Esempi di avviso CEF

Oct 15 14:45:01 WIN-R1OR1V5M79O siem_log_forwarder[8608]: CEF:0|Acronis|DemoCustomer|1.0|BackupStatusUnknown|BackupStatusUnknown|5|cs1={"agentId":"c8d66ac4-0d5b-4ecb-b1b0-c3649df91231","backupLocations":[{"type":"cloud"}],"backupSourcesType":"files","errorMessage":{"kbLink":{"serCode":"BackupStatusUnknown"}},"planId":"a92799fc-f657-4a10-b6ed-16975c4d0ef0","planName":"Protect Win","resourceId":"3b9187d6-0853-45ff-aab0-0c68cd643068","resourceName":"WIN-R1OR1V5M79O"} cs1Label=alertdetails deviceExternalId=3b9187d6-0853-45ff-aab0-0c68cd643068 dvchost=WIN-R1OR1V5M79O Oct 15 14:42:46 WIN-R1OR1V5M79O siem_log_forwarder[8608]: CEF:0|Acronis|DemoCustomer|1.0|BackupFailed|BackupFailed|10|cs1={"activity":{"id":"FE0B2835-3C9D-4D5A-9D02-FD0CBE5042B8","type":"8F01AC13-F59E-4851-9204-DE1FD77E36B4"},"activityId":"FE0B2835-3C9D-4D5A-9D02-FD0CBE5042B8","backupLocations":[{"name":"","type":"cloud"}],"backupSourcesType":"machines","error":{"code":20250646,"fields":{"$module":"service_process_vsa64_41100","AgentName":"WIN-R1OR1V5M79O","CommandID":"8F01AC13-F59E-4851-9204-DE1FD77E36B4"},"src":{"file":"c:\\\\b\\\\1223\\\\enterprise\\\\common\\\\tol\\\\command\\\\command.cpp","func":"Tol::`anonymous-namespace'::MakeFailResultWithName","line":503,"tag":"0x8d165e86fb8195c5"},"suberror":{"code":20250646,"fields":{"$module":"gtob_backup_command_addon_vsa64_41100","AgentName":"WIN-R1OR1V5M79O","CommandID":"8F01AC13-F59E-4851-9204-DE1FD77E36B4"},"src":{"file":"c:\\\\b\\\\1223\\\\enterprise\\\\common\\\\tol\\\\command\\\\command.cpp","func":"Tol::`anonymous-namespace'::MakeFailResultWithName","line":503,"tag":"0x8d165e86fb8195c5"},"suberror":{"code":10551508,"fields":{"$module":"disk_bundle_vsa64_41100","IsReturnCode":1},"src":{"file":"c:\\\\b\\\\1223\\\\enterprise\\\\mms\\\\managers\\\\archive\\\\impl\\\\private_manager.cpp","func":"ArchiveManagement::PrivateArchiveManager::FindArchive","line":958,"tag":"0xb320396adfe3e63"},"suberror":{"code":19333376,"fields":{"$module":"disk_bundle_vsa64_41100","Domain":"STORAGE_MANAGER","Reason":"CANotFoundErr"},"src":{"file":"c:\\\\b\\\\1223\\\\enterprise\\\\backup\\\\online\\\\storage_manager_client\\\\impl\\\\storage_manager_client.cpp","func":"`anonymous-namespace'::StorageManagerImpl::GetErrorDetails","line":130,"tag":"0xb9f2653089b4a641"},"suberror":{"code":38207501,"fields":{"$module":"disk_bundle_vsa64_41100","status":404,"uri":"https://eu-cloud.acronis.com:80/api/infra_manager/v2/backup_storage"},"src":{"file":"c:\\\\b\\\\1223\\\\enterprise\\\\backup\\\\online\\\\storage_manager_client\\\\impl\\\\storage_manager_client.cpp","func":"`anonymous-namespace'::StorageManagerImpl::ParseTransportResult","line":139,"tag":"0xb9f2653089b4a64a"},"suberror":{},"text":"HTTP request failure for URL \\"https://eu-cloud.acronis.com:80/api/infra_manager/v2/backup_storage\\".\\n Server response code: \\"404 - Not Found: The requested resource could not be found\\".\\n Server response message: {\\"domain\\":\\"STORAGE_MANAGER\\",\\"code\\":\\"404\\",\\"reason\\":\\"CANotFoundErr\\",\\"debug\\":{\\"msg\\":\\"authority id 26bc3588-4278-40bb-b980-0285c6ce519e not found in CA table\\"},\\"message\\":\\"authority id 26bc3588-4278-40bb-b980-0285c6ce519e not found in CA table\\"}","types":{"$module":"A","status":"N","uri":"A"}},"text":"Storage Manager client error","types":{"$module":"A","Domain":"A","Reason":"A"}},"text":"Failed to find archive 'WIN-R1OR1V5M79O-1A57176B-90DE-494B-BB59-9325C447E513-3B9187D6-0853-45FF-AAB0-0C68CD643068A'.","types":{"$module":"A","IsReturnCode":"N"}},"text":"TOL: Failed to execute the command. Backing up","types":{"$module":"A","AgentName":"W","CommandID":"A"}},"text":"TOL: Failed to execute the command. Backing up","types":{"$module":"A","AgentName":"W","CommandID":"A"}},"errorMessage":{"code":"MemoFailedToDiscoverFesUri","context":{"Domain":"STORAGE_MANAGER","cause_str":"HTTP request failure for URL \\"https://eu-cloud.acronis.com:80/api/infra_manager/v2/backup_storage\\".\\n Server response code: \\"404 - Not Found: The requested resource could not be found\\".\\n Server response message: {\\"domain\\":\\"STORAGE_MANAGER\\",\\"code\\":\\"404\\",\\"reason\\":\\"CANotFoundErr\\",\\"debug\\":{\\"msg\\":\\"authority id 26bc3588-4278-40bb-b980-0285c6ce519e not found in CA table\\"},\\"message\\":\\"authority id 26bc3588-4278-40bb-b980-0285c6ce519e not found in CA table\\"}","effect_str":"TOL: Failed to execute the command. Backing up"},"domain":"cloud_platform","kbLink":{"build":20706,"lineTag":"0xB9F2653089B4A64A","os":"Windows","product":"cloud","serCode":"BackupFailed+0x01350016+0x01350016+0x00A100D4+0x01270100+0x0247000D","version":"15.0"},"reason":"MemoFailedToDiscoverFesUri","serCode":"0x01350016+0x01350016+0x00A100D4+0x01270100+0x0247000D"},"finishTime":1760520707,"planId":"1A57176B-90DE-494B-BB59-9325C447E513","planName":"Protect Win","resourceId":"3B9187D6-0853-45FF-AAB0-0C68CD643068","resourceName":"WIN-R1OR1V5M79O","startTime":1760520707} cs1Label=alertdetails deviceExternalId=3B9187D6-0853-45FF-AAB0-0C68CD643068 dvchost=WIN-R1OR1V5M79O Oct 24 15:15:00 syslog siem_log_forwarder[2622955]: CEF:0|Acronis|DemoCustomer2|1.0|BackupCanceled|BackupCanceled|5|cs1={"activity":{"id":"4084E850-0F4A-448A-AF1A-D7B5A49567D2"},"activityId":"4084E850-0F4A-448A-AF1A-D7B5A49567D2","backupLocations":[{"name":"","type":"cloud"}],"backupSourcesType":"machines","finishTime":1761318832,"planId":"A0210313-39A8-469F-AC1D-D68B88923322","planName":"Linux","resourceId":"9386E27C-A64C-4E24-A2BC-391A0DC8F9DE","resourceName":"syslog","startTime":1761318829} cs1Label=alertdetails deviceExternalId=9386E27C-A64C-4E24-A2BC-391A0DC8F9DE dvchost=syslog Oct 24 09:00:03 DESKTOP-VBTMUIG siem_log_forwarder[776]: CEF:0|Acronis|DemoCustomer3|1.0|EDRIncidentDetected|EDRIncidentDetected|10|cs1={"changeId":"2","customerIncidentId":"2","customerName":"CustomerA","detectionTime":"2025-10-24T15:49:25.717247Z","edrAlertId":"c60abcd5-ffd5-4bdb-8c2c-23aa275ae0b5","incidentCategories":"MALWARE_DETECTED","incidentId":"a999c62b-9b1e-4d3a-85d9-d54743107b22","incidentTrigger":"New Text Document.txt","isMalicious":"true","isMitigated":"false","mitigationState":"NOT_MITIGATED","osType":"WINDOWS","redirectLink":"https://eu-cloud.acronis.com/ui/#/endpoint-detection/customer/101/incidents/a999c62b-9b1e-4d3a-85d9-d54743107b22/investigation","resourceId":"292ab054-61b9-41ec-9416-1f1b679a67a5","resourceName":"DESKTOP-VBTMUIG","verdict":"Malicious threat"} cs1Label=alertdetails deviceExternalId=292ab054-61b9-41ec-9416-1f1b679a67a5 dvchost=DESKTOP-VBTMUIG