Updated device entities

oshezaf · oshezaf · commit 1ce6b94f51c6 · 2022-02-13T22:20:45.000+02:00
diff --git a/articles/sentinel/authentication-normalization-schema.md b/articles/sentinel/authentication-normalization-schema.md
@@ -172,9 +172,13 @@ In the following tables, *Type* refers to a logical type. For more information,
 | <a name="srcdvcid"></a>**SrcDvcId** | Optional | String | The ID of the source device as reported in the record. <br><br>For example: `ac7e9755-8eae-4ffc-8a02-50ed7a2216c3` |
 | **SrcDvcIdType** | Optional | DvcIdType | The type of [SrcDvcId](#srcdvcid). For more information, and  list of allowed values, see [DvcIdType](normalization-about-schemas.md#dvcidtype) in the [Schema Overview article](normalization-about-schemas.md).<br><br>**Note**: This field is required if [SrcDvcId](#srcdvcid) is used. |
 | **SrcDeviceType** | Optional | DeviceType | The type of the source device. For more information, and  list of allowed values, see [The Device entity](normalization-about-schemas.md#the-device-entity). |
-| <a name="srchostname"></a>**SrcHostname** |Optional | Hostname| The source device hostname, including domain information when available. For more information, see [The Device entity](normalization-about-schemas.md#the-device-entity). <br><br>Example: `Constoso\DESKTOP-1282V4D`|
-| **SrcHostnameType**|Optional | HostnameType |The type of [SrcHostname](#srchostname), if known. For more information and list of allowed values, see [HostnameType](normalization-about-schemas.md#hostnametype) in the [Schema Overview article](normalization-about-schemas.md). |
-|<a name="srcipaddr"></a>**SrcIpAddr**|Recommended |IP Address |The IP address of the source device. <br><br>Example: `185.175.35.214` |
+| <a name="srchostname"></a> **SrcHostname** | Recommended | Hostname | The source device hostname, excluding domain information. If no device name is available, store the relevant IP address in this field. <br><br>Example: `DESKTOP-1282V4D` |
+|<a name="srcdomain"></a> **SrcDomain** | Recommended | String | The domain of the source device.<br><br>Example: `Contoso` |
+| <a name="srcdomaintype"></a>**SrcDomainType** | Recommended | DomainType | The type of [SrcDomain](#srcdomain). For a list of allowed values and further information refer to [DomainType](normalization-about-schemas.md#domaintype) in the [Schema Overview article](normalization-about-schemas.md).<br><br>Required if [SrcDomain](#srcdomain) is used. |
+| **SrcFQDN** | Optional | String | The source device hostname, including domain information when available. <br><br>**Note**: This field supports both traditional FQDN format and Windows domain\hostname format. The [SrcDomainType](#srcdomaintype) field reflects the format used. <br><br>Example: `Contoso\DESKTOP-1282V4D` |
+| <a name="srcdvcid"></a>**SrcDvcId** | Optional | String |  The ID of the source device. If multiple IDs are available, use the most important one, and store the others in the fields `SrcDvc<DvcIdType>`.<br><br>Example: `ac7e9755-8eae-4ffc-8a02-50ed7a2216c3` |
+| **SrcDvcIdType** | Optional | DvcIdType | The type of [SrcDvcId](#srcdvcid). For a list of allowed values and further information refer to [DvcIdType](normalization-about-schemas.md#dvcidtype) in the [Schema Overview article](normalization-about-schemas.md). <br><br>**Note**: This field is required if [SrcDvcId](#srcdvcid) is used. |
+| **SrcDeviceType** | Optional | DeviceType | The type of the source device. For a list of allowed values and further information refer to [DeviceType](normalization-about-schemas.md#devicetype) in the [Schema Overview article](normalization-about-schemas.md). |
 | **SrcDvcOs**|Optional |String |The OS of the source device. <br><br>Example: `Windows 10` |
 |**SrcIsp** | Optional|String |The Internet Service Provider (ISP) used by the source device to connect to the internet. <br><br>Example: `corpconnect` |
 | **SrcGeoCountry**|Optional |Country |Example: `Canada` <br><br>For more information, see [Logical types](normalization-about-schemas.md#logical-types). |
@@ -195,11 +199,13 @@ In the following tables, *Type* refers to a logical type. For more information,
 | **TargetAppType**|Optional |AppType |The type of the application authorizing on behalf of the Actor. For more information, and allowed list of values, see [AppType](normalization-about-schemas.md#apptype) in the [Schema Overview article](normalization-about-schemas.md).|
 | <a name="targeturl"></a>**TargetUrl** |Optional |URL |The URL associated with the target application. <br><br>Example: `https://console.aws.amazon.com/console/home?fromtb=true&hashArgs=%23&isauthcode=true&nc2=h_ct&src=header-signin&state=hashArgsFromTB_us-east-1_7596bc16c83d260b` |
 |**LogonTarget**| Alias| |Alias to either [TargetAppName](#targetappname), [TargetUrl](#targeturl), or [TargetHostname](#targethostname), whichever field best describes the authentication target. |
-| <a name="targetdvcid"></a>**TargetDvcId** |Optional | String|The ID of the target device as reported in the record. <br><br> Example: `2739` |
-| **TargetDvcIdType** | Optional | DvcIdType | The type of [TargetDvcId](#srcdvcid). For more information, and  list of allowed values, see [The Device Entity](normalization-about-schemas.md#the-device-entity).<br><br>**Note**: This field is required if [TargetDvcId](#targetdvcid) is used. | 
-|<a name="targethostname"></a>**TargetHostname** | Recommended| Hostname |The target device hostname, including domain information when available. For more information, see [The Device entity](normalization-about-schemas.md#the-device-entity). |
-| **TargetHostnameType**|Recommended | HostnameType |The type of [TargetHostname](#targethostname). For more information and list of allowed values, see [HostnameType](normalization-about-schemas.md#hostnametype) in the [Schema Overview article](normalization-about-schemas.md). |
-| **TargetDeviceType** |Optional | Enumerated|The type of the target device. For more information and list of allowed values, see [DeviceType](normalization-about-schemas.md#devicetype) in the [Schema Overview article](normalization-about-schemas.md). |
+| <a name="targethostname"></a>**TargetHostname** | Recommended | Hostname | The target device hostname, excluding domain information.<br><br>Example: `DESKTOP-1282V4D` |
+| <a name="targetdomain"></a>**TargetDomain** | Recommended | String | The domain of the target device.<br><br>Example: `Contoso` |
+| <a name="targetdomaintype"></a>**TargetDomainType** | Recommended | Enumerated | The type of [TargetDomain](#targetdomain). For a list of allowed values and further information refer to [DomainType](normalization-about-schemas.md#domaintype) in the [Schema Overview article](normalization-about-schemas.md).<br><br>Required if [TargetDomain](#targetdomain) is used. |
+| **TargetFQDN** | Optional | String | The target device hostname, including domain information when available. <br><br>Example: `Contoso\DESKTOP-1282V4D` <br><br>**Note**: This field supports both traditional FQDN format and Windows domain\hostname format. The [TargetDomainType](#targetdomaintype) reflects the format used.   |
+| <a name="targetdvcid"></a>**TargetDvcId** | Optional | String | The ID of the target device. If multiple IDs are available, use the most important one, and store the others in the fields `TargetDvc<DvcIdType>`. <br><br>Example: `ac7e9755-8eae-4ffc-8a02-50ed7a2216c3` |
+| **TargetDvcIdType** | Optional | Enumerated | The type of [TargetDvcId](#targetdvcid). For a list of allowed values and further information refer to [DvcIdType](normalization-about-schemas.md#dvcidtype) in the [Schema Overview article](normalization-about-schemas.md). <br><br>Required if **TargetDeviceId** is used.|
+| **TargetDeviceType** | Optional | Enumerated | The type of the target device.  For a list of allowed values and further information refer to [DeviceType](normalization-about-schemas.md#devicetype) in the [Schema Overview article](normalization-about-schemas.md). |
 |<a name="targetdvcipaddr"></a>**TargetDvcIpAddr** |Optional | IP Address|The IP address of the target device. <br><br>Example: `2.2.2.2` |
 | **TargetDvcOs**| Optional| String| The OS of the target device. <br><br>Example: `Windows 10`|
 | **TargetPortNumber** |Optional |Integer |The port of the target device.|
@@ -208,6 +214,7 @@ In the following tables, *Type* refers to a logical type. For more information,
 ### Schema updates
 
 These are the changes in version 0.1.1 of the schema:
+- Updated user and device entity fields to align with other schemas.
 - Renamed `TargetDvc` and `SrcDvc` to `Target` and `Src` respectively to align with current ASIM guidelines. The renamed fields will be implemented as aliases until July 1st 2022. Those fields include: `SrcDvcHostname`, `SrcDvcHostnameType`, `SrcDvcType`, `SrcDvcIpAddr`, `TargetDvcHostname`, `TargetDvcHostnameType`, `TargetDvcType`, `TargetDvcIpAddr`, and `TargetDvc`.
 - Added the aliases `Src` and `Dst`.
 - Added the fields `SrcDvcIdType`, `SrcDeviceType`, `TargetDvcIdType`, and `TargetDeviceType`.
