tools/config/generic/m365.yml

title: Microsoft 365 Rules
order: 10
logsources:
    threat_management:
        product: m365
        service: threat_management
        conditions:
            eventSource: SecurityComplianceCenter
    access_governance:
        product: m365
        service: access_governance
        conditions:
            eventSource: SecurityComplianceCenter
    cloud_discovery:
        product: m365
        service: cloud_discovery
        conditions:
            eventSource: SecurityComplianceCenter
    data_loss_prevention:
        product: m365
        service: data_loss_prevention
        conditions:
            eventSource: SecurityComplianceCenter
    threat_detection:
        product: m365
        service: threat_detection
        conditions:
            eventSource: SecurityComplianceCenter
            sharing_control:
        product: m365
    service: sharing_control
        conditions:
            eventSource: SecurityComplianceCenter
Create m365.yml 2021-08-20 00:29:29 -05:00			`title: Microsoft 365 Rules`
			`order: 10`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`logsources:`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`threat_management:`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`product: m365`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`service: threat_management`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`conditions:`
			`eventSource: SecurityComplianceCenter`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`access_governance:`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`product: m365`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`service: access_governance`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`conditions:`
			`eventSource: SecurityComplianceCenter`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`cloud_discovery:`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`product: m365`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`service: cloud_discovery`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`conditions:`
			`eventSource: SecurityComplianceCenter`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`data_loss_prevention:`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`product: m365`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`service: data_loss_prevention`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`conditions:`
			`eventSource: SecurityComplianceCenter`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`threat_detection:`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`product: m365`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`service: threat_detection`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`conditions:`
			`eventSource: SecurityComplianceCenter`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`sharing_control:`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`product: m365`
refactor: first bigger log source refactoring 2022-03-22 17:58:29 +01:00			`service: sharing_control`
$frack113$ standardization 2021-11-09 07:27:25 +01:00			`conditions:`
			`eventSource: SecurityComplianceCenter`