Stay organized with collections Save and categorize content based on your preferences.

Change log for AZURE_ACTIVITY

Date Changes
2022-09-26 Enhancement - Added fields.
Mapped "tenantId " to "metadata.product_deployment_id"
2022-06-20 Enhancement -
- Added conditional check for "entity_properties".
- when "category" is equal to "Security"
- Mapped "properties.eventProperties.clientIPAddress" to "principal.ip".
- Mapped "properties.eventProperties.accountSessionId" to "network.session_id".
- Mapped "properties.eventProperties.suspiciousProcess" to "target.process.file.full_path".
- Mapped "properties.eventProperties.suspiciousCommandLine" to "target.process.command_line".
- Mapped "properties.eventProperties.suspiciousProcessId" to "target.process.pid".
- Mapped "properties.eventProperties.compromisedHost" to "principal.hostname".
- Mapped "resultDescription" to "metadata.description"
- Mapped "properties.legacySubscriptionId" to "security_result.detection_fields".
- Mapped "properties.legacyResourceProviderName" to "security_result.detection_fields".
2022-05-19 Enhancement - Added and modified multiple fields.
- claims, Identity, aud, tenantid, principalId, action, appidacr, iat, exp, nbf, rh, uti, ver, xms_tcdt, principalType, roleAssignmentId, appid, aio, iss, nameidentifier, roleDefinitionId, scope mapped to security_result.detection_fields
- resultSignature, resultType, hierarchy, resource_type, entity, mapped to additional.fields.
- RoleLocation mapped to location.name.
- category mapped to security_result.category_details.