casb.microsoft
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tags beginning with casb.microsoft identify events generated by Microsoft.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as casb.microsoft. The third level identifies the type of events sent.
Technology | Brand | Type | Subtype |
|---|---|---|---|
casb | microsoft |
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
casb.microsoft_defender.cloud_apps.activities | casb.microsoft_defender.cloud_apps.activities |
casb.microsoft_defender.cloud_apps.alerts | casb.microsoft_defender.cloud_apps.alerts |
casb.microsoft_defender.cloud_apps.entities | asb.microsoft_defender.cloud_apps.entities |
casb.microsoft_defender.cloud_apps.files | casb.microsoft_defender.cloud_apps.files |
casb.microsoft_defender.cloud_apps.data_enrichment | casb.microsoft_defender.cloud_apps.data_enrichment |
Table structure
This is the set displayed by these tables.