Microsoft 365
The m365
log type collects a range of data for Microsoft 365, such as the following:
- Records from call details
- Performance data
- SQL Server events
- Security events
- Access control activity
The following code snippet contains all the raw_field
and ecs
mappings for this log type:
"mappings": [
{
"raw_field":"eventSource",
"ecs":"rsa.misc.event_source"
},
{
"raw_field":"eventName",
"ecs":"rsa.misc.event_desc"
},
{
"raw_field":"status",
"ecs":"rsa.misc.status"
},
{
"raw_field":"Payload",
"ecs":"rsa.misc.payload_dst"
}
]