Microsoft 365

The m365 log type collects a range of data for Microsoft 365, such as the following:

Records from call details
Performance data
SQL Server events
Security events
Access control activity

The following code snippet contains all the raw_field and ecs mappings for this log type:

"mappings": [
    {
      "raw_field":"eventSource",
      "ecs":"rsa.misc.event_source"
    },
    {
      "raw_field":"eventName",
      "ecs":"rsa.misc.event_desc"
    },
    {
      "raw_field":"status",
      "ecs":"rsa.misc.status"
    },
    {
      "raw_field":"Payload",
      "ecs":"rsa.misc.payload_dst"
    }
  ]

WAS THIS PAGE HELPFUL?

✔ Yes ✖ No

Tell us why

350 characters left

Have a question? Ask us on the OpenSearch forum.

Want to contribute? Edit this page or create an issue.

Microsoft 365

OpenSearch Links

Get Involved

Resources

Contact Us