Comments (11)
@r00tu53r is this something you could look into as you're upgrading to ECS 8.0/8.1?
Sure @jamiehynds I'll take a look.
from integrations.
These issues do seem to remain in the beats module that was linked to, but not in the o365 integration (in this repo).
For the integration:
event.category
is an array- The information from the
OriginatingServer
field is split up into address, domain and IP.UserID
values such asNT AUTHORITY\\SYSTEM (Microsoft.Exchange.ServiceHost)
are simply copied touser.id
and appear without further parsing, but that seems like a good choice. Values in theuser@domain
format do have further parsing. - As mentioned in point 2, server address, domain and IP are set correctly.
from integrations.
Pinging @elastic/siem (Team:SIEM)
from integrations.
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
from integrations.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from integrations.
Ping
from integrations.
@r00tu53r is this something you could look into as you're upgrading to ECS 8.0/8.1?
from integrations.
Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale
to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1
.
Thank you for your contribution!
from integrations.
Keeping open and moving to the integrations repo.
from integrations.
@chrisberkhout can you confirm if this feedback has been addressed in your latest ECS updates to O365? Thanks!
from integrations.
Closing as we've recently reviewed and updated our O365 ECS mappings.
from integrations.
Related Issues (20)
- [ti_crowdstrike.ioc]: field [original] not present as part of path [event.original]] HOT 2
- [ti_crowdstrike.intel]: pipeline error: '134.35.8.0/21' is not an IP string literal HOT 3
- [google_workspace]: pipeline error: field [id] not present as part of path [json.id.time] HOT 2
- [arista_ngfw,windows] Replace legacy visualizations with Lens HOT 6
- [arista_ngfw] Convert legacy visualizations to Lens HOT 5
- [windows] Convert legacy visualizations to Lens HOT 1
- [Elasticsearch]: Mapping conflict with Audit logs HOT 1
- [Symantec Endpoint Security]: native mapping for ses.raw_data (flattened) doesn't work to index hexadecimal data HOT 2
- [Threat Intelligences Utilities]: Intelligence Dashboard in Elastic Security Broken HOT 3
- [AWS Cloudtrail]: TLS Version dissect processor failure not handled
- [Stack 8.16.0-SNAPSHOT] [cloudflare] Failing test daily: system test: default in cloudflare.logpull
- [Stack 8.16.0-SNAPSHOT] [cyberarkpas] Failing test daily: system test: tls in cyberarkpas.audit
- [Stack 8.16.0-SNAPSHOT] [f5_bigip] Failing test daily: pipeline test: test-pipeline-bigip-asm.log in f5_bigip.log
- [Stack 8.16.0-SNAPSHOT] [fortinet_fortigate] Failing test daily: pipeline test: test-fortinet-7-4.log in fortinet_fortigate.log
- [Stack 8.16.0-SNAPSHOT] [kibana] Failing test daily: system test: default (variant: kibana_8.10.0) in kibana.status
- [Stack 8.16.0-SNAPSHOT] [mongodb_atlas] Failing test daily: system test: (elastic-agent logs - default) in mongodb_atlas.process
- [Stack 8.16.0-SNAPSHOT] [mongodb_atlas] Failing test daily: system test: (elastic-agent logs - default) in mongodb_atlas.hardware
- [Stack 8.16.0-SNAPSHOT] [tenable_io] Failing test daily: system test: (elastic-agent logs - default) in tenable_io.plugin
- [Stack 8.16.0-SNAPSHOT] [ti_crowdstrike] Failing test daily: system test: (elastic-agent logs - default) in ti_crowdstrike.intel
- [Stack 8.16.0-SNAPSHOT] [zscaler_zia] Failing test daily: pipeline test: test-sandbox.log in zscaler_zia.sandbox_report
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from integrations.