AzureADLogonReports Log Messages

Vendor Documentation

https://demo.adauditplus.com/help/index.html

Classification

Rule Name	Rule Type	Common Event	Classification
AzureADLogonReports Log Messages	Base Rule	User Logon	Authentication Success

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	<severity>	Text/String	N/A
Category	<object>	Text/String	N/A
RECORD_ID	N/A	N/A	N/A
TIME_GENERATED	N/A	N/A	N/A
USER_DISPLAY_NAME	N/A	N/A	N/A
USER_PRINCIPAL_NAME	N/A	N/A	N/A
USER_ID	N/A	N/A	N/A
USER_COMPANY	N/A	N/A	N/A
USER_DEPARTMENT	N/A	N/A	N/A
USER_MANAGER	N/A	N/A	N/A
USER_IMMUTABLE_ID	N/A	N/A	N/A
USER_ON_SID	<session>	Text/String	N/A
USER_ON_GUID	N/A	N/A	N/A
USER_ON_SAM	N/A	N/A	N/A
USER_ON_DN	N/A	N/A	N/A
APP_ID	N/A	N/A	N/A
APP_DISPLAY_NAME	N/A	N/A	N/A
IP_ADDRESS	<sip>	Ip Address	N/A
HOST_NAME	N/A	N/A	N/A
LOGIN_STATUS	<status>	Text/String	N/A
DEVICE_INFO	<vendorinfo>	Text/String	N/A
GEO_COORDINATES_LAT	N/A	N/A	N/A
GEO_COORDINATES_LONG	N/A	N/A	N/A
LOCATION_CITY	N/A	N/A	N/A
LOCATION_STATE	N/A	N/A	N/A
LOCATION_COUNTRY	N/A	N/A	N/A
REPORT_PROFILE	<objectname>	Text/String	N/A
TENANT_NAME	N/A	N/A	N/A
ERROR_CODE	<responsecode>	Numbers	N/A
FAILURE_REASON	<reason>	Text/String	N/A
MFA_RESULT	N/A	N/A	N/A
MFA_REQUIRED	N/A	N/A	N/A
MFA_AUTH_METHOD	N/A	N/A	N/A
MFA_AUTH_DETAILS	N/A	N/A	N/A
DATA_SOURCE	N/A	N/A	N/A
SOURCE	<login>	Text/String	N/A
EVENT_NUMBER	N/A	N/A	N/A
ACCOUNT_DOMAIN	<domainimpacted>	Text/String	N/A
OPERATION	N/A	N/A	N/A
LOGON_TYPE	N/A	N/A	N/A
FORMAT_MESSAGE	<subject>	Text/String	N/A
EXTRA_COLUMN1	N/A	N/A	N/A
EXTRA_COLUMN2	N/A	N/A	N/A
EXTRA_COLUMN3	N/A	N/A	N/A
EXTRA_COLUMN4	N/A	N/A	N/A
EXTRA_COLUMN5	N/A	N/A	N/A
EXTRA_COLUMN6	N/A	N/A	N/A
EXTRA_COLUMN7	N/A	N/A	N/A
EXTRA_COLUMN8	N/A	N/A	N/A
EXTRA_COLUMN9	N/A	N/A	N/A
EXTRA_COLUMN10	N/A	N/A	N/A
SOURCE_NAME	<sname>	Text/String	N/A
LOG_FILE_NAME	N/A	N/A	N/A
KEYWORDS_NAME	N/A	N/A	N/A
TASK_CATEGORY_NAME	N/A	N/A	N/A
TASK_CATEGORY_ID	N/A	N/A	N/A
CONFIGURED_DOMAIN_NAME	N/A	N/A	N/A