This release includes minor mapping adjustments to Duo and MS Graph Identify Protection Risk logs. Specific changes are enumerated below.
Log Mappersβ
- [Updated] Duo Security Admin API - Audit
- Added mappings for source host and source IP
- [Updated] Duo Security Admin API - Authentication
- Added mappings for source host and source IP
- [Updated] Duo Security Admin API - Non-User Audit Changes
- Added mappings for source host and source IP
- [Updated] Duo Security Admin API - Targeted User Audit Changes
- Added mappings for source host and source IP
- [Updated] Microsoft Graph Identity Protection API C2C - riskDetections
- Added principal as primary
user_usernamekey
- Added principal as primary
- [Updated] Microsoft Graph Identity Protection API C2C - riskyUsers
- Added principal as primary
user_usernamekey
- Added principal as primary
tip
For all the up-to-date Cloud SIEM content, see the Cloud SIEM Content Catalog.