{
    "authorization": {
        "action": "Microsoft.Compute/virtualMachines/runCommand/action",
        "scope": "/subscriptions/f31xxx/resourceGroups/domaincontrollersrg/providers/Microsoft.Compute/virtualMachines/ForestRootDomainController"
    },
    "caller": "d4e8639d-9bcf-48ee-823c-b1476143e058",
    "category": {
        "localizedValue": "Administrative",
        "value": "Administrative"
    },
    "channels": "Operation",
    "claims": {
        "aio": "k2RgYMjmrErZzHq09exS1X/Fy5OLAA==",
        "appid": "3b94813d-e015-4adf-8c84-aa22355a3849",
        "appidacr": "2",
        "aud": "https://management.azure.com",
        "exp": "1746951215",
        "http://schemas.microsoft.com/identity/claims/identityprovider": "https://sts.windows.net/619xxx/",
        "http://schemas.microsoft.com/identity/claims/objectidentifier": "d4e8639d-9bcf-48ee-823c-b1476143e058",
        "http://schemas.microsoft.com/identity/claims/tenantid": "619xxx",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "d4e8639d-9bcf-48ee-823c-b1476143e058",
        "iat": "1746864515",
        "idtyp": "app",
        "iss": "https://sts.windows.net/619xxx/",
        "nbf": "1746864515",
        "rh": "1.ABMAwu2XYcABJEuJGY-CfVxN-kZIf3kAutdPukPawfj2MBMTAAATAA.",
        "uti": "Xc4PoNAFK0qiV36t1nYrAA",
        "ver": "1.0",
        "xms_idrel": "7 24",
        "xms_mirid": "/subscriptions/f31xxx/resourcegroups/Tenable-FA-Connector-cf463d60-5aa0-4c57-8ae1-ba358845c847/providers/Microsoft.Automation/automationAccounts/Tenable-FA-Automation-Account-ojzffj3lqqgus",
        "xms_tcdt": "1408736258"
    },
    "correlationId": "400fcf1e-eeed-4908-970d-f30401f018eb",
    "description": "",
    "eventDataId": "cefd13d4-8ffb-4c2e-9976-54fa5784ace6",
    "eventName": {
        "localizedValue": "End request",
        "value": "EndRequest"
    },
    "eventTimestamp": "2025-05-10T08:14:00.205734Z",
    "httpRequest": {
        "clientIpAddress": "134.33.160.231",
        "clientRequestId": "b9c2115c-2d76-11f0-996f-eb2b81a52cf2",
        "method": "POST",
        "uri": "https://management.azure.com/subscriptions/f31xxx/resourceGroups/domaincontrollersrg/providers/Microsoft.Compute/virtualMachines/ForestRootDomainController/runCommand?api-version=2019-03-01"
    },
    "id": "/subscriptions/f31xxx/resourceGroups/domaincontrollersrg/providers/Microsoft.Compute/virtualMachines/ForestRootDomainController/events/cefd13d4-8ffb-4c2e-9976-54fa5784ace6/ticks/638824616402057340",
    "level": "Informational",
    "operationId": "400fcf1e-eeed-4908-970d-f30401f018eb",
    "operationName": {
        "localizedValue": "Run Command on Virtual Machine",
        "value": "Microsoft.Compute/virtualMachines/runCommand/action"
    },
    "properties": {
        "entity": "/subscriptions/f31xxx/resourceGroups/domaincontrollersrg/providers/Microsoft.Compute/virtualMachines/ForestRootDomainController",
        "eventCategory": "Administrative",
        "hierarchy": "619xxx/Root-MG/Sub1-MG/f31xxx",
        "message": "Microsoft.Compute/virtualMachines/runCommand/action",
        "serviceRequestId": null,
        "statusCode": "Accepted"
    },
    "resourceGroupName": "domaincontrollersrg",
    "resourceId": "/subscriptions/f31xxx/resourceGroups/domaincontrollersrg/providers/Microsoft.Compute/virtualMachines/ForestRootDomainController",
    "resourceProviderName": {
        "localizedValue": "Microsoft.Compute",
        "value": "Microsoft.Compute"
    },
    "resourceType": {
        "localizedValue": "Microsoft.Compute/virtualMachines",
        "value": "Microsoft.Compute/virtualMachines"
    },
    "status": {
        "localizedValue": "Accepted",
        "value": "Accepted"
    },
    "subStatus": {
        "localizedValue": "Accepted (HTTP Status Code: 202)",
        "value": "Accepted"
    },
    "submissionTimestamp": "2025-05-10T08:16:11Z",
    "subscriptionId": "f31xxx",
    "tenantId": "619xxx"
}
{
    "authorization": {
        "action": "Microsoft.Compute/virtualMachines/runCommand/action",
        "scope": "/subscriptions/f31xxx/resourceGroups/domaincontrollersrg/providers/Microsoft.Compute/virtualMachines/ForestRootDomainController"
    },
    "caller": "d4e8639d-9bcf-48ee-823c-b1476143e058",
    "category": {
        "localizedValue": "Administrative",
        "value": "Administrative"
    },
    "channels": "Operation",
    "claims": {
        "aio": "k2RgYMjmrErZzHq09exS1X/Fy5OLAA==",
        "appid": "3b94813d-e015-4adf-8c84-aa22355a3849",
        "appidacr": "2",
        "aud": "https://management.azure.com",
        "exp": "1746951215",
        "http://schemas.microsoft.com/identity/claims/identityprovider": "https://sts.windows.net/619xxx/",
        "http://schemas.microsoft.com/identity/claims/objectidentifier": "d4e8639d-9bcf-48ee-823c-b1476143e058",
        "http://schemas.microsoft.com/identity/claims/tenantid": "619xxx",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "d4e8639d-9bcf-48ee-823c-b1476143e058",
        "iat": "1746864515",
        "idtyp": "app",
        "iss": "https://sts.windows.net/619xxx/",
        "nbf": "1746864515",
        "rh": "1.ABMAwu2XYcABJEuJGY-CfVxN-kZIf3kAutdPukPawfj2MBMTAAATAA.",
        "uti": "Xc4PoNAFK0qiV36t1nYrAA",
        "ver": "1.0",
        "xms_idrel": "7 24",
        "xms_mirid": "/subscriptions/f31xxx/resourcegroups/Tenable-FA-Connector-cf463d60-5aa0-4c57-8ae1-ba358845c847/providers/Microsoft.Automation/automationAccounts/Tenable-FA-Automation-Account-ojzffj3lqqgus",
        "xms_tcdt": "1408736258"
    },
    "correlationId": "400fcf1e-eeed-4908-970d-f30401f018eb",
    "description": "",
    "eventDataId": "cefd13d4-8ffb-4c2e-9976-54fa5784ace6",
    "eventName": {
        "localizedValue": "End request",
        "value": "EndRequest"
    },
    "eventTimestamp": "2025-05-10T08:14:00.205734Z",
    "httpRequest": {
        "clientIpAddress": "134.33.160.231",
        "clientRequestId": "b9c2115c-2d76-11f0-996f-eb2b81a52cf2",
        "method": "POST",
        "uri": "https://management.azure.com/subscriptions/f31xxx/resourceGroups/domaincontrollersrg/providers/Microsoft.Compute/virtualMachines/ForestRootDomainController/runCommand?api-version=2019-03-01"
    },
    "id": "/subscriptions/f31xxx/resourceGroups/domaincontrollersrg/providers/Microsoft.Compute/virtualMachines/ForestRootDomainController/events/cefd13d4-8ffb-4c2e-9976-54fa5784ace6/ticks/638824616402057340",
    "level": "Informational",
    "operationId": "400fcf1e-eeed-4908-970d-f30401f018eb",
    "operationName": {
        "localizedValue": "Run Command on Virtual Machine",
        "value": "Microsoft.Compute/virtualMachines/runCommand/action"
    },
    "properties": {
        "entity": "/subscriptions/f31xxx/resourceGroups/domaincontrollersrg/providers/Microsoft.Compute/virtualMachines/ForestRootDomainController",
        "eventCategory": "Administrative",
        "hierarchy": "619xxx/Root-MG/Sub1-MG/f31xxx",
        "message": "Microsoft.Compute/virtualMachines/runCommand/action",
        "serviceRequestId": null,
        "statusCode": "Accepted"
    },
    "resourceGroupName": "domaincontrollersrg",
    "resourceId": "/subscriptions/f31xxx/resourceGroups/domaincontrollersrg/providers/Microsoft.Compute/virtualMachines/ForestRootDomainController",
    "resourceProviderName": {
        "localizedValue": "Microsoft.Compute",
        "value": "Microsoft.Compute"
    },
    "resourceType": {
        "localizedValue": "Microsoft.Compute/virtualMachines",
        "value": "Microsoft.Compute/virtualMachines"
    },
    "status": {
        "localizedValue": "Accepted",
        "value": "Accepted"
    },
    "subStatus": {
        "localizedValue": "Accepted (HTTP Status Code: 202)",
        "value": "Accepted"
    },
    "submissionTimestamp": "2025-05-10T08:16:03Z",
    "subscriptionId": "f31xxx",
    "tenantId": "619xxx"
}