security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e91fc4486e57fc40e30d12253694de4c80a9e4ea
blue-team-tools/tools/config/ecs-azure-activitylogs.yml
T
Ibrahim Ali Khan 25dd14829e Create ecs-azure-activitylogs.yml 
Azure Activity Logs Elasticsearch ecs mapping
2021-07-08 20:37:12 +05:00

12 lines
308 B
YAML
Raw Blame History

title: Azure Activity Logs Elasticsearch ecs mapping
order: 20
backends:
- es-qs
- es-rule
fieldmappings:
claims.name: user.name
properties.message: event.action
properties.eventCategory: azure.activitylogs.event_category
status.value: event.outcome
resourceType.value: azure.resource.provider
Reference in New Issue View Git Blame Copy Permalink