Event Sequence Example

Here’s an example of an event sequence containing a single APPLICATION threat detection event, followed by a device state change event:

{
  "count": 2,
  "streamPosition": "1583",
  "moreEvents": true,
  "requestId": "497a5de3-1a85-4a7c-9ac3-e81098e4fd82",
  "links": [
    {
      "href": "/events",
      "rel": "events"
    },
    {
      "href": "/events?streamPosition=1583",
      "rel": "next"
    }
  ],
  "events": [
    {
      "type": "THREAT",
      "id": "1581",
      "eventTime": "2017-01-03T20:59:41.000Z",
      "details": {
        "type": "APPLICATION",
        "id": "7d848fca-3beb-4616-a144-d23e5fa308c4",
        "action": "DETECTED",
        "severity": "HIGH",
        "classifications": [
          "ADWARE"
        ],
        "description": "!description!",
        "assessments": [
          classification: "ADWARE",
          id: "7d848fca-3beb-4616-a144-d23e5fa308c4",
          severity: "HIGH",
        ],
        "applicationName": "!application name!",
        "packageName": "!package name!",
        "packageSha": "!package SHA!",
        "path": "!path!",
        "fileName": "!file_name!"  
      },      
      "target": {
        "type": "DEVICE",
        "id": "5a67ee40-eef2-4338-bc4d-e1b10059e8e8",
        "externalId": "5f4e5e66-8db9-45cd-88a4-d5a97a5b955a",
        "emailAddress": "threat_victim@example.com",
        "platform": "IOS"
        "mdmConnectorId" : "123456"
        "customerDeviceId" : "arbitrary_customer_id_value",
        "parentDeviceId" : "8392dd45-df33-2122-1d15-7882dcc14427",
       },      
    },
    {
"type": "DEVICE",
"id": "1583",
      "eventTime": "2017-07-24T12:35:37.000Z",
      "details": {
        "type": "DEVICE_STATUS",
  "activationStatus": "ACTIVATED",
        "securityStatus": "SECURE",
  "protectionStatus": "PROTECTED"
      },
"updatedDetails": [
        "securityprotectionStatus"
      ],
      "target": {      
        "type": "DEVICE",
        "id": "44444444-4444-4444-4444-444444444444",
        "externalId": "fd0b3692-8d5f-445b-a907-6388be740e43",
        "emailAddress": "threat_victim_device_RESOLVED@example.com",
  "platform": "IOS"
  "mdmConnectorId" : "123456"
        "customerDeviceId" : "arbitrary_customer_id_value",
  "parentDeviceId" : "abcb3611-ffda-ab21-1234-8593be740dd3",
      },
    }
  ]
}

Here’s a more real-life APPLICATION threat:

{
  "type": "THREAT",
  "id": "2068475",
  "eventTime": "2017-10-27T14:12:47.000Z",
  "details": {
    "type": "APPLICATION"
    "id": "1dcf4de7-14a3-4a21-ba15-2dab6543220e",
    "action": "RESOLVED",
    "description": "!description!",
    "severity": "LOW",
    "classifications": [
      "SIDELOADED_APP"
    ],
    "assessments": [
      classification: "SIDELOADED_APP",
      id: "1dcf4de7-14a3-4a21-ba15-2dab6543220e",
      severity: "LOW",
    ],
    "applicationName": "Pixie",
    "packageName": "com.pixieTechnology.Pixie",
    "path": "/private/var/containers/Bundle/Application/36800DB5-AB3B-4832-BA53-48CBF8C1F2F6/Pixie.app",
    "fileName": "Pixie.app",
  },
  "target": {
    "platform": "IOS",
    "externalId": "30567",
    "id": "fbb6961b-7fc7-4fca-a90a-ab512347c640",
    "type": "DEVICE"
    "mdmConnectorId" : "123456"
    "customerDeviceId" : "arbitrary_customer_id_value",
    "parentDeviceId" : "abcb3611-ffda-ab21-1234-8593be740dd3",
  }
}

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Event Sequence Example

lookout-footer