-
Notifications
You must be signed in to change notification settings - Fork 3k
DataSource Schema Reference
ashwin-patil edited this page Feb 4, 2020
·
4 revisions
Type | DataSource | logAnalytics Tablename | Schema Reference |
---|---|---|---|
Azure | Azure Active Directory | SigninEvents | Audit Log Schema |
Azure | Azure Active Directory | AuditLogs | Audit Log Schema |
Azure | Azure Active Directory | AzureActivity | Audit Log Schema |
Azure | Office | OfficeActivity |
Common Schema ExchangeAdmin Schema Exchange Mailbox Schema ShairPoint Base Schema ShairPoint File Operation Schema |
Azure | Azure Keyvault | AzureDiagnostics | Audit Log Schema |
Host | Linux | Syslog | Audit Log Schema |
Network | IIS Logs | W3CIISLog | Audit Log Schema |
Network | VMinsights | VMConnection | Audit Log Schema |
Network | Wire Data Solution | WireData | Audit Log Schema |
Network | NSG Flow Logs | AzureNetworkAnalytics | Audit Log Schema |
The below list references to vendor documentation to their own Syslog or CEF mapping documentation of various supported log types.
These contain either or both CEF Field mapping and Sample log for each log category type. We will make best effort to keep it fresh and updated, feel free to raise issues for broken links or additions to below list.
Log Collection guidelines refer Grand List: The Syslog and CEF source configuration grand list
- Ingest Custom Logs via REST API