Stay organized with collections
Save and categorize content based on your preferences.
Change log for MICROSOFT_SENTINEL
Date
Changes
2025-02-03
Enhancement:
- Added support for JSON logs.
2023-11-03
Enhancement:
- Mapped "ResourceId" to "target.resource.name".
- When "ResourceId" is 'not null' and event has one of "principal" or "target" as 'not null', then map "metadata.event_type" to "USER_RESOURCE_ACCESS".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-06 UTC."],[[["The change log details updates for MICROSOFT_SENTINEL, focusing on enhancements and parser creation."],["Support for JSON logs was added on February 3rd, 2025."],["On November 3rd, 2023, \"ResourceId\" was mapped to \"target.resource.name,\" and conditional mapping of \"metadata.event_type\" to \"USER_RESOURCE_ACCESS\" was introduced."],["A new parser for MICROSOFT_SENTINEL was created on August 31st, 2023."]]],[]]
