[Filebeat]Azure module - activity logs

filebeat/docs/fields.asciidoc

@@ -15,6 +15,7 @@ grouped in the following categories:
 * <<exported-fields-apache>>
 * <<exported-fields-auditd>>
 * <<exported-fields-aws>>
+* <<exported-fields-azure>>
 * <<exported-fields-beat-common>>
 * <<exported-fields-cef>>
 * <<exported-fields-cef-module>>
@@ -1241,6 +1242,249 @@ type: keyword
 
 --
 
+[[exported-fields-azure]]
+== azure fields
+
+azure Module
+
+
+
+[float]
+=== azure
+
+
+
+
+[float]
+=== activitylogs
+
+Fields for azure Activity logs.
+
+
+
+[float]
+=== identity
+
+The canonical user ID of the owner of the source bucket.
+
+
+
+*`azure.activitylogs.identity.claims.*`*::
++
+--
+Claims
+
+
+type: object
+
+--
+
+[float]
+=== authorization
+
+Node allocatable pods
+
+
+
+[float]
+=== evidence
+
+Node allocatable pods
+
+
+
+*`azure.activitylogs.identity.authorization.evidence.roleAssignmentScope`*::
++
+--
+Role assignment scope
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.identity.authorization.evidence.roleDefinitionId`*::
++
+--
+Role definition ID
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.identity.authorization.evidence.role`*::
++
+--
+Role
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.identity.authorization.evidence.roleAssignmentId`*::
++
+--
+Role assignment ID
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.identity.authorization.evidence.principalId`*::
++
+--
+Principal ID
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.identity.authorization.evidence.principalType`*::
++
+--
+Principal type
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.identity.scope`*::
++
+--
+Scope
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.identity.action`*::
++
+--
+Action
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.correlationId`*::
++
+--
+Correlation ID
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.resultType`*::
++
+--
+Result Type
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.callerIpAddress`*::
++
+--
+Caller Ip address
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.resourceID`*::
++
+--
+Resource ID
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.level`*::
++
+--
+Level
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.operationName`*::
++
+--
+Operation name
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.resultSignature`*::
++
+--
+Result signature
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.properties.*`*::
++
+--
+Properties
+
+
+type: object
+
+--
+
+*`azure.activitylogs.location`*::
++
+--
+Location
+
+
+type: keyword
+
+--
+
+*`azure.activitylogs.category`*::
++
+--
+Category
+
+
+type: keyword
+
+--
+
+[float]
+=== auditlogs
+
+Fields for azure audit logs.
+
+
+[float]
+=== signinlogs
+
+Fields for azure audit logs.
+
+
 [[exported-fields-beat-common]]
 == Beat fields
 

filebeat/docs/modules/azure.asciidoc

@@ -0,0 +1,60 @@
+////
+This file is generated! See scripts/docs_collector.py
+////
+
+[[filebeat-module-azure]]
+:modulename: azure
+:has-dashboards: true
+
+== azure module
+
+This is the azure module.
+
+include::../include/what-happens.asciidoc[]
+
+[float]
+=== Compatibility
+
+TODO: document with what versions of the software is this tested
+
+
+include::../include/running-modules.asciidoc[]
+
+[float]
+=== Example dashboard
+
+This module comes with a sample dashboard. For example:
+
+TODO: include an image of a sample dashboard. If you do not include a dashboard,
+remove this section and set `:has-dashboards: false` at the top of this file.
+
+include::../include/configuring-intro.asciidoc[]
+
+TODO: provide an example configuration
+
+:fileset_ex: {fileset}
+
+include::../include/config-option-intro.asciidoc[]
+
+TODO: document the variables from each fileset. If you're describing a variable
+that's common to other modules, you can reuse shared descriptions by including
+the relevant file. For example:
+
+[float]
+==== `{fileset}` log fileset settings
+
+include::../include/var-paths.asciidoc[]
+
+:has-dashboards!:
+
+:fileset_ex!:
+
+:modulename!:
+
+
+[float]
+=== Fields
+
+For a description of each field in the module, see the
+<<exported-fields-azure,exported fields>> section.
+

filebeat/docs/modules_list.asciidoc

@@ -6,6 +6,7 @@ This file is generated! See scripts/docs_collector.py
   * <<filebeat-module-apache>>
   * <<filebeat-module-auditd>>
   * <<filebeat-module-aws>>
+  * <<filebeat-module-azure>>
   * <<filebeat-module-cef>>
   * <<filebeat-module-cisco>>
   * <<filebeat-module-coredns>>
@@ -44,6 +45,7 @@ include::modules-overview.asciidoc[]
 include::modules/apache.asciidoc[]
 include::modules/auditd.asciidoc[]
 include::modules/aws.asciidoc[]
+include::modules/azure.asciidoc[]
 include::modules/cef.asciidoc[]
 include::modules/cisco.asciidoc[]
 include::modules/coredns.asciidoc[]