Hi Team
I am trying to build a query which uses office 365 and crowdstrike together
My event section looks like this
events:
$event.metadata.vendor_name = "Crowdstrike" nocase
$event.metadata.product_name = "Falcon"
$event.metadata.log_type = "CS_DETECTS"
$user = $event.principal.user.user_display_name
$email.metadata.product_name = "Office 365"
$email.metadata.event_type = "EMAIL_TRANSACTION"
$email.metadata.product_event_type = "TIMailData"
$email.about.labels["DeliveryAction"] = "Delivered"
$email.security_result.category = "MAIL_PHISHING"
$email.network.email.to =
assistance i want here is in the email address i wish to remove the domain part and just capture the user
For example from this email id
abcd.xyz@google.com i want to capture just abcd.xyz
Can some one help me with this
LinkedIn
Twitter
