Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Tools/Transformations-Library
История
Sreedhar Ande 78b1d88141
Merge pull request #5023 from javiersoriano/patch-10 
Removing list of allowed values for region
 		2022-05-23 14:42:10 -07:00
..
Filtering Merge pull request #5024 from javiersoriano/patch-12 2022-05-23 14:41:48 -07:00
Masking Removing list of allowed values for region now 2022-05-20 13:52:24 +02:00
Media Adding Sentinel Transformations Library 2022-03-04 10:50:47 +01:00
Tagging Removing list of allowed regions 2022-05-20 13:58:08 +02:00
README.md Update README.md 2022-04-12 10:04:31 +02:00

README.md

Microsoft Sentinel Transformations Library

This repository contains samples for multiple scenarios that are possible thanks to the new Log Analytics Custom Logs v2 and pipeline transformation features.

Filtering

Ingestion time transformation allows you to drop specific fields from events or even full evets that you don't need to have in the workspace.

  1. Dropping fields
  2. Dropping entire records
  3. Multiple workspaces for independent entities

Enrichment/Tagging

Adding additional context to an event can greatly help analysts in their scoping and investigation process.

  1. Enriching an event or a field in the event with additional meaningful information
  2. Translating a value into a customers business related value (Geo, Departments,…)

PII Masking/Obfuscation

Another scenario is obfuscation or masking of PII information. This can be Social Security Numbers, email addresses, phone numbers, etc.

  1. Masking last 4 digits of SSN
  2. Removing email addresses