sigma-rules/etc/non-ecs-schema.json at e897a6760429ea46da15ebbca1609b62fd37fee9 - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

Brent Murphy 598e807a5c [New Rule] Microsoft 365 Teams Custom Application Interaction Allowed (#657 )

* [New Rule] O365 Teams Custom Application Interaction Allowed

* rebrand to m365, still needed non ecs schema

* Update non-ecs-schema.json

2020-12-08 17:36:47 -05:00

17 lines

278 B

JSON

Raw Blame History

 {
   "endgame-*": {
     "endgame": {
       "metadata": {
         "type": "keyword"
       },
       "event_subtype_full": "keyword"
     }
   },
   "winlogbeat-*": {
     "winlog.event_data.OriginalFileName": "keyword"
   },
   "filebeat-*": {
     "o365.audit.NewValue": "keyword"
   }
 }