."
+        ],
+        "prerequisitesDeployTemplateFile":  "",
+        "lastUpdateTime":  "2023-08-07T00:00:00.000Z",
+        "entities":  [ "DnsResolution"
+        ],
+        "tags":  [ "Enrichment", "Notification"
+        ],
+        "support":  {
+            "tier":  "community",
+            "armtemplate":  "Generated from https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator"
+        },
+        "author":  {
+            "name":  "Infoblox"
+        }
+    },
+    "parameters":  {
+        "PlaybookName":  {
+            "defaultValue":  "Infoblox-Incident-Send-Email",
+            "type":  "string"
+        },
+        "Email Recipient":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for Email Recipient"
+            }
+        },
+        "TIDE API Key":  {
+            "type":  "string",
+            "metadata":  {
+                "description":  "Enter value for TIDE API Key"
+            }
+        }
+    },
+    "variables":  {
+        "MicrosoftSentinelConnectionName":  "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+        "Office365ConnectionName":  "[concat('Office365-', parameters('PlaybookName'))]"
+    },
+    "resources":  [
+        {
+            "properties":  {
+                "provisioningState":  "Succeeded",
+                "state":  "Disabled",
+                "definition":  {
+                    "$schema":  "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                    "contentVersion":  "1.0.0.0",
+                    "parameters":  {
+                        "$connections":  {
+                            "defaultValue":  {
+                            },
+                            "type":  "Object"
+                        },
+                        "Email Recipient":  {
+                            "defaultValue":  "[parameters('Email Recipient')]",
+                            "type":  "string"
+                        },
+                        "TIDE API Key":  {
+                            "defaultValue":  "[parameters('TIDE API Key')]",
+                            "type":  "string"
+                        }
+                    },
+                    "triggers":  {
+                        "Microsoft_Sentinel_incident":  {
+                            "type":  "ApiConnectionWebhook",
+                            "inputs":  {
+                                "body":  {
+                                    "callback_url":  "@{listCallbackUrl()}"
+                                },
+                                "host":  {
+                                    "connection":  {
+                                        "name":  "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                },
+                                "path":  "/incident-creation"
+                            }
+                        }
+                    },
+                    "actions":  {
+                        "Create_HTML_table_with_Entities":  {
+                            "runAfter":  {
+                                "Select_Entities":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Table",
+                            "inputs":  {
+                                "format":  "HTML",
+                                "from":  "@body('Select_Entities')"
+                            }
+                        },
+                        "Entities_-_Get_DNS":  {
+                            "runAfter":  {
+                                "Set_Entities_HTML":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ApiConnection",
+                            "inputs":  {
+                                "body":  "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                                "host":  {
+                                    "connection":  {
+                                        "name":  "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                },
+                                "method":  "post",
+                                "path":  "/entities/dnsresolution"
+                            }
+                        },
+                        "For_each_DNS_Domain_Entity":  {
+                            "foreach":  "@body('Entities_-_Get_DNS')?['Dnsresolutions']",
+                            "actions":  {
+                                "For_each_Threat_IoC":  {
+                                    "foreach":  "@body('Parse_JSON')?['threat']",
+                                    "actions":  {
+                                        "Enrich_Email_with_TIDE_Data_if_it_exists":  {
+                                            "actions":  {
+                                            },
+                                            "runAfter":  {
+                                            },
+                                            "else":  {
+                                                "actions":  {
+                                                    "Append_HTML_Table_with_TIDE_Data":  {
+                                                        "runAfter":  {
+                                                        },
+                                                        "type":  "AppendToStringVariable",
+                                                        "inputs":  {
+                                                            "name":  "html_tide",
+                                                            "value":  "\u003cstyle\u003e\n@{variables('css')}\n\u003c/style\u003e\n\u003cdiv class=\"title\"\u003eIoC - @{items('For_each_DNS_Domain_Entity')?['DomainName']} - @{items('For_each_Threat_IoC')?['type']} - @{items('For_each_Threat_IoC')?['class']}\u003c/div\u003e\n\u003ctable class=\"table\"\u003e\u003ctbody\u003e \n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eID\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['id']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eType\u003c/td\u003e\n\u003ctd class=\"tvalue\" \u003e@{items('For_each_Threat_IoC')?['type']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eHost\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['host']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eDomain\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['domain']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eURL\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['url']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eIP\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['ip']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctd class=\"tkey\"\u003eEmail\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['email']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eHash\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['hash']}       @{items('For_each_Threat_IoC')?['hash_type']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eProfile\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['profile']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eProperty\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['property']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eThreat Level\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['threat_level']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eConfidence\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['confidence']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eDetected\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['detected']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eReceived\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['received']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eImported\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['imported']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eExpiration\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['expiration']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eDescription\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003e@{items('For_each_Threat_IoC')?['extended']?['notes']}\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd class=\"tkey\"\u003eOpen in CSP\u003c/td\u003e\n\u003ctd class=\"tvalue\"\u003ehttps://csp.infoblox.com/#/security_research/search/auto/@{items('For_each_Threat_IoC')?['host']}/summary\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e"
+                                                        }
+                                                    }
+                                                }
+                                            },
+                                            "expression":  {
+                                                "and":  [
+                                                    {
+                                                        "equals":  [
+                                                            "@body('Parse_JSON')?['record_count']",
+                                                            0
+                                                        ]
+                                                    }
+                                                ]
+                                            },
+                                            "type":  "If"
+                                        }
+                                    },
+                                    "runAfter":  {
+                                        "Parse_JSON":  [
+                                            "Succeeded"
+                                        ]
+                                    },
+                                    "type":  "Foreach"
+                                },
+                                "HTTP_-_Get_TIDE_Data_(Hosts)":  {
+                                    "runAfter":  {
+                                    },
+                                    "type":  "Http",
+                                    "inputs":  {
+                                        "headers":  {
+                                            "Authorization":  "Token @{parameters('TIDE API Key')}"
+                                        },
+                                        "method":  "GET",
+                                        "queries":  {
+                                            "host":  "@items('For_each_DNS_Domain_Entity')?['DomainName']",
+                                            "rlimit":  "1"
+                                        },
+                                        "uri":  "https://csp.infoblox.com/tide/api/data/threats"
+                                    }
+                                },
+                                "Parse_JSON":  {
+                                    "runAfter":  {
+                                        "HTTP_-_Get_TIDE_Data_(Hosts)":  [
+                                            "Succeeded"
+                                        ]
+                                    },
+                                    "type":  "ParseJson",
+                                    "inputs":  {
+                                        "content":  "@body('HTTP_-_Get_TIDE_Data_(Hosts)')",
+                                        "schema":  {
+                                            "properties":  {
+                                                "record_count":  {
+                                                    "type":  "integer"
+                                                },
+                                                "threat":  {
+                                                    "items":  {
+                                                        "properties":  {
+                                                            "batch_id":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "class":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "confidence":  {
+                                                                "type":  "integer"
+                                                            },
+                                                            "confidence_score":  {
+                                                                "type":  "number"
+                                                            },
+                                                            "confidence_score_rating":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "confidence_score_vector":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "detected":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "dga":  {
+                                                            },
+                                                            "domain":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "email":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "expiration":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "extended":  {
+                                                                "properties":  {
+                                                                    "ais_consent":  {
+                                                                        "type":  "string"
+                                                                    },
+                                                                    "cyberint_guid":  {
+                                                                        "type":  "string"
+                                                                    },
+                                                                    "no_whitelist":  {
+                                                                        "type":  "string"
+                                                                    },
+                                                                    "notes":  {
+                                                                        "type":  "string"
+                                                                    },
+                                                                    "protocol":  {
+                                                                        "type":  "string"
+                                                                    },
+                                                                    "url_hash":  {
+                                                                        "type":  "string"
+                                                                    }
+                                                                },
+                                                                "type":  "object"
+                                                            },
+                                                            "hash":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "hash_type":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "host":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "id":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "imported":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "ip":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "profile":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "property":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "received":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "risk_score":  {
+                                                                "type":  "number"
+                                                            },
+                                                            "risk_score_rating":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "risk_score_vector":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "threat_level":  {
+                                                                "type":  "integer"
+                                                            },
+                                                            "threat_score":  {
+                                                                "type":  "number"
+                                                            },
+                                                            "threat_score_rating":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "threat_score_vector":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "tld":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "type":  {
+                                                                "type":  "string"
+                                                            },
+                                                            "up":  {
+                                                            },
+                                                            "url":  {
+                                                                "type":  "string"
+                                                            }
+                                                        },
+                                                        "required":  [
+                                                            "id"
+                                                        ],
+                                                        "type":  "object"
+                                                    },
+                                                    "type":  "array"
+                                                }
+                                            },
+                                            "type":  "object"
+                                        }
+                                    }
+                                }
+                            },
+                            "runAfter":  {
+                                "Entities_-_Get_DNS":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Foreach"
+                        },
+                        "Initialize_CSS":  {
+                            "runAfter":  {
+                                "Initialize_Incident_HTML":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "InitializeVariable",
+                            "inputs":  {
+                                "variables":  [
+                                    {
+                                        "name":  "css",
+                                        "type":  "string",
+                                        "value":  ".title {\n    color: #1F2A47;\n    font-size: 2rem;\n    letter-spacing: .04em;\n    padding: 8px;\n    border-bottom: 1px solid #7B7B7B;\n    font-weight: bold;\n}\n\ntable  {\n    border-collapse: collapse;\n    border-spacing: 0;\n    padding: 0;\n    margin: 0 0 20px;\n}\n\n.tkey {\n    text-align: right;\n    border-right: 1px solid #7B7B7B;\n}\n.tvalue {\n    text-align: left;\n    border-top: 1px solid #eee !important;\n    padding-left: 10px;\n}\n.value {\n    font-size: 1.4rem;\n    font-weight: bold;\n}\n\n.tkey, .key{\n    color: #263137;\n    letter-spacing: .04em;\n    font-style: italic;\n    padding-right: 10px;\n}\n.tvalue, .value {\n    color: #1f4728 !important;\n    letter-spacing: .02rem;\n}\n\n"
+                                    }
+                                ]
+                            }
+                        },
+                        "Initialize_Entities_HTML":  {
+                            "runAfter":  {
+                                "Initialize_CSS":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "InitializeVariable",
+                            "inputs":  {
+                                "variables":  [
+                                    {
+                                        "name":  "html_entities",
+                                        "type":  "string"
+                                    }
+                                ]
+                            }
+                        },
+                        "Initialize_Incident_HTML":  {
+                            "runAfter":  {
+                                "Initialize_TIDE_HTML":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "InitializeVariable",
+                            "inputs":  {
+                                "variables":  [
+                                    {
+                                        "name":  "html_incident",
+                                        "type":  "string"
+                                    }
+                                ]
+                            }
+                        },
+                        "Initialize_TIDE_HTML":  {
+                            "runAfter":  {
+                            },
+                            "type":  "InitializeVariable",
+                            "inputs":  {
+                                "variables":  [
+                                    {
+                                        "name":  "html_tide",
+                                        "type":  "string"
+                                    }
+                                ]
+                            }
+                        },
+                        "Select_Entities":  {
+                            "runAfter":  {
+                                "Initialize_Entities_HTML":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "Select",
+                            "inputs":  {
+                                "from":  "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                                "select":  {
+                                    "Entity":  "@item()?['properties']?['friendlyName']",
+                                    "Type":  "@item()?['kind']"
+                                }
+                            }
+                        },
+                        "Send_an_email_with_Incident_details":  {
+                            "runAfter":  {
+                                "Set_Incident_HTML":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "ApiConnection",
+                            "inputs":  {
+                                "body":  {
+                                    "Body":  "\u003cp\u003e\u003cspan style=\"font-size: 14px\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 14px\"\u003e@{variables('html_incident')}\u003c/span\u003e\u003cspan style=\"font-size: 14px\"\u003e\u003cbr\u003e\n\u003c/span\u003e\u003cspan style=\"font-size: 14px\"\u003e@{variables('html_tide')}\u003c/span\u003e\u003cspan style=\"font-size: 14px\"\u003e\u003c/span\u003e\u003c/p\u003e",
+                                    "Importance":  "Normal",
+                                    "Subject":  "New Sentinel Incident - @{triggerBody()?['object']?['properties']?['title']}",
+                                    "To":  "@parameters('Email Recipient')"
+                                },
+                                "host":  {
+                                    "connection":  {
+                                        "name":  "@parameters('$connections')['office365_1']['connectionId']"
+                                    }
+                                },
+                                "method":  "post",
+                                "path":  "/v2/Mail"
+                            }
+                        },
+                        "Set_Entities_HTML":  {
+                            "runAfter":  {
+                                "Create_HTML_table_with_Entities":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "SetVariable",
+                            "inputs":  {
+                                "name":  "html_entities",
+                                "value":  "\u003cstyle\u003e\n@{variables('css')}\ntable, table td, table th {\n    text-align: left;\n    color: #1f4728 !important;\n    border-top: 1px solid #eee !important;\n    letter-spacing: .02rem;\n    padding-left: 10px;\n}\n\u003c/style\u003e\n@{body('Create_HTML_table_with_Entities')}\n"
+                            }
+                        },
+                        "Set_Incident_HTML":  {
+                            "runAfter":  {
+                                "For_each_DNS_Domain_Entity":  [
+                                    "Succeeded"
+                                ]
+                            },
+                            "type":  "SetVariable",
+                            "inputs":  {
+                                "name":  "html_incident",
+                                "value":  "\u003cstyle\u003e\n@{variables('css')}\np {\n    margin-bottom:  15px !important;\n}\n\u003c/style\u003e\n\u003cdiv class=\"title\"\u003e New incident created in Microsoft Sentinel \u003c/div\u003e\n\n\u003cp\u003e\u003cspan class=\"key\"\u003e Triggered - \u003c/span \u003e\u003cspan  class=\"value\"\u003e@{triggerBody()?['object']?['properties']?['title']} \u003c/span \u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cspan class=\"key\"\u003e Incident ID - \u003c/span\u003e\u003cspan class=\"value\"\u003e @{triggerBody()?['object']?['properties']?['incidentNumber']}\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cspan class=\"key\"\u003e Triggered on - \u003c/span \u003e\u003cspan class=\"value\"\u003e @{triggerBody()?['object']?['properties']?['createdTimeUtc']}\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cspan class=\"key\"\u003e Severity - \u003c/span \u003e\u003cspan class=\"value\"\u003e@{triggerBody()?['object']?['properties']?['severity']}\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cspan class=\"key\"\u003e Alert providers - \u003c/span \u003e\u003cspan class=\"value\"\u003e@{join(triggerBody()?['object']?['properties']?['additionalData']?['alertProductNames'], '\u003cbr /\u003e')}\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cspan class=\"key\"\u003e Tactics - \u003c/span \u003e\u003cspan class=\"value\"\u003e\n@{join(triggerBody()?['object']?['properties']?['additionalData']?['tactics'], '\u003cbr /\u003e')}\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cspan class=\"key\"\u003e Description - \u003c/span \u003e\u003cspan class=\"value\"\u003e\n@{triggerBody()?['object']?['properties']?['description']}\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cspan class=\"key\"\u003e Entities - \u003c/span \u003e\u003cspan class=\"value\"\u003e\n@{variables('html_entities')}\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cspan class=\"key\"\u003e Incident link - \u003c/span \u003e\u003cspan class=\"value\"\u003e\n\u003ca href=\"@{triggerBody()?['object']?['properties']?['incidentUrl']}\"\u003e@{triggerBody()?['object']?['properties']?['incidentUrl']}\u003c/a\u003e\u003c/span\u003e\u003c/p\u003e\n\n\u003cdiv class=\"title\"\u003e TIDE Data \u003c/div \u003e"
+                            }
+                        }
+                    },
+                    "outputs":  {
+                    }
+                },
+                "parameters":  {
+                    "$connections":  {
+                        "value":  {
+                            "azuresentinel":  {
+                                "connectionId":  "[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                                "connectionName":  "[variables('MicrosoftSentinelConnectionName')]",
+                                "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azuresentinel')]",
+                                "connectionProperties":  {
+                                    "authentication":  {
+                                        "type":  "ManagedServiceIdentity"
+                                    }
+                                }
+                            },
+                            "office365_1":  {
+                                "connectionId":  "[resourceId('Microsoft.Web/connections', variables('Office365ConnectionName'))]",
+                                "connectionName":  "[variables('Office365ConnectionName')]",
+                                "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Office365')]"
+                            }
+                        }
+                    }
+                }
+            },
+            "name":  "[parameters('PlaybookName')]",
+            "type":  "Microsoft.Logic/workflows",
+            "location":  "[resourceGroup().location]",
+            "tags":  {
+                "hidden-SentinelTemplateName":  "Infoblox-Incident-Send-Email",
+                "hidden-SentinelTemplateVersion":  "1.0"
+            },
+            "identity":  {
+                "type":  "SystemAssigned"
+            },
+            "apiVersion":  "2017-07-01",
+            "dependsOn":  [
+                "[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[resourceId('Microsoft.Web/connections', variables('Office365ConnectionName'))]"
+            ]
+        },
+        {
+            "type":  "Microsoft.Web/connections",
+            "apiVersion":  "2016-06-01",
+            "name":  "[variables('MicrosoftSentinelConnectionName')]",
+            "location":  "[resourceGroup().location]",
+            "kind":  "V1",
+            "properties":  {
+                "displayName":  "[variables('MicrosoftSentinelConnectionName')]",
+                "customParameterValues":  {
+                },
+                "parameterValueType":  "Alternative",
+                "api":  {
+                    "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Azuresentinel')]"
+                }
+            }
+        },
+        {
+            "type":  "Microsoft.Web/connections",
+            "apiVersion":  "2016-06-01",
+            "name":  "[variables('Office365ConnectionName')]",
+            "location":  "[resourceGroup().location]",
+            "kind":  "V1",
+            "properties":  {
+                "displayName":  "[variables('Office365ConnectionName')]",
+                "customParameterValues":  {
+                },
+                "api":  {
+                    "id":  "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/Office365')]"
+                }
+            }
+        }
+    ]
+}
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/images/email.jpg b/Solutions/Infoblox Cloud Data Connector/Playbooks/images/email.jpg
new file mode 100644
index 00000000000..c856805881e
Binary files /dev/null and b/Solutions/Infoblox Cloud Data Connector/Playbooks/images/email.jpg differ
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/images/incident.jpg b/Solutions/Infoblox Cloud Data Connector/Playbooks/images/incident.jpg
new file mode 100644
index 00000000000..1dca3634146
Binary files /dev/null and b/Solutions/Infoblox Cloud Data Connector/Playbooks/images/incident.jpg differ
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/images/infoblox.png b/Solutions/Infoblox Cloud Data Connector/Playbooks/images/infoblox.png
new file mode 100644
index 00000000000..de860ad91de
Binary files /dev/null and b/Solutions/Infoblox Cloud Data Connector/Playbooks/images/infoblox.png differ
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/images/tide.jpg b/Solutions/Infoblox Cloud Data Connector/Playbooks/images/tide.jpg
new file mode 100644
index 00000000000..01eb6fd9e39
Binary files /dev/null and b/Solutions/Infoblox Cloud Data Connector/Playbooks/images/tide.jpg differ
diff --git a/Solutions/Infoblox Cloud Data Connector/Playbooks/readme.md b/Solutions/Infoblox Cloud Data Connector/Playbooks/readme.md
new file mode 100644
index 00000000000..707ce93dc34
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/Playbooks/readme.md	
@@ -0,0 +1,141 @@
+# Infoblox Threat Intelligence Playbooks for Microsoft Sentinel
+[<img alt="Infoblox" src="images/infoblox.png"  />](https://www.infoblox.com/)
+
+These playbooks integrate Infoblox [Threat Intelligence Data Exchange (TIDE)](https://docs.infoblox.com/space/BloxOneThreatDefense/35898533) 
+data into Microsoft Sentinel.
+
+Use these playbooks to import data from TIDE and enrich incidents and emails.
+
+# Prerequisites
+1. Register an app with Azure Active Directory and apply appropriate permissions, and enable the Threat Intelligence data connector. 
+Find instructions [here](https://learn.microsoft.com/en-us/azure/sentinel/connect-threat-intelligence-tip). 
+
+2. Apply the **Microsoft Sentinel Contributor** or **Microsoft Sentinel Responder** role to the playbooks. 
+It is recommended to assign the role to the resource group that contains your Microsoft Sentinel workspace. 
+Find instructions [here](https://learn.microsoft.com/en-us/azure/sentinel/roles).
+
+3. Create and copy a TIDE API key into the playbook parameters. 
+Find instructions [here](https://docs.infoblox.com/space/BloxOneThreatDefense/230394187).
+
+# Installation
+There are multiple ways to install the playbooks.
+- Install the solution from the [Content Hub](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/dontDiscardJourney~/true/id/infoblox.infoblox-cdc-solution/resourceGroupId/%2Fsubscriptions%2Fbe1e61b7-8dbe-4986-a9c2-d85f65524d6e%2FresourceGroups%2Ftme-rg)
+(Recommended). This will not only install the playbook templates, but the other Sentinel templates as part of this solution as well.
+- Copy and paste the ```azuredeploy.json``` files to a blank playbook.
+- Click the **Deploy to Azure** buttons below for each desired playbook.
+
+# The Playbooks
+This solution installs several playbooks that fit different needs. 
+You may wish to mix and match, omit some or modify others.
+
+## Intelligence Import
+These playbooks import TIDE intelligence using the Infoblox TIDE API and send the indicators to Microsoft Sentinel via the Microsoft Security Graph API.
+The indicators are stored in the ```ThreatIntelligenceIndicator``` table and can be viewed from the **Threat intelligence** blade.
+
+Because there are millions of indicators provided by TIDE, and thousands of new ones detected per day,
+these playbooks are intended to give you a starting point for importing the indicators you want.
+
+
+You may wish to import everything, or you may only need a handful of threat classes from a single profile or provider.
+
+
+You can modify or create copies of these playbooks and tweak the action **Get TIDE Data** API call within the playbook to suit your needs. 
+Keep in mind due to [current limitations](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-limits-and-config?tabs=consumption%2Cazure-portal), there is a 105MB download limit per API call and a 120 second HTTP timeout. 
+This is why you may only need to import new emails on a weekly basis, whereas hosts should be imported more frequently with an ```rlimit``` parameter because there are so many more.
+
+![](images/tide.jpg)
+
+Use the following TIDE endpoints to see what is available for you to import. You can also view indicators in the [CSP](https://csp.infoblox.com/#/threat_intelligence/active-threat-indicators).
+
+***GET** available threat properties* - ```/tide/api/data/properties```
+
+***GET** available threat classes* - ```/tide/api/data/threat_classes```
+
+***GET** available profiles (data providers)* - ```/tide/api/entitlements/profiles```
+
+View the list of APIs [here](https://csp.infoblox.com/apidoc?url=https%3A%2F%2Fcsp.infoblox.com%2Fapidoc%2Fdocs%2FTIDEData).
+
+Find a quick technical intro and examples for how to query TIDE data [here](https://docs.infoblox.com/space/BloxOneThreatDefense/117014574/Query+Active+Threats).
+
+---
+### Import-AISCOMM-Weekly
+This playbook imports all indicators from the AISCOMM data provider on a scheduled weekly basis.
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-AISCOMM-Weekly%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-AISCOMM-Weekly%2Fazuredeploy.json)
+---
+### Import-Emails-Weekly
+This playbook imports newly detected emails on a scheduled weekly basis.
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Emails-Weekly%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Emails-Weekly%2Fazuredeploy.json)
+---
+### Import-Hashes-Weekly
+This playbook imports newly detected hashes on a scheduled weekly basis.
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Hashes-Weekly%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Hashes-Weekly%2Fazuredeploy.json)
+---
+### Import-Hosts-Daily-LookalikeDomains
+This playbook imports newly detected Lookalike domains on a scheduled daily basis.
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Hosts-Daily-LookalikeDomains%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Hosts-Daily-LookalikeDomains%2Fazuredeploy.json)
+---
+### Import-Hosts-Daily-MalwareC2DGA
+This playbook imports newly detected MalwareC2DGA domains on a scheduled daily basis.
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Hosts-Daily-MalwareC2DGA%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Hosts-Daily-MalwareC2DGA%2Fazuredeploy.json)
+---
+### Import-Hosts-Daily-Phishing
+This playbook imports newly detected Phishing domains on a scheduled daily basis.
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Hosts-Daily-Phishing%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Hosts-Daily-Phishing%2Fazuredeploy.json)
+---
+### Import-Hosts-Hourly
+This playbook imports all newly detected hosts on a scheduled hourly basis.
+
+This playbook will import thousands of IoCs per run, which can become costly for your organization.
+It will also create duplicates if concurrently enabled with the Import-Hosts-Daily playbooks, so use one or the other.
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Hosts-Hourly%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-Hosts-Hourly%2Fazuredeploy.json)
+---
+### Import-IPs-Hourly
+This playbook imports all newly detected IPs on a scheduled hourly basis.
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-IPs-Hourly%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-IPs-Hourly%2Fazuredeploy.json)
+---
+### Import-URLs-Daily
+This playbook imports all newly detected URLs on a scheduled hourly basis.
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-URLs-Daily%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Import-URLs-Daily%2Fazuredeploy.json)
+
+## Enrichment & Emails
+Enrich your incidents and emails with TIDE data.
+
+These playbooks can be configured to run automatically on Analytic Rules. Find instructions [here](https://learn.microsoft.com/en-us/azure/sentinel/detect-threats-custom#set-automated-responses-and-create-the-rule).
+
+You can also run them on demand when viewing incidents.
+
+---
+### Incident-Enrichment-Domains
+Enrich incidents containing a **DNS entity** with rich TIDE data. Will add a comment and tags to the incident.
+![](images/incident.jpg)
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Incident-Enrichment-Domains%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Incident-Enrichment-Domains%2Fazuredeploy.json)
+---
+
+### Incident-Send-Email
+Sends a detailed email about an incident. Enriches a **DNS entity** within the email with Infoblox TIDE data.
+
+![](images/email.jpg)
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Incident-Send-Email%2Fazuredeploy.json)
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FInfoblox%2520Cloud%2520Data%2520Connector%2FPlaybooks%2FInfoblox-Incident-Send-Email%2Fazuredeploy.json)
+
diff --git a/Solutions/Infoblox Cloud Data Connector/ReleaseNotes.md b/Solutions/Infoblox Cloud Data Connector/ReleaseNotes.md
new file mode 100644
index 00000000000..8b886d69cf5
--- /dev/null
+++ b/Solutions/Infoblox Cloud Data Connector/ReleaseNotes.md	
@@ -0,0 +1,14 @@
+| **Version**   | **Date Modified**              | **Change History**                          |
+|---------------|--------------------------------|---------------------------------------------|
+| 3.0.0         | Aug 2023                       | Bug fixes                                   
+|               |                                | Documentation updates                       
+|               |                                | Update Infoblox logo                        
+|               |                                | **Analytic Rules** Optimization updates. 5 new rules
+|               |                                | **Playbooks** 11 new playbooks
+| 2.0.1-2.0.10  | May 2022-June 2023             | Bug fixes
+|               |                                | Documentation updates
+| 1.0.0-1.1.0   | April 2021-Oct 2021            | Initial solution release |
+|               |                                | **Data Connector** New custom data connector for the Infoblox CDC
+|               |                                | **Analytic Rules** 3 new rules
+|               |                                | **Parser** 1 new parser
+|               |                                | **Workbook** 1 new workbook
diff --git a/Solutions/Infoblox Cloud Data Connector/SolutionMetadata.json b/Solutions/Infoblox Cloud Data Connector/SolutionMetadata.json
index bf5fc36aae1..7503659713e 100644
--- a/Solutions/Infoblox Cloud Data Connector/SolutionMetadata.json	
+++ b/Solutions/Infoblox Cloud Data Connector/SolutionMetadata.json	
@@ -2,14 +2,14 @@
 	"publisherId": "infoblox",
 	"offerId": "infoblox-cdc-solution",
 	"firstPublishDate": "2021-10-20",
-	"providers": ["InfoBlox"],
+	"providers": ["Infoblox"],
 	"categories": {
-		"domains" : ["Security - Threat Protection"],
+		"domains" : ["Networking", "Security - Threat Protection", "Security - Network", "Security - Threat Intelligence" ],
 		"verticals": []
 	},
 	"support": {
-	  "name": "InfoBlox",
+	  "name": "Infoblox",
 	  "tier": "Partner",
 	  "link": "https://support.infoblox.com/"
 	}
-}
\ No newline at end of file
+}