Data Source: PingID

Logs authentication and multi-factor authentication (MFA) events managed by PingID, including user logins, device enrollments, and MFA challenges.

Property Value
Source XmlWinEventLog:Security
Sourcetype XmlWinEventLog
+ Fields

            1
            _time
          
            3
            actors{}.name
          
            5
            actors{}.type
          
            7
            date_hour
          
            9
            date_mday
          
            11
            date_minute
          
            13
            date_month
          
            15
            date_second
          
            17
            date_wday
          
            19
            date_year
          
            21
            date_zone
          
            23
            extracted_source
          
            25
            host
          
            27
            id
          
            29
            index
          
            31
            linecount
          
            33
            punct
          
            35
            recorded
          
            37
            resources{}.ipaddress
          
            39
            resources{}.websession
          
            41
            result.message
          
            43
            result.status
          
            45
            source
          
            47
            sourcetype
          
            49
            splunk_server
          
            51
            timeendpos
          
            53
            timestartpos
          
            55
            
          
...
not set
1{"source":"PINGID","id":"b2eb1fef-651b-11ee-b38b-0ac7a554ed19","recorded":"2023-10-05T14:10:53.538Z","actors":[{"type":"user","name":"victim_user"}],"resources":[{"ipaddress":"174.235.80.142","websession":"webs_ijkF-T_bAC_G3w2TfvdpAEQeC545KFlqVFOsolCXdjo"}],"result":{"status":"SUCCESS","message":"Device Paired SMS \"Mobile 1\""}}

Source: GitHub | Version: 2