CIM field change report¶

Learn about the CIM field changes between the latest version of the Splunk Add-on for Microsoft Office 365 and version 2.1.1.

Summary of changes¶

Sourcetypes with changes: 3
Total deleted fields: 18
Total modified fields: 20
Total new fields: 121

Detailed changes¶

o365:management:activity¶

Field	Deleted	Modified	New	Is CIM
FlowTokenScenario	❌	❌	✅	❌
KeepMeSignedIn	❌	❌	✅	❌
Params	❌	❌	✅	❌
RecipientDomain	❌	❌	✅	❌
RequestType	❌	❌	✅	❌
ResultStatusDetail	❌	❌	✅	❌
SrcUserDomain	❌	❌	✅	❌
UserAgent	❌	❌	✅	❌
action	✅	✅	✅	✅
actorAppID	❌	❌	✅	❌
actorContextId	❌	❌	✅	❌
actorObjectClass	❌	❌	✅	❌
actorObjectId	❌	❌	✅	❌
actorPUID	❌	❌	✅	❌
additionalDetails	❌	❌	✅	❌
additionalTargets	❌	❌	✅	❌
app_id	❌	❌	✅	✅
auditEventCategory	❌	❌	✅	❌
authentication_service	✅	❌	❌	✅
body	❌	❌	✅	✅
category	❌	❌	✅	✅
change_type	✅	✅	✅	✅
client_info_str	❌	❌	✅	❌
correlationId	❌	❌	✅	❌
dataset_name	✅	✅	✅	❌
description	❌	❌	✅	✅
dest	❌	✅	✅	✅
dest_name	❌	✅	✅	✅
dlp_type	❌	❌	✅	✅
dvc	❌	✅	❌	✅
email	❌	❌	✅	✅
env_appId	❌	❌	✅	❌
env_appVer	❌	❌	✅	❌
env_cloud_deploymentUnit	❌	❌	✅	❌
env_cloud_environment	❌	❌	✅	❌
env_cloud_roleInstance	❌	❌	✅	❌
env_cloud_roleVer	❌	❌	✅	❌
env_cloud_ver	❌	❌	✅	❌
env_cv	❌	❌	✅	❌
env_epoch	❌	❌	✅	❌
env_flags	❌	❌	✅	❌
env_iKey	❌	❌	✅	❌
env_name	❌	❌	✅	❌
env_os	❌	❌	✅	❌
env_osVer	❌	❌	✅	❌
env_popSample	❌	❌	✅	❌
env_seqNum	❌	❌	✅	❌
env_time	❌	❌	✅	❌
env_ver	❌	❌	✅	❌
eventtype	✅	✅	✅	✅
extendedAuditEventCategory	❌	❌	✅	❌
extended_properties	❌	❌	✅	❌
file_name	❌	❌	✅	✅
file_size	❌	❌	✅	✅
id	❌	❌	✅	✅
internal_message_id	❌	❌	✅	✅
message_id	❌	❌	✅	✅
modified_properties	❌	❌	✅	❌
modified_properties_name	❌	✅	✅	❌
modified_properties_new_value	❌	✅	✅	❌
nCloud	❌	❌	✅	❌
obj_id	❌	❌	✅	❌
object	✅	✅	✅	✅
object_attrs	✅	✅	✅	✅
object_category	✅	✅	✅	✅
object_id	✅	✅	✅	✅
object_path	✅	✅	✅	✅
object_size	❌	❌	✅	✅
orig_recipient	❌	❌	✅	✅
orig_src	❌	❌	✅	✅
owner	❌	❌	✅	✅
owner_email	❌	❌	✅	✅
owner_id	❌	❌	✅	✅
parent_object	❌	❌	✅	✅
parent_object_id	❌	❌	✅	✅
reason	✅	✅	✅	✅
recipient	❌	❌	✅	✅
recipient_count	❌	❌	✅	✅
recipient_domain	❌	❌	✅	✅
result	❌	❌	✅	✅
resultDesc	✅	❌	❌	❌
resultDescription	❌	❌	✅	❌
resultType	❌	❌	✅	❌
severity	❌	❌	✅	✅
signature	❌	✅	❌	✅
signature_id	❌	❌	✅	✅
size	❌	❌	✅	✅
src_user	❌	❌	✅	✅
src_user_domain	❌	❌	✅	✅
src_user_type	❌	❌	✅	✅
status	❌	✅	❌	✅
subject	❌	❌	✅	✅
tag	✅	✅	✅	✅
tag::eventtype	✅	✅	✅	❌
targetContextId	❌	❌	✅	❌
targetIncludedUpdatedProperties	❌	❌	✅	❌
targetPUID	❌	❌	✅	❌
targetSPN	❌	❌	✅	❌
targetUPN	❌	❌	✅	❌
teamName	❌	❌	✅	❌
tenant_id	❌	❌	✅	❌
type	❌	❌	✅	✅
user	❌	✅	❌	✅
user_agent	❌	❌	✅	✅
user_agent_change	❌	❌	✅	❌
user_id	❌	❌	✅	✅
user_id_auth	✅	❌	❌	❌
user_type	✅	❌	❌	✅
useragent	✅	❌	❌	❌
useragent_auth	✅	❌	❌	❌
version	❌	❌	✅	✅

o365:metadata¶

Field	Deleted	Modified	New	Is CIM
user	❌	❌	✅	✅
user_id	❌	❌	✅	✅
vendor_product	❌	❌	✅	✅

o365:reporting:messagetrace¶

Field	Deleted	Modified	New	Is CIM
action	❌	❌	✅	✅
dest	❌	❌	✅	✅
eventtype	❌	❌	✅	✅
internal_message_id	❌	❌	✅	✅
message_id	❌	❌	✅	✅
recipient	❌	❌	✅	✅
recipient_count	❌	❌	✅	✅
recipient_domain	❌	❌	✅	✅
size	❌	❌	✅	✅
src	❌	❌	✅	✅
src_user	❌	❌	✅	✅
src_user_domain	❌	❌	✅	✅
status_code	❌	❌	✅	✅
subject	❌	❌	✅	✅
tag	❌	❌	✅	✅
tag::eventtype	❌	❌	✅	❌
vendor_product	❌	❌	✅	✅