security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
blue-team-tools/tools/config/ecs-ms365_defender.yml
T
Austin Songer 00f4773eeb Create ecs-ms365_defender.yml
2021-09-24 20:02:39 -05:00

19 lines
819 B
YAML
Raw Blame History

title: Microsoft 365 Defender Elasticsearch ecs mapping
order: 20
backends:
- es-qs
- es-rule
fieldmappings:
classification: microsoft.m365_defender.alerts.classification
determination: microsoft.m365_defender.alerts.determination
severity: microsoft.m365_defender.alerts.severity
status: microsoft.m365_defender.alerts.status
detectionSource: microsoft.m365_defender.alerts.detectionSource
threatFamilyName: microsoft.m365_defender.alerts.threatFamilyName
entityType: microsoft.m365_defender.alerts.entities.entityType
registryHive: microsoft.m365_defender.alerts.entities.registryHive
registryKey: microsoft.m365_defender.alerts.entities.registryKey
registryValueType: microsoft.m365_defender.alerts.entities.registryValueType
ipAddress: microsoft.m365_defender.alerts.entities.ipAddress
Reference in New Issue View Git Blame Copy Permalink