Skip to content

Commit 4e29f2c

Browse files
sharonfi99sharonfi99
authored
Enhancment for MicrosoftEntraID (#43586)
* enhancment for MicrosoftEntraID * added release notes * added release notes
1 parent e2717d6 commit 4e29f2c

3 files changed

Lines changed: 8 additions & 1 deletion

File tree

Packs/MicrosoftEntraID/ModelingRules/MicrosoftEntraID/MicrosoftEntraID.xif

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -185,6 +185,7 @@ filter category in("Administrative", "Policy", "Alert") and (CategoryValue = nul
185185
| alter
186186
xdm.event.type = arrayindex(split(operationName, "/"), 0),
187187
xdm.target.cloud.project_hierarchy = if(arraystring(split(properties -> hierarchy, "/"), "") != "", split(properties -> hierarchy, "/"), arraystring(arraycreate(properties -> tenantId, properties -> subscriptionId), "") != "", arraycreate(properties -> tenantId, properties -> subscriptionId), null),
188+
xdm.target.cloud.project_id = if(json_extract_scalar(properties , "$.subscriptionId") != null, json_extract_scalar(properties , "$.subscriptionId"), arraystring(split(properties -> hierarchy, "/"), "") != "", arrayindex(split(properties -> hierarchy, "/"), -1)),
188189
xdm.network.rule = if(category = "Policy", to_string (properties -> policies), null),
189190
xdm.alert.severity = if(to_string(SEVERITY) != "" and to_string(SEVERITY) != null, to_string(SEVERITY), null),
190191
xdm.alert.name = if(ALERT_NAME != "" and ALERT_NAME != null, ALERT_NAME, ruleName != "" and ruleName != null, ruleName, null),

Packs/MicrosoftEntraID/ReleaseNotes/1_0_25.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
2+
#### Modeling Rules
3+
4+
##### Microsoft Entra ID Modeling Rule
5+
6+
Updated the Microsoft Entra ID Modeling Rule to map the Subscription ID from Resource logs into **xdm.target.cloud.project_id**.

Packs/MicrosoftEntraID/pack_metadata.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
"name": "Azure Logs",
33
"description": "Normalizes various Azure logs to the Cortex Data Model (XDM) schema, including Azure Entra ID events ingested via the Office 365 data source and Azure logs ingested via the Azure Event Hub data source.",
44
"support": "xsoar",
5-
"currentVersion": "1.0.24",
5+
"currentVersion": "1.0.25",
66
"author": "Cortex XSOAR",
77
"url": "https://www.paloaltonetworks.com/cortex",
88
"email": "",

0 commit comments

Comments
 (0)