Change log for AZURE_AD_SIGNIN
| Date | Changes |
|---|---|
| 2024-10-17 | Enhancement:
- Mapped "userDisplayName" to "principal.user.user_display_name". - Mapped "userPrincipalName" to "principal.user.email_addresses". - Mapped "appDisplayName" to "principal.application". - Mapped "ipAddress" to "principal.ip" and "principal.asset.ip". - Mapped "userId" to "principal.user.userid". - Mapped "resourceDisplayName" to "target.application". - Mapped "status.errorCode" to "network.http.response_code". - Mapped "failureReason" to "security_result.summary". - Mapped "deviceDetail.operatingSystem" to "principal.platform". - Mapped "appId", "clientAppUsed", "conditionalAccessStatus", "deviceDetail.deviceId", "deviceDetail.deviceName", "deviceDetail.browser", "deviceDetail.isCompliant", "deviceDetail.isManaged", and "deviceDetail.trustType" to "security_result.detection_fields". - Mapped "location.city" to "principal.location.city". - Mapped "location.state" to "principal.location.state". - Mapped "location.countryOrRegion" to "principal.location.country_or_region". - Mapped "location.geoCoordinates.latitude" to "principal.location.region_coordinates.latitude". - Mapped "location.geoCoordinates.longitude" to "principal.location.region_coordinates.longitude". |
| 2024-07-18 | Enhancement:
- Added support for JSON logs containing array of logs. |
| 2024-05-07 | - Newly created parser.
|