Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Microsoft Teams Messages |
Base Rule |
General Microsoft Search Information |
Information |
|
Microsoft Teams Add on Message : Tab Added |
Sub Rule |
General PLUGIN Message |
Information |
|
Microsoft Teams Settings Changed |
Sub Rule |
Configuration Saved |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
TS |
N/A |
N/A |
N/A |
|
SESSID |
<session> |
Text/String |
Session information |
|
COMMAND |
<command> |
Text/String |
Command name |
|
USERTYPE |
N/A |
N/A |
Type of user |
|
USERKEY |
N/A |
N/A |
User key informations hexadecimal value |
|
WORKLOAD |
<process> <vendorinfo> |
Text/String |
Audit log record type |
|
RESULTCODE |
<result> |
Text/String |
Results |
|
OBJECT |
<object> |
Text/String |
Objectname |
|
USER |
<login>
|
Text/String |
SourceUserName |
|
SIP |
<sip> |
IP Address |
Source IP address |
|
VERSION |
<version> |
Number |
N/A |
|
ORGANIZATIONID |
N/A |
N/A |
N/A |
|
MESSAGEID |
N/A |
N/A |
N/A |
|
MEETUPID |
N/A |
N/A |
N/A |
|
MEMBERS.DisplayName |
N/A |
N/A |
N/A |
|
MEMBERS.Role |
N/A |
N/A |
N/A |
|
MEMBERS.UPN |
N/A |
N/A |
N/A |
|
TEAMNAME |
<group> |
Text/String |
N/A |
|
TEAMGUID |
N/A |
N/A |
N/A |
|
CHANNELNAME |
N/A |
N/A |
N/A |
|
CHANNELGUID |
N/A |
N/A |
N/A |
|
EXTRAPROPERTIES |
N/A |
N/A |
N/A |
|
OriginEnvironment |
<sname> |
Text/String |
N/A |
|
ADDONTYPE |
<tag1>
|
Text/String |
N/A |
|
ADDONNAME |
<objectname> |
Text/String |
N/A |
|
MODIFIEDPROPERTYNAME |
<action> |
Text/String |
N/A |
|
MODIFIEDPROPERTYOLDVALUE |
N/A |
N/A |
N/A |
|
MODIFIEDPROPERTYNEWVALUE |
<result> |
Text/String |
N/A |
|
EXTENDEDPROPERTIES |
N/A |
N/A |
N/A |