Hi all
I am currently using Azure security events DSM to parse the logs through microsoft graph API. Unfortunately as per IBM documentation it states only logs sent by provider : Azure security center would be parsed out successfully.
I am looking to parse identity protection logs sent from Azure. Did anyone perform the custom parsing for the event categories
Also, i do not have list of all categories to map it to a title (QID)
For example: see highlighted
"azureSubscriptionId":null,"riskScore":null,"tags":[],"activityGroupName":null,"assignedTo":null
,"category":"UnfamiliarLocation","closedDateTime":null,"comments":[],"confidence":null,"createdDateTime":"2021-02-22T11:05:08.0304112Z","description":"Sign-in with properties we've not seen recently for the given user","detectionIds":[],"eventDateTime":"2021-02-22T11:05:08.0304112Z","feedback":null,"incidentIds":[],"lastEventDateTime":null,"lastModifiedDateTime":"2021-02-22T11:07:21.7570425Z","recommendedActions":[],
"severity":"medium","sourceMaterials":[],"status":"newAlert",
"title":"Unfamiliar sign-in properties","vendorInformation":{
"provider":"IPC","providerVersion":null,"sub
------------------------------
Vijay Reddy
------------------------------