Change log for AZURE_MDM_INTUNE
| Date | Changes |
|---|---|
| 2025-02-13 | Enhancement:
- Mapped "resultType", "properties.AADDeviceId", "properties.IntuneDeviceId", "properties.IntuneUserId", "properties.MessageId", "properties.ScaleUnit", and "properties.Os" to "additional.fields". - Mapped "properties.EnrollmentType" and "properties.FailureReason" to "additional.fields". - Mapped "properties.OsVersion", "principal.platform_version", and "properties.StartTimeUtc" to "additional.fields". - Mapped "properties.OperationalLogCategory", "properties.ScenarioName", "properties.UserDisplayName", "properties.UPNSuffix", "properties.DeviceOperatingSystem", "AlertDisplayNameproperties.AlertDisplayName, "properties.DeviceDnsDomain", "properties.DeviceNetBiosName", and "properties.DeviceHostName" to "security_result.detection_fields". - Mapped "properties.AlertType" to "security_result.description". - Mapped "Description" to "metadata.description". |
| 2024-04-10 | Enhancement:
- Mapped "properties.Actor.Application" to "principal.application". - Mapped "properties.Actor.UPN" to "principal.user.userid". - Mapped "operationName" to "metadata.product_event_type". - Mapped "identity" to "target.user.email_addresses". - Mapped "identity" and "user_id" to "target.user.userid". - Mapped "properties.DeviceName" to "principal.hostname" and "principal.asset.hostname". - Mapped "properties.UserEmail" to "principal.user.email_addresses". - Mapped "properties.SerialNumber" to "_hardware.serial_number". - Mapped "_hardware" to "principal.asset.hardware". - Mapped "properties.UserName" to "principal.user.user_display_name". - Mapped "properties.OS" to "principal.platform". - Mapped "properties.OSVersion" to "principal.platform_version". - Mapped "properties.DeviceId" to "principal.asset.asset_id" and "principal.asset_id". - Mapped "properties.BatchId" to "metadata.product_log_id". - Mapped "tenantId", "properties.IntuneAccountId", "properties.AADTenantId", "properties.LastContact", "properties.DeviceHealthThreatLevel_loc", "properties.ComplianceState", "properties.InGracePeriodUntil", "properties.RetireAfterDatetime", "properties.ManagementAgents", and "properties.ManagementAgents_loc" to "additional.fields". - Mapped "properties.OS_loc" and "properties.OSDescription" to "security_result.detection_fields". |
| 2022-08-17 | - Added conditional check when "event_type" is mapped to "USER_RESOURCE_UPDATE_CONTENT".
- Added conditional check for fields "software2","software3","software4" and Mapped it to "target.asset.software". |