azure.Level replaced by log.level

SEKOIA-IO · Dec 20, 2024 · d0ea0ec · d0ea0ec
1 parent c891621
commit d0ea0ec
Show file tree

Hide file tree

Showing 10 changed files with 25 additions and 14 deletions.
diff --git a/Azure/azure-ad/_meta/fields.yml b/Azure/azure-ad/_meta/fields.yml
@@ -10,11 +10,6 @@ action.target:
   short: action.target
   type: keyword
 
-azuread.Level:
-  description: ''
-  name: azuread.Level
-  type: keyword
-
 azuread.activityDateTime:
   description: ''
   name: azuread.activityDateTime

diff --git a/Azure/azure-ad/ingest/parser.yml b/Azure/azure-ad/ingest/parser.yml
@@ -113,6 +113,7 @@ stages:
           user.id: "{{ parsed_event.message.userId}}"
           user.name: "{{ parsed_event.message.userPrincipalName}}"
           user_agent.original: "{{ parsed_event.message.userAgent }}"
+          log.level: "{{parsed_event.message.Level}}"
 
       - set:
           source.ip: "{{parsed_event.message.ipAddress}}"
@@ -128,7 +129,6 @@ stages:
           azuread.durationMs: "{{parsed_event.message.durationMs}}"
           azuread.correlationId: "{{parsed_event.message.correlationId}}"
           azuread.identity: "{{parsed_event.message.identity}}"
-          azuread.Level: "{{parsed_event.message.Level}}"
 
           azuread.activityDateTime: "{{parsed_event.message.activityDateTime}}"
           azuread.detectedDateTime: "{{parsed_event.message.detectedDateTime}}"

diff --git a/Azure/azure-ad/tests/empty_geolocalisation.json b/Azure/azure-ad/tests/empty_geolocalisation.json
@@ -19,7 +19,6 @@
       "outcome": "success"
     },
     "azuread": {
-      "Level": "4",
       "authenticationDetails": [
         {
           "RequestSequence": 1,
@@ -65,6 +64,9 @@
         "type": "Windows 10"
       }
     },
+    "log": {
+      "level": "4"
+    },
     "related": {
       "ip": [
         "2001:db8:85a3::8a2e:370:7334"

diff --git a/Azure/azure-ad/tests/sign-in_activity.json b/Azure/azure-ad/tests/sign-in_activity.json
@@ -20,7 +20,6 @@
       "outcome": "failure"
     },
     "azuread": {
-      "Level": "4",
       "authenticationDetails": [
         {
           "RequestSequence": 0,
@@ -68,6 +67,9 @@
         "type": "Windows 10"
       }
     },
+    "log": {
+      "level": "4"
+    },
     "related": {
       "ip": [
         "11.11.11.11"

diff --git a/Azure/azure-ad/tests/sign-in_activity2.json b/Azure/azure-ad/tests/sign-in_activity2.json
@@ -19,7 +19,6 @@
       "outcome": "success"
     },
     "azuread": {
-      "Level": "4",
       "authenticationDetails": [
         {
           "RequestSequence": 0,
@@ -67,6 +66,9 @@
         "type": "Windows 10"
       }
     },
+    "log": {
+      "level": "4"
+    },
     "related": {
       "ip": [
         "11.11.11.11"

diff --git a/Azure/azure-ad/tests/sign-in_activity3.json b/Azure/azure-ad/tests/sign-in_activity3.json
@@ -19,7 +19,6 @@
       "outcome": "success"
     },
     "azuread": {
-      "Level": "4",
       "authenticationDetails": [
         {
           "RequestSequence": 1,
@@ -76,6 +75,9 @@
         "type": "Ios"
       }
     },
+    "log": {
+      "level": "4"
+    },
     "related": {
       "ip": [
         "1.2.3.4"

diff --git a/Azure/azure-ad/tests/sign-in_activity4.json b/Azure/azure-ad/tests/sign-in_activity4.json
@@ -19,7 +19,6 @@
       "outcome": "success"
     },
     "azuread": {
-      "Level": "4",
       "authenticationDetails": [],
       "callerIpAddress": "11.11.11.11",
       "category": "SignInLogs",
@@ -63,6 +62,9 @@
         "type": "Ios"
       }
     },
+    "log": {
+      "level": "4"
+    },
     "related": {
       "hosts": [
         "LPTC-PC1M4VZQ"

diff --git a/Azure/azure-ad/tests/user_risk_detection.json b/Azure/azure-ad/tests/user_risk_detection.json
@@ -18,7 +18,6 @@
       "name": "User Risk Detection"
     },
     "azuread": {
-      "Level": "4",
       "callerIpAddress": "11.22.33.44",
       "category": "UserRiskEvents",
       "correlationId": "ef7868bd7e94b06ecd6cc965fc826c85d367bb5b9b083da9a26686786a791080",
@@ -41,6 +40,9 @@
       "resourceId": "/tenants/2d0c1986-ef7b-4bbf-8428-3c837471e7ad/providers/microsoft.aadiam",
       "tenantId": "2d0c1986-ef7b-4bbf-8428-3c837471e7ad"
     },
+    "log": {
+      "level": "4"
+    },
     "related": {
       "ip": [
         "11.22.33.44"

diff --git a/Azure/azure-ad/tests/user_risk_detection_2.json b/Azure/azure-ad/tests/user_risk_detection_2.json
@@ -24,7 +24,6 @@
       "name": "User Risk Detection"
     },
     "azuread": {
-      "Level": "4",
       "callerIpAddress": "11.22.33.44",
       "category": "UserRiskEvents",
       "correlationId": "ef7868bd7e94b06ecd6cc965fc826c85d367bb5b9b083da9a26686786a791080",
@@ -56,6 +55,9 @@
       "resourceId": "/tenants/2d0c1986-ef7b-4bbf-8428-3c837471e7ad/providers/microsoft.aadiam",
       "tenantId": "2d0c1986-ef7b-4bbf-8428-3c837471e7ad"
     },
+    "log": {
+      "level": "4"
+    },
     "related": {
       "ip": [
         "11.22.33.44"

diff --git a/Azure/azure-ad/tests/user_risk_detection_3.json b/Azure/azure-ad/tests/user_risk_detection_3.json
@@ -24,7 +24,6 @@
       "name": "User Risk Detection"
     },
     "azuread": {
-      "Level": "Information",
       "callerIpAddress": "1.2.3.4",
       "category": "UserRiskEvents",
       "correlationId": "0282dcdb9dd84498fb7d4cf8eaa9137b34129c85296c8411bf2bf15c76005cbd",
@@ -55,6 +54,9 @@
       "resourceId": "/tenants/92ab70e5-4447-4589-8725-97ab98960655/providers/microsoft.aadiam",
       "tenantId": "92ab70e5-4447-4589-8725-97ab98960655"
     },
+    "log": {
+      "level": "Information"
+    },
     "related": {
       "ip": [
         "1.2.3.4"