You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/normalization-schema-audit.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,9 +25,9 @@ For more information about normalization in Microsoft Sentinel, see [Normalizati
25
25
## Schema overview
26
26
27
27
The main fields of an audit event are:
28
-
- The object, typically a configuration atom or policy rule that the event focuses on, represnted by the field [Object](#object).
29
-
- The application context of the object, represented by the the field [TargetAppName](#targetappname), which is aliased by [Application](#application).
30
-
-THe operation performed on the object,represented by the field [EventType](#eventtype).
28
+
- The object, typically a configuration atom or policy rule that the event focuses on, represented by the field [Object](#object).
29
+
- The application context of the object, represented by the field [TargetAppName](#targetappname), which is aliased by [Application](#application).
30
+
-The operation performed on the object,represented by the field [EventType](#eventtype).
31
31
- The old and new values for the object, if applicable, represented by [OldValue](#oldvalue) and [NewValue](#newvalue) respectively.
32
32
33
33
Audit events also reference the following entities which are involved in the configuration operation:
@@ -107,7 +107,7 @@ Fields that appear in the table below are common to all ASIM schemas. Any guidel
107
107
| <aname="targeturl"></a>**TargetUrl**|Optional |URL |The URL associated with the target application. <br><br>Example: `https://console.aws.amazon.com/console/home?fromtb=true&hashArgs=%23&isauthcode=true&nc2=h_ct&src=header-signin&state=hashArgsFromTB_us-east-1_7596bc16c83d260b`|
108
108
| <aname="targetprocessname"></a>**TargetProcessName**| Optional | String | The file name of the process that initiated the audit event. This name is typically considered to be the process name. <br><br>Example: `C:\Windows\explorer.exe`|
109
109
|**TargetProcessId**| Optional | String | The process ID (PID) of the process that initiated the audit event.<br><br>Example: `48610176` <br><br>**Note**: The type is defined as *string* to support varying systems, but on Windows and Linux this value must be numeric. <br><br>If you are using a Windows or Linux machine and used a different type, make sure to convert the values. For example, if you used a hexadecimal value, convert it to a decimal value. |
110
-
|**TargetProcessGuid**| Optional | String | A generated unique identifier (GUID) of the process that initiated the audit evnet. <br><br> Example: `EF3BD0BD-2B74-60C5-AF5C-010000001E00`|
110
+
|**TargetProcessGuid**| Optional | String | A generated unique identifier (GUID) of the process that initiated the audit event. <br><br> Example: `EF3BD0BD-2B74-60C5-AF5C-010000001E00`|
0 commit comments