Florian Roth
12 lines
377 B
YAML
12 lines
377 B
YAML
title: Azure AD Audit Logs Elasticsearch ecs mapping
|
|
order: 20
|
|
backends:
|
|
- es-qs
|
|
- es-rule
|
|
fieldmappings:
|
|
category: azure.auditlogs.properties.category
|
|
activityDisplayName: event.action
|
|
loggedByservice: auditlogs.properties.logged_by_service
|
|
result: event.outcome
|
|
initiatedBy.user.userPrincipalName: azure.auditlogs.properties.initiated_by.user.userPrincipalName
|