Skip to main content
Skip table of contents

Threat Intelligence Messages

Vendor Documentation

https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference

Classification

Rule NameRule TypeCommon EventClassification
Threat Intelligence MessagesBase RuleGeneral Threat MessageActivity
Malware ActivitySub RuleDetected Malware ActivityMalware
Phishing ActivitySub RulePhishing ActivityAttack
Quarantine - High Confidence Phish EmailSub RuleFailed Phishing ActivityFailed Attack
Quarantine - Antispam Phish PolicySub RuleFailed Phishing ActivityFailed Attack
Move to JMF - Antiphish Spoof PolicySub RuleFailed Phishing ActivityFailed Attack

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
TSN/AN/AN/A 
SESSID<session>Text/StringSession information
COMMAND<command>Text/StringCommand name
USERTYPEN/A N/AType of user
USERKEYN/A N/AUser key information hexadecimal value
WORKLOAD <vendorinfo>Text/StringAudit log record type
RESULTCODEN/AN/AResult
OBJECTN/AN/AObject name
USER<login>
<domain>		Text/StringSource user name
SIP<sip>IP AddressSource IP address
DETAILSN/A N/AN/A 
CreationTimeN/A N/AN/A 
IDN/A N/AN/A 
OperationN/A N/AN/A 
OrganizationIdN/A N/AN/A 
RecordTypeN/A N/AN/A 
UserKeyN/A N/AN/A 
UserTypeN/AN/AN/A
VersionN/AN/AN/A
WorkloadN/AN/AN/A
ObjectidN/AN/AN/A
UseridN/AN/AN/A
AttachmentDataN/AN/AN/A
FileNameN/A N/AN/A 
FileTypeN/AN/AN/A
FileVerdictN/AN/AN/A
MalwareFamilyN/AN/AN/A
SHA256<hash>Text/StringN/A 
DetectionMethod<reason>Text/StringN/A 
DetectionTypeN/A N/AN/A 
EventDeepLink<url>Text/StringN/A 
InternetMessageIdN/A N/AN/A 
MessageTimeN/A N/AN/A 
NetworkMessageIdN/A N/AN/A 
P1Sender<sender>Text/StringSender information
P2Sender <result>Text/StringSender information
Policy<policy>
<tag2>		Text/StringPolicy
PolicyAction<action>
<tag3>		Text/StringPolicy action
Recipients<recipient>Text/StringRecipient information
SenderIp<sip>IP AddressSender IP information
subject<subject>Text/StringSubject
Verdict<threatname>
<tag1>		Text/StringN/A

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close