Link Search Menu Expand Document Documentation Menu

Microsoft 365

The m365 log type collects a range of data for Microsoft 365, such as the following:

  • Records from call details
  • Performance data
  • SQL Server events
  • Security events
  • Access control activity

The following code snippet contains all the raw_field and ecs mappings for this log type:

"mappings": [
    {
      "raw_field":"eventSource",
      "ecs":"rsa.misc.event_source"
    },
    {
      "raw_field":"eventName",
      "ecs":"rsa.misc.event_desc"
    },
    {
      "raw_field":"status",
      "ecs":"rsa.misc.status"
    },
    {
      "raw_field":"Payload",
      "ecs":"rsa.misc.payload_dst"
    }
  ]
350 characters left

Have a question? .

Want to contribute? or .