Microsoft 365

The m365 log type collects a range of data for Microsoft 365, such as the following:

• Records from call details
• Performance data
• SQL Server events
• Security events
• Access control activity

The following code snippet contains all the raw_field and ecs mappings for this log type:

"mappings": [
    {
      "raw_field":"eventSource",
      "ecs":"rsa.misc.event_source"
    },
    {
      "raw_field":"eventName",
      "ecs":"rsa.misc.event_desc"
    },
    {
      "raw_field":"status",
      "ecs":"rsa.misc.status"
    },
    {
      "raw_field":"Payload",
      "ecs":"rsa.misc.payload_dst"
    }
  ]