Change log for AZURE_MDM_INTUNE

Date	Changes
2024-04-10	Enhancement: - Mapped "properties.Actor.Application" to "principal.application". - Mapped "properties.Actor.UPN" to "principal.user.userid". - Mapped "operationName" to "metadata.product_event_type". - Mapped "identity" to "target.user.email_addresses". - Mapped "identity" and "user_id" to "target.user.userid". - Mapped "properties.DeviceName" to "principal.hostname" and "principal.asset.hostname". - Mapped "properties.UserEmail" to "principal.user.email_addresses". - Mapped "properties.SerialNumber" to "_hardware.serial_number". - Mapped "_hardware" to "principal.asset.hardware". - Mapped "properties.UserName" to "principal.user.user_display_name". - Mapped "properties.OS" to "principal.platform". - Mapped "properties.OSVersion" to "principal.platform_version". - Mapped "properties.DeviceId" to "principal.asset.asset_id" and "principal.asset_id". - Mapped "properties.BatchId" to "metadata.product_log_id". - Mapped "tenantId", "properties.IntuneAccountId", "properties.AADTenantId", "properties.LastContact", "properties.DeviceHealthThreatLevel_loc", "properties.ComplianceState", "properties.InGracePeriodUntil", "properties.RetireAfterDatetime", "properties.ManagementAgents", and "properties.ManagementAgents_loc" to "additional.fields". - Mapped "properties.OS_loc" and "properties.OSDescription" to "security_result.detection_fields".
2022-08-17	- Added conditional check when "event_type" is mapped to "USER_RESOURCE_UPDATE_CONTENT". - Added conditional check for fields "software2","software3","software4" and Mapped it to "target.asset.software".

Date

Changes

2024-04-10

Enhancement:
- Mapped "properties.Actor.Application" to "principal.application".
- Mapped "properties.Actor.UPN" to "principal.user.userid".
- Mapped "operationName" to "metadata.product_event_type".
- Mapped "identity" to "target.user.email_addresses".
- Mapped "identity" and "user_id" to "target.user.userid".
- Mapped "properties.DeviceName" to "principal.hostname" and "principal.asset.hostname".
- Mapped "properties.UserEmail" to "principal.user.email_addresses".
- Mapped "properties.SerialNumber" to "_hardware.serial_number".
- Mapped "_hardware" to "principal.asset.hardware".
- Mapped "properties.UserName" to "principal.user.user_display_name".
- Mapped "properties.OS" to "principal.platform".
- Mapped "properties.OSVersion" to "principal.platform_version".
- Mapped "properties.DeviceId" to "principal.asset.asset_id" and "principal.asset_id".
- Mapped "properties.BatchId" to "metadata.product_log_id".
- Mapped "tenantId", "properties.IntuneAccountId", "properties.AADTenantId", "properties.LastContact", "properties.DeviceHealthThreatLevel_loc", "properties.ComplianceState", "properties.InGracePeriodUntil", "properties.RetireAfterDatetime", "properties.ManagementAgents", and "properties.ManagementAgents_loc" to "additional.fields".
- Mapped "properties.OS_loc" and "properties.OSDescription" to "security_result.detection_fields".

2022-08-17

- Added conditional check when "event_type" is mapped to "USER_RESOURCE_UPDATE_CONTENT".
- Added conditional check for fields "software2","software3","software4" and Mapped it to "target.asset.software".