title: Azure Sentinel
order: 20
backends:
  - ala
  - ala-rule
fieldmappings:
  ComputerName: Computer
  Event-ID: EventID
  Event_ID: EventID
  eventId: EventID
  event_id: EventID
  event-id: EventID
  eventid: EventID
  hashes: Hashes
  file_hash: Hashes
  url.query: URL
  resource.URL: URL
  src_ip: SourceIp
  source.ip: SourceIp
  FileName: TargetFilename
  dst_ip: DestinationIP
  destination.ip: DestinationIP
  event_data.AccessMask: AccessMask
  event_data.AllowedToDelegateTo: AllowedToDelegateTo
  event_data.AttributeLDAPDisplayName: AttributeLDAPDisplayName
  event_data.AuditPolicyChanges: AuditPolicyChanges
  event_data.AuthenticationPackageName: AuthenticationPackageName
  event_data.CallingProcessName: CallingProcessName
  event_data.CallTrace": CallTrace
  event_data.CommandLine: CommandLine
  Commandline: CommandLine
  cmd: CommandLine
  event_data.ComputerName: ComputerName
  event_data.CurrentDirectory: CurrentDirectory
  event_data.Description: Description
  event_data.DestinationHostname: DestinationHostname
  event_data.DestinationIp: DestinationIp
  event_data.DestinationPort: DestinationPort
  event_data.Details: Details
  event_data.EngineVersion: EngineVersion
  event_data.EventType: EventType
  event_data.FailureCode: FailureCode
  event_data.FileName: FileName
  event_data.GrantedAccess: GrantedAccess
  event_data.GroupName: GroupName
  event_data.GroupSid: GroupSid
  event_data.Hashes: Hashes
  event_data.HiveName: HiveName
  event_data.HostVersion: HostVersion
  Image:
    service=security: Process
    category=process_creation: NewProcessName
    default: Image
  event_data.Image:
    service=security: Process
    category=process_creation: NewProcessName
    default: Image
  event_data.ImageLoaded": ImageLoaded
  event_data.ImagePath: ImagePath
  event_data.Imphash: Imphash
  event_data.IpAddress: IpAddress
  event_data.KeyLength: KeyLength
  event_data.LogonProcessName: LogonProcessName
  event_data.LogonType: LogonType
  event_data.NewProcessName: NewProcessName
  event_data.ObjectClass: ObjectClass
  event_data.ObjectName: ObjectName
  event_data.ObjectType: ObjectType
  event_data.ObjectValueName: ObjectValueName
  event_data.ParentCommandLine: ParentCommandLine
  event_data.ParentImage:
    category=process_creation: ParentProcessName
    default: ParentImage
  ParentImage:
    category=process_creation: ParentProcessName
    default: ParentImage
  event_data.ParentProcessName: ParentProcessName
  event_data.Path: Path
  event_data.PipeName: PipeName
  event_data.ProcessCommandLine: CommanProcessCommandLinedLine
  event_data.ProcessName: ProcessName
  event_data.Properties: Properties
  event_data.SecurityID: SecurityID
  event_data.ServiceFileName: ServiceFileName
  event_data.ServiceName: ServiceName
  event_data.ShareName: ShareName
  event_data.Signature: Signature
  event_data.Source: Source
  event_data.SourceImage: SourceImage
  event_data.StartModule: StartModule
  event_data.Status: Status
  event_data.SubjectUserName: SubjectUserName
  event_data.SubjectUserSid: SubjectUserSid
  event_data.TargetFilename: TargetFilename
  event_data.TargetImage: TargetImage
  event_data.TargetObject: TargetObject
  event_data.TicketEncryptionType: TicketEncryptionType
  event_data.TicketOptions: TicketOptions
  event_data.User: User
  event_data.WorkstationName: WorkstationName