Esempi di attività CEF

Copia 
Oct 10 20:14:15 WIN-R1OR1V5M79O siem_log_forwarder[8088]: CEF:0|Acronis|DemoCustomer2|1.0|agent.add|agent.add|1|cs1={"IsProcessRoot":true,"Persistent":{"ID":"c8d66ac4-0d5b-4ecb-b1b0-c3649df91231","Name":"WIN-R1OR1V5M79O","OwnerID":"67"},"Specific":"Business","UserName":"WIN-R1OR1V5M79O\\\\AMS User","isLegacy":true,"title":"Adding agent 'WIN-R1OR1V5M79O' to the management server"} cs1Label=taskcontext cs2={"code":"ok"} cs2Label=taskresult cs3={"uuid":"ee54f502-4a06-498c-8b00-22824ba40231","type":"A59E8BF2-39C3-42C4-B667-CB672381A214","queue":"legacySync","priority":"normal","tenant":{"id":"67","uuid":"ba959847-ca47-4a48-90a5-cb42789d5b34","name":"Demo Customer2 (DemoCustomer2)","locator":"/1/66/67/"},"cancellable":true,"startedByUser":"WIN-R1OR1V5M79O\\\\AMS User","id":1634697080134496256,"idString":"1634697080134496256","state":"completed","issuer":{"id":"","clusterId":""},"enqueuedAt":"2025-10-10T17:01:32.022739593Z","startedAt":"2025-10-10T17:01:32.022739593Z","updatedAt":"2025-10-10T17:01:32.031865547Z","completedAt":"2025-10-10T17:01:32.022739593Z","cancelRequested":false} cs3Label=taskdetails dvchost= suser=WIN-R1OR1V5M79O\\AMS User deviceExternalId= Oct 10 20:14:15 WIN-R1OR1V5M79O siem_log_forwarder[8088]: CEF:0|Acronis|DemoCustomer2|1.0|AddFeatures|AddFeatures|1|cs1={"_runtime":{},"argument":{"add_components":["agentForAmp"],"remove_components":[],"AMSPort":0}} cs1Label=activitycontext cs2={"code":"ok"} cs2Label=activityresult cs3={"uuid":"515980ce-3e51-4cc9-846d-dd8d8fbd1918","type":"AddFeatures","taskId":1634696473042546688,"progress":{"current":100,"total":100},"resource":{"id":"3B9187D6-0853-45FF-AAB0-0C68CD643068","type":"machine","name":"WIN-R1OR1V5M79O"},"state":"completed","id":1634696841088528384,"idString":"1634696841088528384","taskIdString":"1634696473042546688","createdAt":"2025-10-10T17:00:32.272567181Z","startedAt":"2025-10-10T17:00:32.272567181Z","updatedAt":"2025-10-10T17:01:36.542446095Z","completedAt":"2025-10-10T17:01:36.542446095Z","tenant":{"id":"67","uuid":"ba959847-ca47-4a48-90a5-cb42789d5b34","name":"Demo Customer2 (DemoCustomer2)","locator":"/1/66/67/"},"executor":{"id":"c8d66ac4-0d5b-4ecb-b1b0-c3649df91231","clusterId":""}} cs3Label=activitydetails dvchost=WIN-R1OR1V5M79O suser= deviceExternalId=3B9187D6-0853-45FF-AAB0-0C68CD643068 Oct 10 20:14:15 WIN-R1OR1V5M79O siem_log_forwarder[8088]: CEF:0|Acronis|DemoCustomer2|1.0|policy.revoke|policy.revoke|1|cs1={"IsProcessRoot":true,"Persistent":{"PlanID":"8cc61f3c-46b0-40a6-9d60-7d72f68555db","PlanName":"XDR plan"},"PlanName":"XDR plan","Specific":"Business","isLegacy":true,"title":"Revoking plan 'XDR plan' with ID '8cc61f3c-46b0-40a6-9d60-7d72f68555db' from the resource with ID '3b9187d6-0853-45ff-aab0-0c68cd643068'"} cs1Label=activitycontext cs2={"code":"ok"} cs2Label=activityresult cs3={"uuid":"7092f0e8-7945-4774-8453-a28b66534d73","type":"44328016-20D7-4799-A357-CF152C904ED0","taskId":1634699005819154432,"resource":{"id":"3b9187d6-0853-45ff-aab0-0c68cd643068","type":"machine","name":"WIN-R1OR1V5M79O"},"state":"completed","id":1634699005819154432,"idString":"1634699005819154432","taskIdString":"1634699005819154432","policy":{"id":"8cc61f3c-46b0-40a6-9d60-7d72f68555db","type":"policy.protection.total","name":"XDR plan"},"startedByUser":"DemoCustomer2","createdAt":"2025-10-10T17:09:33.40794126Z","startedAt":"2025-10-10T17:09:33.40794126Z","updatedAt":"2025-10-10T17:09:33.453071958Z","completedAt":"2025-10-10T17:09:33.40794126Z","tenant":{"id":"66","uuid":"07f6adf7-4665-4340-865d-c4a4c66f4dcd","name":"DemoCustomer2","locator":"/1/66/"},"executor":{"id":"","clusterId":""}} cs3Label=activitydetails dvchost=WIN-R1OR1V5M79O suser=DemoCustomer2 deviceExternalId=3b9187d6-0853-45ff-aab0-0c68cd643068 Oct 10 20:14:15 WIN-R1OR1V5M79O siem_log_forwarder[8088]: CEF:0|Acronis|DemoCustomer2|1.0|policy.revoke|policy.revoke|1|cs1={"IsProcessRoot":true,"Persistent":{"PlanID":"8cc61f3c-46b0-40a6-9d60-7d72f68555db","PlanName":"XDR plan"},"PlanName":"XDR plan","Specific":"Business","isLegacy":true,"title":"Revoking plan 'XDR plan' with ID '8cc61f3c-46b0-40a6-9d60-7d72f68555db' from the resource with ID '3b9187d6-0853-45ff-aab0-0c68cd643068'"} cs1Label=taskcontext cs2={"code":"ok"} cs2Label=taskresult cs3={"uuid":"7092f0e8-7945-4774-8453-a28b66534d73","type":"44328016-20D7-4799-A357-CF152C904ED0","queue":"legacySync","priority":"normal","tenant":{"id":"66","uuid":"07f6adf7-4665-4340-865d-c4a4c66f4dcd","name":"DemoCustomer2","locator":"/1/66/"},"cancellable":true,"startedByUser":"DemoCustomer2","policy":{"id":"8cc61f3c-46b0-40a6-9d60-7d72f68555db","type":"policy.protection.total","name":"XDR plan"},"resource":{"id":"3b9187d6-0853-45ff-aab0-0c68cd643068","type":"machine","name":"WIN-R1OR1V5M79O"},"id":1634699005819154432,"idString":"1634699005819154432","state":"completed","issuer":{"id":"","clusterId":""},"enqueuedAt":"2025-10-10T17:09:33.40794126Z","startedAt":"2025-10-10T17:09:33.40794126Z","updatedAt":"2025-10-10T17:09:33.453071958Z","completedAt":"2025-10-10T17:09:33.40794126Z","cancelRequested":false} cs3Label=taskdetails dvchost=WIN-R1OR1V5M79O suser=DemoCustomer2 deviceExternalId=3b9187d6-0853-45ff-aab0-0c68cd643068 Oct 10 20:14:15 WIN-R1OR1V5M79O siem_log_forwarder[8088]: CEF:0|Acronis|DemoCustomer2|1.0|AutoUpdateStandby|AutoUpdateStandby|1|cs1={"argument":{"add_components":[],"remove_components":["agentForAmp"],"AMSPort":0}} cs1Label=activitycontext cs2={"code":"ok"} cs2Label=activityresult cs3={"uuid":"5622f2e5-880e-4fae-98c4-4260373ffbd3","type":"AutoUpdateStandby","taskId":1634699287147900928,"progress":{"current":100,"total":100},"resource":{"id":"3B9187D6-0853-45FF-AAB0-0C68CD643068","type":"machine","name":"WIN-R1OR1V5M79O"},"state":"completed","id":1634699287684771840,"idString":"1634699287684771840","taskIdString":"1634699287147900928","createdAt":"2025-10-10T17:10:43.921111256Z","startedAt":"2025-10-10T17:10:43.921111256Z","updatedAt":"2025-10-10T17:10:44.319913633Z","completedAt":"2025-10-10T17:10:44.319913633Z","tenant":{"id":"67","uuid":"ba959847-ca47-4a48-90a5-cb42789d5b34","name":"Demo Customer2 (DemoCustomer2)","locator":"/1/66/67/"},"executor":{"id":"c8d66ac4-0d5b-4ecb-b1b0-c3649df91231","clusterId":""}} cs3Label=activitydetails dvchost=WIN-R1OR1V5M79O suser= deviceExternalId=3B9187D6-0853-45FF-AAB0-0C68CD643068