security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create ecs-ms365_defender.yml

Browse Source
This commit is contained in:
Austin Songer
2021-09-24 19:53:21 -05:00
committed by GitHub
parent 5227f31331
commit dd2f3e50db
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/config/ecs-ms365_defender.yml
+16
View File
@@ -0,0 +1,16 @@
title: Microsoft 365 Defender Logs Elasticsearch ecs mapping
order: 20
backends:
- es-qs
- es-rule
fieldmappings:
classification: microsoft.m365_defender.alerts.classification
determination: microsoft.m365_defender.alerts.determination
severity: microsoft.m365_defender.alerts.severity
status: microsoft.m365_defender.alerts.status
detectionSource: microsoft.m365_defender.alerts.detectionSource
threatFamilyName: microsoft.m365_defender.alerts.threatFamilyName
registryHive: microsoft.m365_defender.alerts.entities.registryHive
registryKey: microsoft.m365_defender.alerts.entities.registryKey
registryValueType: microsoft.m365_defender.alerts.entities.registryValueType
ipAddress: microsoft.m365_defender.alerts.entities.ipAddress