valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #2081 from austinsonger/ecs-ms365_defender.yml

Browse Source 
ecs-ms365_defender.yml
This commit is contained in:
frack113 2021-09-27 08:03:36 +02:00 committed by GitHub
commit 74c2d39d53
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tools/config/ecs-ms365_defender.yml Normal file
View File

@ -0,0 +1,18 @@
title: Microsoft 365 Defender Elasticsearch ecs mapping
order: 20
backends:
- es-qs
- es-rule
fieldmappings:
classification: microsoft.m365_defender.alerts.classification
determination: microsoft.m365_defender.alerts.determination
severity: microsoft.m365_defender.alerts.severity
status: microsoft.m365_defender.alerts.status
detectionSource: microsoft.m365_defender.alerts.detectionSource
threatFamilyName: microsoft.m365_defender.alerts.threatFamilyName
entityType: microsoft.m365_defender.alerts.entities.entityType
registryHive: microsoft.m365_defender.alerts.entities.registryHive
registryKey: microsoft.m365_defender.alerts.entities.registryKey
registryValueType: microsoft.m365_defender.alerts.entities.registryValueType
ipAddress: microsoft.m365_defender.alerts.entities.ipAddress