Microsoft Teams Messages
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Microsoft Teams Messages | Base Rule | General Microsoft Search Information | Information |
| Microsoft Teams Add on Message : Tab Added | Sub Rule | General PLUGIN Message | Information |
| Microsoft Teams Settings Changed | Sub Rule | Configuration Saved | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| TS | N/A | N/A | N/A |
| SESSID | <session> | Text/String | Session information |
| COMMAND | <command> | Text/String | Command name |
| USERTYPE | N/A | N/A | Type of user |
| USERKEY | N/A | N/A | User key informations hexadecimal value |
| WORKLOAD | <process> <vendorinfo> | Text/String | Audit log record type |
| RESULTCODE | <result> | Text/String | Results |
| OBJECT | <object> | Text/String | Objectname |
| USER | <login> <domain> | Text/String | SourceUserName |
| SIP | <sip> | IP Address | Source IP address |
| VERSION | <version> | Number | N/A |
| ORGANIZATIONID | N/A | N/A | N/A |
| MESSAGEID | N/A | N/A | N/A |
| MEETUPID | N/A | N/A | N/A |
| MEMBERS.DisplayName | N/A | N/A | N/A |
| MEMBERS.Role | N/A | N/A | N/A |
| MEMBERS.UPN | N/A | N/A | N/A |
| TEAMNAME | <group> | Text/String | N/A |
| TEAMGUID | N/A | N/A | N/A |
| CHANNELNAME | N/A | N/A | N/A |
| CHANNELGUID | N/A | N/A | N/A |
| EXTRAPROPERTIES | N/A | N/A | N/A |
| OriginEnvironment | <sname> | Text/String | N/A |
| ADDONTYPE | <tag1> <objecttype> | Text/String | N/A |
| ADDONNAME | <objectname> | Text/String | N/A |
| MODIFIEDPROPERTYNAME | <action> | Text/String | N/A |
| MODIFIEDPROPERTYOLDVALUE | N/A | N/A | N/A |
| MODIFIEDPROPERTYNEWVALUE | <result> | Text/String | N/A |
| EXTENDEDPROPERTIES | N/A | N/A | N/A |