Update OCILogs.yaml

Azure · Nov 28, 2024 · 6cea78b · 6cea78b
1 parent addec7a
commit 6cea78b
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/Solutions/Oracle Cloud Infrastructure/Parsers/OCILogs.yaml b/Solutions/Oracle Cloud Infrastructure/Parsers/OCILogs.yaml
@@ -7,7 +7,7 @@ Category: Microsoft Sentinel Parser
 FunctionName: OCILogs
 FunctionAlias: OCILogs
 FunctionQuery: |
-    OCI_Logs_CL
+    let OCI_Logs = view () { union isfuzzy=true OCI_LoadBalancerLogs_CL, OCI_AuditLogs_CL, OCI_VirtualNetworkLogs_CL, OCI_ComputeInstanceLogs_CL, OCI_Logs_CL
     | extend EventVendor = 'Oracle'
     | extend EventProduct = 'Oracle Cloud Infrastructure'
     | extend EventStartTime = coalesce(unixtime_seconds_todatetime(column_ifexists("data_startTime_d", long(null))), time_t)
@@ -26,4 +26,6 @@ FunctionQuery: |
     | project-rename EventMessage=data_message_s
     | project-rename HttpUserAgentOriginal=data_identity_userAgent_s
     | project-rename HttpStatusCode=data_response_status_s
-    | project-rename HttpRequestMethod=data_request_action_s
+    | project-rename HttpRequestMethod=data_request_action_s
+    };
+      OCI_Logs()