[{
    "@metadata":{
       "beat":"eventhubbeat",
       "type":"doc",
       "version":"6.6.0"
    },
    "@timestamp":"2020-03-21T23:02:15.936Z",
    "beat":{
       "hostname":"5bcf2c66b020",
       "name":"5bcf2c66b020",
       "version":"6.6.0"
    },
    "host":{
       "name":"5bcf2c66b020"
    },
    "response":{
       "category":"AdvancedHunting-DeviceNetworkEvents",
       "operationName":"Publish",
       "properties":{
          "ActionType":"ConnectionSuccess",
          "AppGuardContainerId":"",
          "DeviceId":"29a23bf01f9e05914733b6f98bc46cc80a6f3732",
          "DeviceName":"hpduolp-ziyosns.duobank.ca",
          "InitiatingProcessAccountDomain":"nt authority",
          "InitiatingProcessAccountName":"system",
          "InitiatingProcessAccountSid":"S-1-5-18",
          "InitiatingProcessCommandLine":"\"OfficeClickToRun.exe\" /service",
          "InitiatingProcessCreationTime":"2020-03-16T21:49:04.2123986Z",
          "InitiatingProcessFileName":"OfficeClickToRun.exe",
          "InitiatingProcessFolderPath":"c:\\windows\\system32\\ntoskrnl.exe",
          "InitiatingProcessId":6484,
          "InitiatingProcessIntegrityLevel":"System",
          "InitiatingProcessMD5":"551cdaa9b1d2ede4c7ccfca0f584e10f",
          "InitiatingProcessParentCreationTime":"2020-03-02T04:28:39.7099328Z",
          "InitiatingProcessParentFileName":"services.exe",
          "InitiatingProcessParentId":964,
          "InitiatingProcessSHA1":"7114fcd789ec6511ad6a79229da7576d055a6e92",
          "InitiatingProcessTokenElevation":"TokenElevationTypeDefault",
          "LocalIP":"10.10.10.1",
          "LocalPort":56711,
          "Protocol":"TcpV4",
          "RemoteIP":"35.107.2.7",
          "RemotePort":443,
          "RemoteUrl":"https://mrodevicemgr.officeapps.live.com",
          "ReportId":29341,
          "Timestamp":"2020-03-21T22:59:08.0993247Z"
       },
       "tenantId":"e18a2b80-e86a-44ec-8e1a-43b56778acb6",
       "time":"2020-03-21T23:00:59.6261862Z"
    }
 }]