Document toolboxDocument toolbox

cloud - Cloud

This group includes tags that start with the level cloud. These tags identify data generated by Cloud services.

Company

Product / Service

Data tables

Company

Product / Service

Data tables

Alibaba cloud

  • cloud.alibaba.actiontrail.events

  • cloud.alibaba.log_service.events

More information

Cloudflare + AWS

  • cloud.aws.cloudflare.events

More information

AWS CloudFront

  • cloud.aws.cloudfront.rmtp_1

  • cloud.aws.cloudfront.web_1

More information

AWS CloudTrail

  • cloud.aws.cloudtrail

  • cloud.aws.cloudtrail.access_analyzer

  • cloud.aws.cloudtrail.acm

  • cloud.aws.cloudtrail.acm_pca

  • cloud.aws.cloudtrail.amazonmq

  • cloud.aws.cloudtrail.apigateway

  • cloud.aws.cloudtrail.appmesh

  • cloud.aws.cloudtrail.appstream

  • cloud.aws.cloudtrail.appsync

  • cloud.aws.cloudtrail.athena

  • cloud.aws.cloudtrail.audit

  • cloud.aws.cloudtrail.autoscaling

  • cloud.aws.cloudtrail.backup

  • cloud.aws.cloudtrail.batch

  • cloud.aws.cloudtrail.billingconsole

  • cloud.aws.cloudtrail.budgets

  • cloud.aws.cloudtrail.ce

  • cloud.aws.cloudtrail.cloudformation

  • cloud.aws.cloudtrail.cloudfront

  • cloud.aws.cloudtrail.cloudhsm

  • cloud.aws.cloudtrail.cloudsearch

  • cloud.aws.cloudtrail.cloudshell

  • cloud.aws.cloudtrail.cloudtrail

  • cloud.aws.cloudtrail.codeartifact

  • cloud.aws.cloudtrail.codebuild

  • cloud.aws.cloudtrail.codecommit

  • cloud.aws.cloudtrail.codedeploy

  • cloud.aws.cloudtrail.codepipeline

  • cloud.aws.cloudtrail.cognito_identify

  • cloud.aws.cloudtrail.cognito_idp

  • cloud.aws.cloudtrail.comprehend

  • cloud.aws.cloudtrail.config

  • cloud.aws.cloudtrail.datapipeline

  • cloud.aws.cloudtrail.dax

  • cloud.aws.cloudtrail.digest_logfile

  • cloud.aws.cloudtrail.digest_meta

  • cloud.aws.cloudtrail.directconnect

  • cloud.aws.cloudtrail.dms

  • cloud.aws.cloudtrail.ds

  • cloud.aws.cloudtrail.dynamodb

  • cloud.aws.cloudtrail.ec2

  • cloud.aws.cloudtrail.ecr

  • cloud.aws.cloudtrail.ecr_public

  • cloud.aws.cloudtrail.ecs

  • cloud.aws.cloudtrail.elasticache

  • cloud.aws.cloudtrail.elasticbeanstalk

  • cloud.aws.cloudtrail.elasticloadbalancing

  • cloud.aws.cloudtrail.elasticmapreduce

  • cloud.aws.cloudtrail.elastictranscoder

  • cloud.aws.cloudtrail.es

  • cloud.aws.cloudtrail.events

  • cloud.aws.cloudtrail.firehose

  • cloud.aws.cloudtrail.fsx

  • cloud.aws.cloudtrail.glacier

  • cloud.aws.cloudtrail.glue

  • cloud.aws.cloudtrail.guardduty

  • cloud.aws.cloudtrail.health

  • cloud.aws.cloudtrail.iam

  • cloud.aws.cloudtrail.identifystore

  • cloud.aws.cloudtrail.insights

  • cloud.aws.cloudtrail.inspector

  • cloud.aws.cloudtrail.kafka

  • cloud.aws.cloudtrail.kinesis

  • cloud.aws.cloudtrail.kinesisanalytics

  • cloud.aws.cloudtrail.kinesisvideo

  • cloud.aws.cloudtrail.kms

  • cloud.aws.cloudtrail.lakeformation

  • cloud.aws.cloudtrail.lambda

  • cloud.aws.cloudtrail.license_manager

  • cloud.aws.cloudtrail.lightsail

  • cloud.aws.cloudtrail.logs

  • cloud.aws.cloudtrail.mediaconnect

  • cloud.aws.cloudtrail.mediaconvert

  • cloud.aws.cloudtrail.mediapackage

  • cloud.aws.cloudtrail.mediastore

  • cloud.aws.cloudtrail.mediatailor

  • cloud.aws.cloudtrail.monitoring

  • cloud.aws.cloudtrail.network_firewall

  • cloud.aws.cloudtrail.opsworks

  • cloud.aws.cloudtrail.opsworks_cm

  • cloud.aws.cloudtrail.optimizer

  • cloud.aws.cloudtrail.organizations

  • cloud.aws.cloudtrail.pi

  • cloud.aws.cloudtrail.pricelist

  • cloud.aws.cloudtrail.ram

  • cloud.aws.cloudtrail.rds

  • cloud.aws.cloudtrail.redshift

  • cloud.aws.cloudtrail.rekognition

  • cloud.aws.cloudtrail.resource_groups

  • cloud.aws.cloudtrail.route53

  • cloud.aws.cloudtrail.route53domains

  • cloud.aws.cloudtrail.route53resolver

  • cloud.aws.cloudtrail.s3

  • cloud.aws.cloudtrail.sagemaker

  • cloud.aws.cloudtrail.savingsplans

  • cloud.aws.cloudtrail.schemas

  • cloud.aws.cloudtrail.secretsmanager

  • cloud.aws.cloudtrail.securityhub

  • cloud.aws.cloudtrail.servicecatalog

  • cloud.aws.cloudtrail.servicecatalog_appregistry

  • cloud.aws.cloudtrail.servicediscovery

  • cloud.aws.cloudtrail.servicesquotas

  • cloud.aws.cloudtrail.ses

  • cloud.aws.cloudtrail.shield

  • cloud.aws.cloudtrail.signin

  • cloud.aws.cloudtrail.sms

  • cloud.aws.cloudtrail.sns

  • cloud.aws.cloudtrail.soo_directory

  • cloud.aws.cloudtrail.sqs

  • cloud.aws.cloudtrail.ssm

  • cloud.aws.cloudtrail.states

  • cloud.aws.cloudtrail.storagegateway

  • cloud.aws.cloudtrail.sts

  • cloud.aws.cloudtrail.support

  • cloud.aws.cloudtrail.swf

  • cloud.aws.cloudtrail.tagging

  • cloud.aws.cloudtrail.translate

  • cloud.aws.cloudtrail.trustedadvisor

  • cloud.aws.cloudtrail.waf

  • cloud.aws.cloudtrail.waf_regional

  • cloud.aws.cloudtrail.wafv2

  • cloud.aws.cloudtrail.wellarchitected

  • cloud.aws.cloudtrail.workspaces

  • cloud.aws.cloudtrail.xray

More information

AWS CloudWatch

  • cloud.aws.cloudwatch.alarm

  • cloud.aws.cloudwatch.events

  • cloud.aws.cloudwatch.logs

  • cloud.aws.cloudwatch.metrics

More information

AWS Config

  • cloud.aws.configlogs.events

More information

AWS Network Firewall

  • cloud.aws.firewall.alert

  • cloud.aws.firewall.netflow

More information

AWS GuardDuty

  • cloud.aws.guardduty.events

  • cloud.aws.guardduty.findings

More information

Amazon Security Lake

  • cloud.aws.security_lake.event

More information

AWS Security Hub

  • cloud.aws.securityhub.findings

More information

AWS Simple Queue Service (SQS)

  • cloud.aws.sqs.audit

More information

Amazon VPC

  • cloud.aws.vpc.flow

More information

AWS Web Application Firewall (WAF)

  • cloud.aws.waf.logs

More information

Microsoft Azure

  • cloud.azure

More information

Azure Activity log

  • cloud.azure.activity.events

More information

Azure Active Directory

  • cloud.azure.ad.alerts

  • cloud.azure.ad.audit

  • cloud.azure.ad.identityprotection

  • cloud.azure.ad.managed_identity_signin

  • cloud.azure.ad.noninteractive_user_signin

  • cloud.azure.ad.provisioning

  • cloud.azure.ad.risky_service_principals

  • cloud.azure.ad.risky_users

  • cloud.azure.ad.service_principal_risk_events

  • cloud.azure.ad.service_principal_signin

  • cloud.azure.ad.signin

  • cloud.azure.ad.user_risk_events

More information

Azure Kubernetes Service

  • cloud.azure.aks

  • cloud.azure.aks.cluster_autoscaler

  • cloud.azure.aks.containerlog

  • cloud.azure.aks.guard

  • cloud.azure.aks.kube_apiserver

  • cloud.azure.aks.kube_audit

  • cloud.azure.aks.kube_audit_admin

  • cloud.azure.aks.kube_controller_manager

  • cloud.azure.aks.kube_scheduler

More information

Azure API Management

  • cloud.azure.apimanagement.gatewaylogs

More information

Azure Application Gateway

  • cloud.azure.appgateway.access_log

  • cloud.azure.appgateway.administrative

  • cloud.azure.appgateway.firewall_log

  • cloud.azure.appgateway.policy

More information

Azure App Service

  • cloud.azure.appservice.access_audit

  • cloud.azure.appservice.administrative

  • cloud.azure.appservice.app

  • cloud.azure.appservice.application

  • cloud.azure.appservice.console

  • cloud.azure.appservice.environment_platform

  • cloud.azure.appservice.http

  • cloud.azure.appservice.ipsecurity_audit

  • cloud.azure.appservice.platform

  • cloud.azure.appservice.policy

More information

Azure Components

  • cloud.azure.components.process

More information

Azure Container Registry

  • cloud.azure.contregistry.login

More information

Azure Cosmos DB

  • cloud.azure.cosmosdb.control_plane_requests

  • cloud.azure.cosmosdb.date_plane_requests

  • cloud.azure.cosmosdb.metrics

  • cloud.azure.cosmosdb.mongo_requests

  • cloud.azure.cosmosdb.partition_key_ru_consumption

  • cloud.azure.cosmosdb.partition_key_statistics

  • cloud.azure.cosmosdb.query_runtime_statistics

More information

Azure Data Factory

  • cloud.azure.datafactory.administrative

More information

Azure Event Hub

  • cloud.azure.eh.events

  • cloud.azure.eh.metrics

More information

Azure Data Factory

  • cloud.azure.factories.activity_runs

  • cloud.azure.factories.pipeline_runs

  • cloud.azure.factories.sandbox_activity_runs

  • cloud.azure.factories.sandbox_pipeline_runs

  • cloud.azure.factories.trigger_runs

More information

Azure Firewall

  • cloud.azure.firewall.application_rule

  • cloud.azure.firewall.dns_proxy

  • cloud.azure.firewall.network_rule

More information

Azure Front Door

  • cloud.azure.frontdoor.access

  • cloud.azure.frontdoor.waf

More information

Azure Host Pool

  • cloud.azure.hostpools

  • cloud.azure.hostpools.agenthealthstatus

  • cloud.azure.hostpools.checkpoint

  • cloud.azure.hostpools.connection

  • cloud.azure.hostpools.error

  • cloud.azure.hostpools.management

More information

Azure Key Vault

  • cloud.azure.keyvault.administrative

  • cloud.azure.keyvault.audit

  • cloud.azure.keyvault.azure_monitor

  • cloud.azure.keyvault.policy

  • cloud.azure.keyvault.policy_evaluation_details

More information

Azure managed clusters

  • cloud.azure.managedclusters.cloud_controller_manager

  • cloud.azure.managedclusters.csi_azuredisk_controller

  • cloud.azure.managedclusters.csi_azurefile_controller

  • cloud.azure.managedclusters.csi_snapshot_controller

More information

Azure Monitor Metrics

  • cloud.azure.metrics.metricsBlobLog

  • cloud.azure.metrics.metricsCapacityBlob

  • cloud.azure.metrics.metricsTableLog

  • cloud.azure.metrics.metricsTransactions

  • cloud.azure.metrics.metricsTransactionsBlob

  • cloud.azure.metrics.metricsTransactionsQueue

  • cloud.azure.metrics.metricsTransactionsTable

More information

Azure x Microsoft Defender

  • cloud.azure.microsoft_defender.alerts

  • cloud.azure.microsoft_defender.scorecontrol

  • cloud.azure.microsoft_defender.scores

More information

Azure Monitor

  • cloud.azure.monitor.alert

  • cloud.azure.monitor.audit

More information

Azure network security groups

  • cloud.azure.nsg.flow

More information

Azure Monitor Metrics: other metrics

  • cloud.azure.others.administrative

  • cloud.azure.others.autoscale

  • cloud.azure.others.events

  • cloud.azure.others.policy

  • cloud.azure.others.recommendation

  • cloud.azure.others.resourcehealth

More information

Azure Database for PostgreSQL

  • cloud.azure.postgresql.events

More information

Azure Network Security

  • cloud.azure.sec.nsg

  • cloud.azure.sec.rms

More information

Azure Security Center

  • cloud.azure.securitycenter.alerts

  • cloud.azure.securitycenter.security

More information

Azure x Sentinel

  • cloud.azure.sentinel.alerts

More information

Azure Service Bus

  • cloud.azure.servicebus.metrics

  • cloud.azure.servicebus.operational

More information

Azure Site Recovery

  • cloud.azure.siterecovery.addon_backup_jobs

  • cloud.azure.siterecovery.addon_backup_policy

  • cloud.azure.siterecovery.addon_backup_protected_inst

  • cloud.azure.siterecovery.addon_backup_storage

  • cloud.azure.siterecovery.backup_report

  • cloud.azure.siterecovery.core_backup

  • cloud.azure.siterecovery.site_rec_recovery_points

  • cloud.azure.siterecovery.site_rec_rep_stats

  • cloud.azure.siterecovery.site_rec_replicated_items

More information

Azure SQL Database

  • cloud.azure.sql.audit

  • cloud.azure.sql.automatic_tuning

  • cloud.azure.sql.query_store_runtime

  • cloud.azure.sql.resourceusagestats

  • cloud.azure.sql.securityauditevents

More information

Azure Storage Server

  • cloud.azure.storage.administrative

  • cloud.azure.storage.resourcehealth

  • cloud.azure.storage.storagedelete

  • cloud.azure.storage.storageread

  • cloud.azure.storage.storagewrite

More information

Azure Traffic Manager

  • cloud.azure.traffic_manager.probe_health_status

More information

Azure Virtual Network

  • cloud.azure.virtualnetwork.net_sec_group_event

  • cloud.azure.virtualnetwork.net_sec_group_rule_counter

More information

Azure Virtual Machines

  • cloud.azure.vm.administrative

  • cloud.azure.vm.applicationevent

  • cloud.azure.vm.metrics_simple

  • cloud.azure.vm.policy

  • cloud.azure.vm.recommendation

  • cloud.azure.vm.resourcehealth

  • cloud.azure.vm.securityevent

  • cloud.azure.vm.systemevent

  • cloud.azure.vm.unix

  • cloud.azure.vm.unknown_events

More information

Azure Virtual Machine Scale Sets

  • cloud.azure.vmscalesets.administrative

  • cloud.azure.vmscalesets.autoscale

  • cloud.azure.vmscalesets.policy

  • cloud.azure.vmscalesets.resourcehealth

More information

Azure VPN Gateway

  • cloud.azure.vngateways.ikediagnos

More information

Azure Diagnostics extension

  • cloud.azure.wad.waddirectories

  • cloud.azure.wad.wadperformancecounters

  • cloud.azure.wad.wadwindowseventlogs

More information

Azure workflows

  • cloud.azure.workflows.workflow_runtime

More information

Box cloud content management

  • cloud.box.collaborations

  • cloud.box.events

  • cloud.box.files

  • cloud.box.folders

  • cloud.box.groups

  • cloud.box.users

More information

 

Cloud Foundry application

  • cloud.cloud_foundry.application

  • cloud.cloud_foundry.bosh

  • cloud.cloud_foundry.cloud_controller_ng

  • cloud.cloud_foundry.credhub

  • cloud.cloud_foundry.rep

  • cloud.cloud_foundry.route_emitter

  • cloud.cloud_foundry.route_registrar

  • cloud.cloud_foundry.service_metrics

  • cloud.cloud_foundry.uaa

More information

Cloudflare

  • cloud.cloudflare.logpush

  • cloud.cloudflare.logpush.http

More information

 

Google Cloud Platform

  • cloud.gcp

More information

Google Cloud BigQuery

  • cloud.gcp.bigquery.gmail

More information

Google Cloud Armor

  • cloud.gcp.cloud_armor.adaptive_protection

  • cloud.gcp.cloud_armor.events

More information

Google Cloud Audit

  • cloud.gcp.cloudaudit

  • cloud.gcp.cloudaudit.activity

  • cloud.gcp.cloudaudit.bigquery

  • cloud.gcp.cloudaudit.data_access

  • cloud.gcp.cloudaudit.k8s

  • cloud.gcp.cloudaudit.login

  • cloud.gcp.cloudaudit.policy

  • cloud.gcp.cloudaudit.project

  • cloud.gcp.cloudaudit.system_event

  • cloud.gcp.scc.event_threat

More information

Google Compute Engine

  • cloud.gcp.compute.firewall

  • cloud.gcp.compute.shielded_vm_integrity

More information

Google Cloud DNS

  • cloud.gcp.dns.dns_queries

More information

Google Cloud GCEGuestAgent

  • cloud.gcp.gceguestagent.none

More information

Google Cloud IDS

  • cloud.gcp.ids.threat

More information

Google Cloud OS Config agent

  • cloud.gcp.osconfigagent.none

More information

Google Cloud Platform requests

  • cloud.gcp.requests

More information

GCP Security Command Center

  • cloud.gcp.scc.event_threat

  • cloud.gcp.scc.findings

More information

Google Cloud’s operations suite (formerly Stackdriver)

  • cloud.gcp.stackdriver.log

More information

GCP Standard Error Messages

  • cloud.gcp.stderr

More information

GCP Standard Output

  • cloud.gcp.stdout

More information

GCP Syslog

  • cloud.gcp.syslog.none

More information

GCP Threat Detection

  • cloud.gcp.threatdetection.detection

More information

-

  • cloud.gcp.unknown.none

More information

Google logs

  • cloud.google.activity

  • cloud.google.audit

More information

 

Google Workspace admin logs

  • cloud.gsuite.admin.alertcenter

More information

Google Workspace alerts

  • cloud.gsuite.alerts

  • cloud.gsuite.alerts.activity_rule

  • cloud.gsuite.alerts.appmaker_default_cloud_sql_setup

  • cloud.gsuite.alerts.customer_takeout_initiated

  • cloud.gsuite.alerts.data_loss_prevention

  • cloud.gsuite.alerts.device_compromised

  • cloud.gsuite.alerts.google_operations

  • cloud.gsuite.alerts.government_attack_warning

  • cloud.gsuite.alerts.leaked_password

  • cloud.gsuite.alerts.malware_reclassification

  • cloud.gsuite.alerts.misconfigured_whitelist

  • cloud.gsuite.alerts.phising_reclassification

  • cloud.gsuite.alerts.super_admin_password_reset

  • cloud.gsuite.alerts.suspicious_activity

  • cloud.gsuite.alerts.suspicious_login

  • cloud.gsuite.alerts.suspicious_login_less_secure_app

  • cloud.gsuite.alerts.suspicious_message_reported

  • cloud.gsuite.alerts.suspicious_programmatic_login

  • cloud.gsuite.alerts.user_reported_phising

  • cloud.gsuite.alerts.user_reported_spam_spike

  • cloud.gsuite.alerts.user_suspended

  • cloud.gsuite.alerts.user_suspended_spam

  • cloud.gsuite.alerts.user_suspended_spam_through_relay

  • cloud.gsuite.alerts.user_suspended_suspicious_activity

More information

Google Workspace audit logs

  • cloud.gsuite.audit.accesstransparency

  • cloud.gsuite.audit.admin

  • cloud.gsuite.audit.drive

  • cloud.gsuite.audit.login

  • cloud.gsuite.audit.mobile

  • cloud.gsuite.audit.token

  • cloud.gsuite.audit.useraccount

More information

Google Workspace reports

  • cloud.gsuite.reports

  • cloud.gsuite.reports.access_transparency

  • cloud.gsuite.reports.admin

  • cloud.gsuite.reports.calendar

  • cloud.gsuite.reports.chat

  • cloud.gsuite.reports.data_studio

  • cloud.gsuite.reports.drive

  • cloud.gsuite.reports.gcp

  • cloud.gsuite.reports.gplus

  • cloud.gsuite.reports.groups

  • cloud.gsuite.reports.groups_enterprise

  • cloud.gsuite.reports.jamboard

  • cloud.gsuite.reports.login

  • cloud.gsuite.reports.meet

  • cloud.gsuite.reports.mobile

  • cloud.gsuite.reports.rules

  • cloud.gsuite.reports.saml

  • cloud.gsuite.reports.token

  • cloud.gsuite.reports.user_accounts

More information

IBM Cloud Activity Tracker

  • cloud.ibm.activity_tracker.audit

More information

IBM SoftLayer

  • cloud.ibm.softlayer.event_log

More information

IBM Cloud Virtual Private Cloud (VPC)

  • cloud.ibm.vpc.flow_log

More information

Cisco Meraki

  • cloud.meraki.api.changelog

More information

Microsoft Graph

  • cloud.msgraph

  • cloud.msgraph.security.alerts

  • cloud.msgraph.security.alerts_v2

  • cloud.msgraph.security.scorecontrol

  • cloud.msgraph.security.scores

More information

Netskope cloud

  • cloud.netskope.events

More information

Microsoft 365

  • cloud.office365

More information

Microsoft 365 Azure Active Directory

  • cloud.office365.aad

More information

Microsoft Defender for Cloud Apps alerts

  • cloud.office365.cloud_apps.alerts

More information

Microsoft 365 Data Loss Prevention

  • cloud.office365.dlp

More information

Microsoft Defender for Endpoint alerts

  • cloud.office365.endpoint.alerts

More information

Microsoft 365 Exchange

  • cloud.office365.exchange

More information

Microsoft 365 Identity Alerts

  • cloud.office365.identity.alerts

More information

Microsoft 365 management

  • cloud.office365.management

Union table - cloud.office365.management

This is a union table that collects events from a set of tables for easy access and analysis.

Learn more about this union table in this article.

  • cloud.office365.management_all

  • cloud.office365.oldmanagement

  • cloud.office365.management.aip

  • cloud.office365.management.airinvestigation

  • cloud.office365.management.azureactivedirectory

  • cloud.office365.management.cca

  • cloud.office365.management.compliance

  • cloud.office365.management.compliancemanager

  • cloud.office365.management.complianceposturemanager

  • cloud.office365.management.corereporting

  • cloud.office365.management.crm

  • cloud.office365.management.dlpsensitiveinformationtype

  • cloud.office365.management.endpoint

  • cloud.office365.management.exchange

  • cloud.office365.management.mcas

  • cloud.office365.management.microsoftflow

  • cloud.office365.management.microsoftforms

  • cloud.office365.management.microsoftstream

  • cloud.office365.management.microsoftteams

  • cloud.office365.management.mip

  • cloud.office365.management.myanalytics

  • cloud.office365.management.officeapps

  • cloud.office365.management.onedrive

  • cloud.office365.management.onedriveforbusiness

  • cloud.office365.management.powerapps

  • cloud.office365.management.powerbi

  • cloud.office365.management.powerplatformadmin

  • cloud.office365.management.project

  • cloud.office365.management.publicendpoint

  • cloud.office365.management.quarantine

  • cloud.office365.management.rdl

  • cloud.office365.management.se

  • cloud.office365.management.securitycompliancecenter

  • cloud.office365.management.sharepoint

  • cloud.office365.management.skypeforbusiness

  • cloud.office365.management.threatintelligence

  • cloud.office365.management.workplaceanalytics

  • cloud.office365.management.yammer

  • cloud.office365.oldmanagement

More information

Microsoft 365 message tracing

  • cloud.office365.messagetracing

More information

Microsoft 365 OneDrive

  • cloud.office365.onedrive

More information

-

  • cloud.office365.other

More information

Microsoft 365 reports

  • cloud.office365.reporting.atptraffic

  • cloud.office365.reporting.dlp

  • cloud.office365.reporting.dlpdetail

  • cloud.office365.reporting.maildetailatp

  • cloud.office365.reporting.mailtraffic

  • cloud.office365.reporting.messagetrace

  • cloud.office365.reporting.safelinksdetail

  • cloud.office365.reporting.spoofmail

More information

Microsoft 365 security events

  • cloud.office365.security.alerts

  • cloud.office365.security.scorecontrol

  • cloud.office365.security.scores

More information

Microsoft 365 Security & Compliance Center

  • cloud.office365.securitycompliancecenter

More information

Microsoft 365 SharePoint

  • cloud.office365.sharepoint

More information

Microsoft 365 SIEM agent

  • cloud.office365.siem_agent_alert

  • cloud.office365.siem_agent_event

More information

Microsoft 365 Teams

  • cloud.office365.teams

More information

Prisma Cloud

  • cloud.paloalto.prisma.alert

  • cloud.paloalto.prisma.audit

  • cloud.paloalto.prisma.inventory_trend

  • cloud.paloalto.prisma.inventory_view

More information

Rubrik cloud data management

  • cloud.rubrik.events

More information

Snowflake

  • cloud.snowflake.logins

More information

Sophos Central

  • cloud.sophos.central.alerts

  • cloud.sophos.central.events

More information

Twistlock

  • cloud.twistlock.events

More information

VMware Tanzu Operations Manager

  • cloud.vmware_tanmzu.opsmanager.audit

More information