Change log for OFFICE_365

Date Changes
2024-11-11 - Updated logic for AppAccessContext.AADSessionId field to map it to network.session_id
2024-10-11 - Added support for CopilotEventData.AccessedResources field for CopilotInteraction operations.
2024-09-13 - Added support for Parameters field for New-TransportRule operations.
- Added support for Actions field for AirInvestigationData operations.
2024-09-06 - Added support for FileSizeBytes field for various file related operations.
2024-08-23 - Added support for the field ParticipantInfo and its sub-field for the Operation MemberAdded.
- Added support for the field QueryText for the Operation SearchCreated, SearchUpdated, SearchStarted and map it to security_result.detection_fields[QueryText]
- Added support for the field ObjectId for the Operation SearchCreated, SearchUpdated, SearchStarted and map it to additional.fields[ObjectId]
- Added support for the Operation TeamsAdminAction for the field ModifiedProperties to security.detection_field.
- Added support for the AlertEntityId to target.url when the log with "EntityType":"MaliciousUrl".
2024-08-09 - Added support for Attachments[].AffectedItems and mapped the first file name and size of the file to about.file.size and about.file.full_path.
- Added support for Attachments[].AffectedItems and mapped the field to additional.fields[Attachments_AffectedItems].
2024-07-10 - Added support for PreExecutionMessage , PostExecutionMessage iterated over the fields and mapped the key value to security_result.detection_fields.
2024-06-12 - Added support for "target.user.userid" in UDM, which is mapped to "Data:" -> "userPrincipalName".
- Added support for "security_result.url_back_to_product" in UDM, which is mapped to "AlertLinks:" -> "AlertLinkHref".
- Added support for UserId, which is mapped to "additional.fields" as UserId does not provide the true user.userid
- Added support for "target.user.product_object_id" in UDM, which is mapped to "Data:" -> "riskyUserId"
- Added support for ModifiedProperties and field.Name = IPAddressAllowList under the additional fields with 'NewIPAddressAllowList' and 'OldIPAddressAllowList'.
2024-05-22 - Added support for 'ObjectId' field to additional field for "Add member to role.", and "Add user." operations.
2024-05-15 - Added support for 'ItemName' and 'ParticipantInfo.HasForeignTenantUsers' fields to "additional" field for 'ChatCreated' operations.
2024-05-08 - Added support of the "StrongAuthenticationMethod" and "StrongAuthenticationUserDetails" values of the "ModifiedProperties.Name" raw log field.
- Added support for 'ObjectId' field to the additional field 'FileUploadedToCloud' operations.
2024-04-24 - Added UDM mapping of the field 'ResultStatusDetail'.
- Added support for 'Parameters' field for 'Add-RecipientPermission' operations.
- Updated UDM mapping of ModifiedProperties raw log field.
2024-03-27 - Added support for 'ObjectId' field from 'FilePrinted' and 'FileUploadedToCloud' operations.
- Added support for 'SearchQueryText' field for 'SearchQueryPerformed' operations.
- Added mapping of 'InternetMessageId' to 'network.email.mail_id' UDM fields for 'UserSubmission', 'UserSubmissionTriage' operation.
- Added mapping of 'FileSizeBytes' for 'FileModifiedExtended' operations.
2024-03-13 - Added support for 'GetRefreshablesForCapacityAsAdmin' new operations.
- Added support for 'AppRole.Value' field from 'ModifiedProperties'.
- Added mapping of 'SensitivityLabelEventData.JustificationText' field to 'security_result.detection_fields' UDM field.
- Added mapping of 'UrlClickAction' field to 'security_result.detection_fields' UDM field.
2024-02-28 - Added support for new operations.
2024-02-14 - Added support for 'QuarantineApproveReleaseMessage', 'QuarantineDenyReleaseMessage', 'FileSensitivityLabelApplied', 'Update policy.', 'SharingLinkUsed', 'AddedToSharingLink', 'Authorize', 'SharingLinkUpdated', 'SubTaskUpdated', 'TaskRead', and 'SubTaskCreated' new operations.
2024-01-31 - Added support for 'SharingLinkCreated', 'TimesheetSaved', 'ResourceCheckedOut', 'GetGroupUsers', 'SensitivityLabelUpdated', 'ListItemRecycled' and 'TimesheetAccessed' operations.
2024-01-17 - Added support for 'SensitivityLabelApplied' operation.
2024-01-03 - Added support for 'Add-MailboxLocation' and 'Release-QuarantineMessage' operations.
2023-11-29 - Added support for 'Set-DlpCompliancePolicy' and 'Remove-DlpCompliancePolicy' operations.
- Added additional mapping of 'RequestType' field from 'ExtendedProperties' to 'about.labels' in 'UserLoggedIn' and 'UserLoginFailed' operations.
- Aligned 'principal/target.hostname' and 'principal/target.asset.hostname' mapping.
- Added support for additional fields for "noun.labels".
2023-11-01 - Added support for 'QuarantineReleaseMessage', 'WorkspaceStatusReceived','LinkedEntityUpdated', 'ViewResponse', 'O365SyncAdminUserPromotion', 'FileCopiedToClipboard', and 'FileTranscriptContentAccessed' operations.
2023-10-18 - Added support for 'TaskModified' and 'DeleteTile' operations.
2023-10-04 - Added support for 'SensitivityLabeledFileOpened','SensitivityLabeledFileRenamed' and 'Validate' operations.
- Added support for 'Modified Properties' fields in the 'Update user' operation.
2023-09-20 - Added support for 'PutConnection','PutConnectionPermission' 'AdminSubmissionTablAllow', 'Add contact.' and 'WorkspacePortalUrlReceived' operations.
2023-09-06 - Added mapping of 'ObjectId' for 'Add-MailboxPermission' Operation.
2023-08-23 - Added support for 'TaskListRead' operation.
2023-08-09 - Added support for 'GetWorkspaces', 'TeamsUserSignedOut' and 'ConnectFromExternalApplication' operation.
2023-07-26 - Added support for "SensitiveInfoTypeData" fields in DLP logs.
- Updated mapping of 'metadata.event_type' for 'UserLoginFailed' operation.
2023-06-28 - Updated mapping of "metadata.event_type" for 'UserLoggedIn' operation.
2023-06-14 - Added support for 'ListViewUpdated' operation.
- Updated the parser to include "parse_network_http_user_agent" to use "Parsed User Agent" and "User Agent".
2023-05-31 - Added support for 'FileUploadedToCloud', 'GenerateDataflowSasToken', 'GenerateScreenshot', 'MDCAssessments', 'RemovableMediaMount', 'SignInEvent', 'ApprovedRequest', 'CreateForm', 'ListForms', 'MDCRegulatoryComplianceAssessments', 'PreviewForm', 'ViewedApprovalRequest', 'ListCreated' and 'SiteColumnCreated' operations.
- Added mapping for the recipient of the email for TIMailData.
2023-05-02 - Added mapping of attachment data for operation 'TIMailData'.
- Added mapping of 'Result Status' log field for operation 'SoftDelete'.
- Updated mapping of event type of 'Update Service Principal'.
- Added mapping of 'Result Status' with 'security_result.action' for all operations.
- Added mapping of 'ErrorNumber' log field for operations 'UserLoggedIn' and 'UserLoginFailed'.
- Added support for 'New-DlpCompliancePolicy', 'New-DlpComplianceRule', 'Get-InsiderRiskPolicy', 'Enable Strong Authentication.', 'ReactedToMessage', 'RemovableMediaUnmount' and 'Set-HostedContentFilterPolicy' operations.
2023-04-12 - Added mapping of fields present in the 'Data' field for operations 'AirInvestigation', 'AlertUpdated', 'AlertEntityGenerated', 'AlertTriggered'.
- Added support for operation 'DeleteDatasetRows'.
- Added mapping of 'ApplicationId' log field and updated mapping for the 'ApplicationDisplayName', 'appId' and 'RequestType' log fields.
2023-03-29 - Added support for IPv6 dual address.
- Added support for operation 'LaunchPowerApp'.
2023-03-15 - Added mapping of 'Role.TemplateId' field for operation 'Add member to role.'.
- Updated mapping of 'Role.DisplayName' field for operation 'Add member to role.'.
2023-03-01 - Added support for operation 'FileSensitivityLabelChanged'.
- Added support for operation 'FileRead'.
- Added support for operation 'MessageReadReceiptReceived'.
- Added support for operation 'Search'.
- Added support for operation 'TaskDeleted'.
- Added support for operation 'TaskUpdated'.
- Added support for operation 'TaskCreation'.
- Added regular expression for 'email` field for operation 'AirInvestigationData'.
- Added size validation for `principal.user.userid` and `target.user.userid`.
- Modified validations for setting `metadata.event_type`.
- Removed unwanted invalid JSON format logs.
2023-02-01 - Added support for operation 'SecurityGroupModified'.
- Added mapping of principal.user.userid and target.user.userid.
2023-01-18 - Added mapping for field "Is Hard Deleted" and mapped it with security_result.detection_fields.key/value.
- Added mapping for field "GivenName" and mapped it with target.user.attribute.labels.key/value.
- Added mapping for field "RequiredResourceAccess" and mapped it with target.resource.attribute.labels.key/value.
- Added mapping for field "DelegatedPermissionGrant.Scope" and mapped it with target.resource.attribute.labels.key/value.
2023-01-11 - Removed gsub filter to remove leading zeros.
- Added validation logic to check if IP is valid or not.
- Handled the ObjectId field to remove unnecessary angular brackets.
- Added support for RecipientCount, Sent, SensitiveInformationDetailedClassificationAttributes.Confidence, SensitiveInformationDetailedClassificationAttributes.Count, SensitiveInfoTypeData.Confidence, SensitiveInfoTypeData.Count fields.
2023-01-04 Promoting parser to default.