blue-team-tools/tools/config/ala-azure-ad_auditlogs.yml

title: Azure AD Audit Logs mapping for Azure Log Analytics
order: 20
backends:
  - ala
  - ala-rule
fieldmappings:
  category: Category
  activityDisplayName: OperationName
  loggedByService: LoggedByService
  result: Result
  initiatedBy.user.userPrincipalName: initiatedBy.user.userPrincipalName