-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure module event.category incorrectly mapped #21259
Labels
needs_team
Indicates that the issue/PR needs a Team:* label
Comments
botelastic
bot
added
the
needs_team
Indicates that the issue/PR needs a Team:* label
label
Sep 23, 2020
This issue doesn't have a |
spoke to @leehinman. looks like this is a non issue in version 7.9. I have not confirmed, but will close based on his feedback pointing to this PR - #19376 |
This is still an issue in 7.9.1 see #21190 rules do not fire properly and also your point on documentation still stands. |
@pwen090 please see elastic/detection-rules#333 to address this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Our team is currently working on Azure rules and it appears that
event.category
in the Azure module has incorrect field mappings. We are seeingevent.category:Administrative
for Activity logs andevent.category:AuditLogs
for Audit logs. According to the documentation, neither appear to be valid values. Example issue with screenshot - elastic/detection-rules#197.For confirmed bugs, please report:
event.category
field.Screenshots
The text was updated successfully, but these errors were encountered: