CIM field change report¶

Learn about the CIM field changes between the latest version of the Splunk Add-on for Microsoft Office 365 and version 2.2.0.

Summary of changes¶

Field	Deleted	Modified	New	Is CIM
Params	❌	❌	✅	❌
RecipientDomain	❌	❌	✅	❌
SrcUserDomain	❌	❌	✅	❌
action	✅	✅	✅	✅
app_id	❌	❌	✅	✅
authentication_service	✅	❌	❌	✅
body	❌	❌	✅	✅
category	❌	❌	✅	✅
change_type	✅	✅	✅	✅
client_info_str	❌	❌	✅	❌
dataset_name	✅	✅	✅	❌
description	❌	❌	✅	✅
dest	❌	✅	✅	✅
dest_name	❌	✅	✅	✅
dlp_type	❌	❌	✅	✅
dvc	❌	✅	❌	✅
email	❌	❌	✅	✅
eventtype	✅	✅	✅	✅
file_name	❌	❌	✅	✅
file_size	❌	❌	✅	✅
id	❌	❌	✅	✅
internal_message_id	❌	❌	✅	✅
message_id	❌	❌	✅	✅
modified_properties	❌	❌	✅	❌
modified_properties_name	❌	✅	✅	❌
modified_properties_new_value	❌	✅	✅	❌
obj_id	❌	❌	✅	❌
object	✅	✅	✅	✅
object_attrs	✅	✅	✅	✅
object_category	✅	✅	✅	✅
object_id	✅	✅	✅	✅
object_path	✅	✅	✅	✅
object_size	❌	❌	✅	✅
orig_recipient	❌	❌	✅	✅
orig_src	❌	❌	✅	✅
owner	❌	❌	✅	✅
owner_email	❌	❌	✅	✅
owner_id	❌	❌	✅	✅
parent_object	❌	❌	✅	✅
parent_object_id	❌	❌	✅	✅
reason	✅	✅	✅	✅
recipient	❌	❌	✅	✅
recipient_count	❌	❌	✅	✅
recipient_domain	❌	❌	✅	✅
result	❌	❌	✅	✅
severity	❌	❌	✅	✅
signature	❌	✅	❌	✅
signature_id	❌	❌	✅	✅
size	❌	❌	✅	✅
src_user	❌	❌	✅	✅
src_user_domain	❌	❌	✅	✅
src_user_type	❌	❌	✅	✅
status	❌	✅	❌	✅
subject	❌	❌	✅	✅
tag	✅	✅	✅	✅
tag::eventtype	✅	✅	✅	❌
tenant_id	❌	❌	✅	❌
type	❌	❌	✅	✅
user	❌	✅	❌	✅
user_agent	❌	❌	✅	✅
user_id	❌	❌	✅	✅
user_type	✅	❌	❌	✅

Field	Deleted	Modified	New	Is CIM
user	❌	❌	✅	✅
user_id	❌	❌	✅	✅
vendor_product	❌	❌	✅	✅

Field	Deleted	Modified	New	Is CIM
action	❌	❌	✅	✅
dest	❌	❌	✅	✅
eventtype	❌	❌	✅	✅
internal_message_id	❌	❌	✅	✅
message_id	❌	❌	✅	✅
recipient	❌	❌	✅	✅
recipient_count	❌	❌	✅	✅
recipient_domain	❌	❌	✅	✅
size	❌	❌	✅	✅
src	❌	❌	✅	✅
src_user	❌	❌	✅	✅
src_user_domain	❌	❌	✅	✅
status_code	❌	❌	✅	✅
subject	❌	❌	✅	✅
tag	❌	❌	✅	✅
tag::eventtype	❌	❌	✅	❌
vendor_product	❌	❌	✅	✅