From 8bf07b357599ce6be2aeaa16198f3ebd62d4ff02 Mon Sep 17 00:00:00 2001
From: Ibrahim Ali Khan <heyibrahimkhan@users.noreply.github.com>
Date: Thu, 8 Jul 2021 20:40:39 +0500
Subject: [PATCH] Create ala-azure-ad_auditlogs.yml

Azure AD Audit Logs mapping for Azure Log Analytics
---
 tools/config/ala-azure-ad_auditlogs.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 tools/config/ala-azure-ad_auditlogs.yml

diff --git a/tools/config/ala-azure-ad_auditlogs.yml b/tools/config/ala-azure-ad_auditlogs.yml
new file mode 100644
index 000000000..18f16dfad
--- /dev/null
+++ b/tools/config/ala-azure-ad_auditlogs.yml
@@ -0,0 +1,11 @@
+title: Azure AD Audit Logs mapping for Azure Log Analytics
+order: 20
+backends:
+  - ala
+  - ala-rule
+fieldmappings:
+  category: Category
+  activityDisplayName: OperationName
+  loggedByService: LoggedByService
+  result: Result
+  initiatedBy.user.userPrincipalName: initiatedBy.user.userPrincipalName