﻿CommonSecurityLog
| where DeviceVendor == "Votiro" and DeviceProduct == "Votiro cloud"
| parse-kv AdditionalExtensions as (companyName: string, correlationId:guid, itemId: guid, fileName: string, fileSize: int, passwordProtected: bool, AVResult: string, threatCount: int, blockedCount: int, fileModification: string, sanitizationResult: string, sanitizationTime: int, connectorType: string, connectorName: string, connectorId: dynamic, policyName: string, exceptionId: dynamic, incidentURL: dynamic, messageId: dynamic, subject: string, from: string, recipients: string, fileHash: string ) with (pair_delimiter=";", kv_delimiter="=")
| project-rename
    SrcFileSHA256=fileHash, SrcFileName=fileName
| project-away AdditionalExtensions