Skip to content

[azure,o365,m365_defender] ECS mapping improvements #13989

Closed
Enhancement
#14085
Closed
[azure,o365,m365_defender] ECS mapping improvements#13989
Enhancement
#14085
Assignees
chrisberkhout
Labels
Integration:azureAzure LogsIntegration:m365_defenderMicrosoft Defender XDRIntegration:o365Microsoft Office 365Team:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]enhancementNew feature or request
@chrisberkhout

Description

@chrisberkhout
chrisberkhout
opened on May 23, 2025

Description

Various suggested ECS field mapping updates to improve correlation of ingested events with other security telemetry, for the integrations azure, o365 and m365_defender.

Similar to the earlier work for symantec_endpoint_security in #13476.

Metadata

Metadata

Assignees

Labels

Integration:azureAzure LogsIntegration:m365_defenderMicrosoft Defender XDRIntegration:o365Microsoft Office 365Team:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]enhancementNew feature or request

Type

Enhancement

Fields

No fields configured for Enhancement.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions