Change log for OFFICE_365
Date | Changes |
---|---|
2024-11-11 | - Updated logic for AppAccessContext.AADSessionId field to map it to network.session_id
|
2024-10-11 | - Added support for CopilotEventData.AccessedResources field for CopilotInteraction operations.
|
2024-09-13 | - Added support for Parameters field for New-TransportRule operations.
- Added support for Actions field for AirInvestigationData operations. |
2024-09-06 | - Added support for FileSizeBytes field for various file related operations.
|
2024-08-23 | - Added support for the field ParticipantInfo and its sub-field for the Operation MemberAdded.
- Added support for the field QueryText for the Operation SearchCreated, SearchUpdated, SearchStarted and map it to security_result.detection_fields[QueryText] - Added support for the field ObjectId for the Operation SearchCreated, SearchUpdated, SearchStarted and map it to additional.fields[ObjectId] - Added support for the Operation TeamsAdminAction for the field ModifiedProperties to security.detection_field. - Added support for the AlertEntityId to target.url when the log with "EntityType":"MaliciousUrl". |
2024-08-09 | - Added support for Attachments[].AffectedItems and mapped the first file name and size of the file to about.file.size and about.file.full_path.
- Added support for Attachments[].AffectedItems and mapped the field to additional.fields[Attachments_AffectedItems]. |
2024-07-10 | - Added support for PreExecutionMessage , PostExecutionMessage iterated over the fields and mapped the key value to security_result.detection_fields.
|
2024-06-12 | - Added support for "target.user.userid" in UDM, which is mapped to "Data:" -> "userPrincipalName".
- Added support for "security_result.url_back_to_product" in UDM, which is mapped to "AlertLinks:" -> "AlertLinkHref". - Added support for UserId, which is mapped to "additional.fields" as UserId does not provide the true user.userid - Added support for "target.user.product_object_id" in UDM, which is mapped to "Data:" -> "riskyUserId" - Added support for ModifiedProperties and field.Name = IPAddressAllowList under the additional fields with 'NewIPAddressAllowList' and 'OldIPAddressAllowList'. |
2024-05-22 | - Added support for 'ObjectId' field to additional field for "Add member to role.", and "Add user." operations.
|
2024-05-15 | - Added support for 'ItemName' and 'ParticipantInfo.HasForeignTenantUsers' fields to "additional" field for 'ChatCreated' operations.
|
2024-05-08 | - Added support of the "StrongAuthenticationMethod" and "StrongAuthenticationUserDetails" values of the "ModifiedProperties.Name" raw log field.
- Added support for 'ObjectId' field to the additional field 'FileUploadedToCloud' operations. |
2024-04-24 | - Added UDM mapping of the field 'ResultStatusDetail'.
- Added support for 'Parameters' field for 'Add-RecipientPermission' operations. - Updated UDM mapping of ModifiedProperties raw log field. |
2024-03-27 | - Added support for 'ObjectId' field from 'FilePrinted' and 'FileUploadedToCloud' operations.
- Added support for 'SearchQueryText' field for 'SearchQueryPerformed' operations. - Added mapping of 'InternetMessageId' to 'network.email.mail_id' UDM fields for 'UserSubmission', 'UserSubmissionTriage' operation. - Added mapping of 'FileSizeBytes' for 'FileModifiedExtended' operations. |
2024-03-13 | - Added support for 'GetRefreshablesForCapacityAsAdmin' new operations.
- Added support for 'AppRole.Value' field from 'ModifiedProperties'. - Added mapping of 'SensitivityLabelEventData.JustificationText' field to 'security_result.detection_fields' UDM field. - Added mapping of 'UrlClickAction' field to 'security_result.detection_fields' UDM field. |
2024-02-28 | - Added support for new operations.
|
2024-02-14 | - Added support for 'QuarantineApproveReleaseMessage', 'QuarantineDenyReleaseMessage', 'FileSensitivityLabelApplied', 'Update policy.', 'SharingLinkUsed', 'AddedToSharingLink', 'Authorize', 'SharingLinkUpdated', 'SubTaskUpdated', 'TaskRead', and 'SubTaskCreated' new operations.
|
2024-01-31 | - Added support for 'SharingLinkCreated', 'TimesheetSaved', 'ResourceCheckedOut', 'GetGroupUsers', 'SensitivityLabelUpdated', 'ListItemRecycled' and 'TimesheetAccessed' operations.
|
2024-01-17 | - Added support for 'SensitivityLabelApplied' operation.
|
2024-01-03 | - Added support for 'Add-MailboxLocation' and 'Release-QuarantineMessage' operations.
|
2023-11-29 | - Added support for 'Set-DlpCompliancePolicy' and 'Remove-DlpCompliancePolicy' operations.
- Added additional mapping of 'RequestType' field from 'ExtendedProperties' to 'about.labels' in 'UserLoggedIn' and 'UserLoginFailed' operations. - Aligned 'principal/target.hostname' and 'principal/target.asset.hostname' mapping. - Added support for additional fields for "noun.labels". |
2023-11-01 | - Added support for 'QuarantineReleaseMessage', 'WorkspaceStatusReceived','LinkedEntityUpdated', 'ViewResponse', 'O365SyncAdminUserPromotion', 'FileCopiedToClipboard', and 'FileTranscriptContentAccessed' operations.
|
2023-10-18 | - Added support for 'TaskModified' and 'DeleteTile' operations.
|
2023-10-04 | - Added support for 'SensitivityLabeledFileOpened','SensitivityLabeledFileRenamed' and 'Validate' operations.
- Added support for 'Modified Properties' fields in the 'Update user' operation. |
2023-09-20 | - Added support for 'PutConnection','PutConnectionPermission' 'AdminSubmissionTablAllow', 'Add contact.' and 'WorkspacePortalUrlReceived' operations.
|
2023-09-06 | - Added mapping of 'ObjectId' for 'Add-MailboxPermission' Operation.
|
2023-08-23 | - Added support for 'TaskListRead' operation.
|
2023-08-09 | - Added support for 'GetWorkspaces', 'TeamsUserSignedOut' and 'ConnectFromExternalApplication' operation.
|
2023-07-26 | - Added support for "SensitiveInfoTypeData" fields in DLP logs.
- Updated mapping of 'metadata.event_type' for 'UserLoginFailed' operation. |
2023-06-28 | - Updated mapping of "metadata.event_type" for 'UserLoggedIn' operation.
|
2023-06-14 | - Added support for 'ListViewUpdated' operation.
- Updated the parser to include "parse_network_http_user_agent" to use "Parsed User Agent" and "User Agent". |
2023-05-31 | - Added support for 'FileUploadedToCloud', 'GenerateDataflowSasToken', 'GenerateScreenshot', 'MDCAssessments', 'RemovableMediaMount', 'SignInEvent', 'ApprovedRequest', 'CreateForm', 'ListForms', 'MDCRegulatoryComplianceAssessments', 'PreviewForm', 'ViewedApprovalRequest', 'ListCreated' and 'SiteColumnCreated' operations.
- Added mapping for the recipient of the email for TIMailData. |
2023-05-02 | - Added mapping of attachment data for operation 'TIMailData'.
- Added mapping of 'Result Status' log field for operation 'SoftDelete'. - Updated mapping of event type of 'Update Service Principal'. - Added mapping of 'Result Status' with 'security_result.action' for all operations. - Added mapping of 'ErrorNumber' log field for operations 'UserLoggedIn' and 'UserLoginFailed'. - Added support for 'New-DlpCompliancePolicy', 'New-DlpComplianceRule', 'Get-InsiderRiskPolicy', 'Enable Strong Authentication.', 'ReactedToMessage', 'RemovableMediaUnmount' and 'Set-HostedContentFilterPolicy' operations. |
2023-04-12 | - Added mapping of fields present in the 'Data' field for operations 'AirInvestigation', 'AlertUpdated', 'AlertEntityGenerated', 'AlertTriggered'.
- Added support for operation 'DeleteDatasetRows'. - Added mapping of 'ApplicationId' log field and updated mapping for the 'ApplicationDisplayName', 'appId' and 'RequestType' log fields. |
2023-03-29 | - Added support for IPv6 dual address.
- Added support for operation 'LaunchPowerApp'. |
2023-03-15 | - Added mapping of 'Role.TemplateId' field for operation 'Add member to role.'.
- Updated mapping of 'Role.DisplayName' field for operation 'Add member to role.'. |
2023-03-01 | - Added support for operation 'FileSensitivityLabelChanged'.
- Added support for operation 'FileRead'. - Added support for operation 'MessageReadReceiptReceived'. - Added support for operation 'Search'. - Added support for operation 'TaskDeleted'. - Added support for operation 'TaskUpdated'. - Added support for operation 'TaskCreation'. - Added regular expression for 'email` field for operation 'AirInvestigationData'. - Added size validation for `principal.user.userid` and `target.user.userid`. - Modified validations for setting `metadata.event_type`. - Removed unwanted invalid JSON format logs. |
2023-02-01 | - Added support for operation 'SecurityGroupModified'.
- Added mapping of principal.user.userid and target.user.userid. |
2023-01-18 | - Added mapping for field "Is Hard Deleted" and mapped it with security_result.detection_fields.key/value.
- Added mapping for field "GivenName" and mapped it with target.user.attribute.labels.key/value. - Added mapping for field "RequiredResourceAccess" and mapped it with target.resource.attribute.labels.key/value. - Added mapping for field "DelegatedPermissionGrant.Scope" and mapped it with target.resource.attribute.labels.key/value. |
2023-01-11 | - Removed gsub filter to remove leading zeros.
- Added validation logic to check if IP is valid or not. - Handled the ObjectId field to remove unnecessary angular brackets. - Added support for RecipientCount, Sent, SensitiveInformationDetailedClassificationAttributes.Confidence, SensitiveInformationDetailedClassificationAttributes.Count, SensitiveInfoTypeData.Confidence, SensitiveInfoTypeData.Count fields. |
2023-01-04 | Promoting parser to default.
|