Microsoft 365

The m365 log type collects a range of data for Microsoft 365, such as the following:

  • Records from call details
  • Performance data
  • SQL Server events
  • Security events
  • Access control activity

The following code snippet contains all the raw_field and ecs mappings for this log type:

  1. "mappings": [
  2.     {
  3.       "raw_field":"eventSource",
  4.       "ecs":"rsa.misc.event_source"
  5.     },
  6.     {
  7.       "raw_field":"eventName",
  8.       "ecs":"rsa.misc.event_desc"
  9.     },
  10.     {
  11.       "raw_field":"status",
  12.       "ecs":"rsa.misc.status"
  13.     },
  14.     {
  15.       "raw_field":"Payload",
  16.       "ecs":"rsa.misc.payload_dst"
  17.     }
  18.   ]