2019:08:15-10:54:57 xan-utm httpd[2895]: [security2:error] [pid 2895:tid 3917667184] [client 94.192.179.216:53612] [client 94.192.179.216] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "xanexchange.xanalys.com"] [uri "/owa/ev.owa2"] [unique_id "XVUr8cCoeAEAAAtPcE4AAAAZ"]
2019:08:15-10:54:57 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="608" user="-" host="94.192.179.216" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipThreatsFilter" time="60237834" url="/owa/ev.owa2" server="xanexchange.xanalys.com" port="443" query="?ns=PendingRequest&ev=PendingNotificationRequest&UA=0&cid=7cee79e9-72fe-454f-8f0e-f8893fe8a79a&brwnm=chrome&X-OWA-CANARY=y2bw_zAfJEueuLt7e_LstRBqxH1mIdcI7HTvas2Gq3XVT05ul0ieBfJh4gNWTC9uqPcZT2ILqL8.&n=lr" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrMxcrI; ClientId=895AF1C0B11B4B2F896122DC1E967837; UC=79261316ef1f4ee182f25f0dc619b989; X-OWA-JS-PSD=1; AppcacheVer=15.2.221.17:en-gbbase; X-OWA-CANARY=y2bw_zAfJEueuLt7e_LstRBqxH1mIdcI7HTvas2Gq3XVT05ul0ieBfJh4gNWTC9uqPcZT2ILqL8." set-cookie="X-OWA-CANARY=UaTZwpHI9EeVqlPau069ooABz31mIdcIMl2fUbQaaoUB0Of-kiMbDcUs6RwghKjQkW9eiw6pRyk.; path=/; secure, X-BackEnd
2019:08:15-10:54:57 xan-utm httpd: Cookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrMxcrI; expires=Sat, 14-Sep-2019 09:53:57 GMT; path=/owa; secure; HttpOnly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUrtcCoeAEAAAtPcEkAAAAY"
2019:08:15-10:54:57 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="87" user="-" host="94.192.179.216" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipAntiVirus, SkipURLHardening, SkipThreatsFilter" time="44283" url="/owa/ev.owa2" server="xanexchange.xanalys.com" port="443" query="?ns=PendingRequest&ev=FinishNotificationRequest&UA=0&cid=7cee79e9-72fe-454f-8f0e-f8893fe8a79a" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrMxcrI; ClientId=895AF1C0B11B4B2F896122DC1E967837; UC=79261316ef1f4ee182f25f0dc619b989; X-OWA-JS-PSD=1; AppcacheVer=15.2.221.17:en-gbbase; X-OWA-CANARY=Q3EGUTeYtkmwHX3VqIjhqND13X1mIdcIUXFqz3NaaljNsZoYgR4QiMA_BXnK3ltBO0xHj9teTzw." set-cookie="X-OWA-CANARY=wqfHgb7j7kSoUacDvHeJsmDJsKFmIdcI3aGUdb-5cv1LOxtEBh2sGrVjTVKbFcAxIrw_VpuaWU4.; path=/; secure, X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyeg
2019:08:15-10:54:57 xan-utm httpd: YHNz87G0s/G0s7Lq8/GxcrLxcrI; expires=Sat, 14-Sep-2019 09:54:57 GMT; path=/owa; secure; HttpOnly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUr8cCoeAEAAAtPcE4AAAAZ"
2019:08:15-10:54:57 xan-utm httpd[2895]: [security2:error] [pid 2895:tid 3917667184] [client 94.192.179.216:53612] [client 94.192.179.216] ModSecurity: Access allowed (phase 1). Operator GT matched 0 at ENV. [file "/usr/apache/conf/waf/base.conf"] [line "14"] [id "900000"] [hostname "xanexchange.xanalys.com"] [uri "/owa/ev.owa2"] [unique_id "XVUr8cCoeAEAAAtPcE8AAAAZ"]
2019:08:15-10:54:58 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="1769" user="-" host="94.192.179.216" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="45665" url="/owa/service.svc" server="xanexchange.xanalys.com" port="443" query="?action=FindConversation&EP=1&UA=0&ID=-104&AC=1" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrLxcrI; ClientId=895AF1C0B11B4B2F896122DC1E967837; UC=79261316ef1f4ee182f25f0dc619b989; X-OWA-JS-PSD=1; AppcacheVer=15.2.221.17:en-gbbase; X-OWA-CANARY=wqfHgb7j7kSoUacDvHeJsmDJsKFmIdcI3aGUdb-5cv1LOxtEBh2sGrVjTVKbFcAxIrw_VpuaWU4." set-cookie="X-OWA-CANARY=Ax4RcQCDqE2O5gWh718jj0BRu6FmIdcIkjvhF6hR7JI87FAOYkLaWia6owA8p3XpSU64qArqITE.; path=/; secure, X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrLxcrH; expires=Sat, 14-Sep-2019 09:54:58 GMT; path=/
2019:08:15-10:54:58 xan-utm httpd: owa; secure; HttpOnly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUr8cCoeAEAAAtPcFAAAAAY"
2019:08:15-10:54:58 xan-utm httpd: id="0299" srcip="94.192.179.216" localip="82.68.126.11" size="821" user="-" host="94.192.179.216" method="POST" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening" time="44369" url="/owa/service.svc" server="xanexchange.xanalys.com" port="443" query="?action=FindFolder&EP=1&UA=0&ID=-105&AC=1" referer="-" cookie="X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrLxcrH; ClientId=895AF1C0B11B4B2F896122DC1E967837; UC=79261316ef1f4ee182f25f0dc619b989; X-OWA-JS-PSD=1; AppcacheVer=15.2.221.17:en-gbbase; X-OWA-CANARY=Ax4RcQCDqE2O5gWh718jj0BRu6FmIdcIkjvhF6hR7JI87FAOYkLaWia6owA8p3XpSU64qArqITE." set-cookie="X-OWA-CANARY=fKm5ANpX3kyh5_z_5Sx8ecBP2KFmIdcIhprD74pBVtDpfHF1bASCY6z1KJWBxM0y5CGAt93cACE.; path=/; secure, X-BackEndCookie=S-1-5-21-50481480-593310465-398547282-17126=u56Lnp2ejJqBx8jPycvKysvSz82cztLLnp2d0sfOz5rSx5mayM6cncicyZyegYHNz87G0s/G0s7Lq8/GxcrLxcrH; expires=Sat, 14-Sep-2019 09:54:58 GMT; path=/owa; se
2019:08:15-10:54:58 xan-utm httpd: cure; HttpOnly" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUr8sCoeAEAAAtPcFEAAAAY"
2019:08:15-10:55:32 xan-utm httpd[2895]: [authnz_aua:error] [pid 2895:tid 3909274480] [client 52.125.140.21:41082] [xanalys\\james-outlook-test] AUA responded with 'DENIED'
2019:08:15-10:55:32 xan-utm httpd: id="0299" srcip="52.125.140.21" localip="82.68.126.11" size="381" user="xanalys\\james-outlook-test" host="52.125.140.21" method="OPTIONS" statuscode="401" reason="auth" extra="user denied" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipURLHardening" time="199261" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys%5Cjames-outlook-test&DeviceId=499A18DB91DCED96&DeviceType=Outlook" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUsFMCoeAEAAAtPcFIAAAAa"
2019:08:15-10:55:32 xan-utm httpd[2895]: [authnz_aua:error] [pid 2895:tid 3909274480] [client 52.125.140.21:41082] [xanalys.com\\james-outlook-test] AUA responded with 'DENIED'
2019:08:15-10:55:32 xan-utm httpd: id="0299" srcip="52.125.140.21" localip="82.68.126.11" size="381" user="xanalys.com\\james-outlook-test" host="52.125.140.21" method="OPTIONS" statuscode="401" reason="auth" extra="user denied" exceptions="SkipBlacklistDNSRBL, SkipBlacklistGeoIP, SkipURLHardening" time="211899" url="/Microsoft-Server-ActiveSync" server="xanexchange.xanalys.com" port="443" query="?User=xanalys.com%5Cjames-outlook-test&DeviceId=499A18DB91DCED96&DeviceType=Outlook" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="XVUsFMCoeAEAAAtPcFMAAAAa"