valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1661 from heyibrahimkhan/patch-2

Browse Source 
Create ecs-azure-ad_auditlogs.yml
This commit is contained in:
Thomas Patzke 2021-07-12 23:37:37 +02:00 committed by GitHub
commit 98165cdd09
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/config/ecs-azure-ad_auditlogs.yml Normal file
View File

@ -0,0 +1,11 @@
title: Azure AD Audit Logs Elasticsearch ecs mapping
order: 20
backends:
- es-qs
- es-rule
fieldmappings:
category: azure.auditlogs.properties.category
activityDisplayName: event.action
loggedByService: azure.auditlogs.properties.logged_by_service
result: event.outcome
initiatedBy.user.userPrincipalName: azure.auditlogs.properties.initiated_by.user.userPrincipalName