Comments (11)
@r00tu53r is this something you could look into as you're upgrading to ECS 8.0/8.1?
Sure @jamiehynds I'll take a look.
from integrations.
These issues do seem to remain in the beats module that was linked to, but not in the o365 integration (in this repo).
For the integration:
event.category
is an array- The information from the
OriginatingServer
field is split up into address, domain and IP.UserID
values such asNT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)
are simply copied touser.id
and appear without further parsing, but that seems like a good choice. Values in theuser@domain
format do have further parsing. - As mentioned in point 2, server address, domain and IP are set correctly.
from integrations.
Pinging @elastic/siem (Team:SIEM)
from integrations.
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
from integrations.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from integrations.
Ping
from integrations.
@r00tu53r is this something you could look into as you're upgrading to ECS 8.0/8.1?
from integrations.
Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale
to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1
.
Thank you for your contribution!
from integrations.
Keeping open and moving to the integrations repo.
from integrations.
@chrisberkhout can you confirm if this feedback has been addressed in your latest ECS updates to O365? Thanks!
from integrations.
Closing as we've recently reviewed and updated our O365 ECS mappings.
from integrations.
Related Issues (20)
- Palo Alto NGFW Integration throwing errors HOT 3
- [CSPM] Update documentation and manifest to include supported platforms
- [M365 Defender] Change `event.type` of `AlertInfo` HOT 1
- [AWS] Create AWS Health Integration package HOT 3
- [stormshield] Follow-up tasks for new integration HOT 1
- [AWS][Pipeline Test] Multiple pipeline Test failure due to event.category mappings HOT 11
- [Azure OpenAI] Add PTU Metrics Dashboard
- [Azure OpenAI] Enable Advance Logging
- [RFC] Crowdstrike unified Device ID HOT 3
- [EA Input] Adding support for Jamf as a provider
- [sql_input] Support for SAP Hana
- [Auth0] Update Auth0 Integration to use Management API for Log Ingestion HOT 1
- M365 Defender Integration: Rather than removing HKEY_CURRENT_USER and and HKEY_LOCAL_MACHINE, replace them with HKCU and HKLM to avoiding breaking detection rules HOT 2
- Microsoft Exchange Online Message Trace documentation HOT 1
- AWS Firehose endpoint returning 200 even when ingestion is failing
- [AWS] AWS ELB metrics integration OOTB Dashboard does not reflect ALBs data for Inbound and Outbound Traffic Visualisations HOT 1
- [Prometheus] Add HTTP config options to all data streams
- [Meta] AWS ELB Integration Improvements
- [Citrix ADC] Syslog messages are not according to documentation HOT 1
- Add full text search on specified fields in the Okta integration. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from integrations.