Hi, all
I am currently collecting the ThreatIntelligence Workload using the Splunk Add-on for Microsoft Cloud Services.
While reviewing the collected logs, I saw a log that the UserId field is "notracking@example.com", but I do not know what it means.
I want to make sure that "notracking@example.com" is provided by Office 365, or information generated by add-on.
The RecordType for that log is 41.
Office 365 Management Schema documents do not provide this information.
{ [-]
AppName: Mail
AppVersion: 0.0.0000
CreationTime: 2019-01-28T22:37:20
Id: #blind#
OS: Win32
Operation: TIUrlClickData
OrganizationId: #blind#
RecordType: 41
SourceId: #blind#
SourceWorkload: Mailflow
TimeOfClick: 2019-01-28T22:34:40
Url: http://abcde.com/?61o1EX=IGCQlSQRYNiGBrD0ALmQHT3LUw
UrlClickAction: 2
UserId: notracking@example.com
UserIp: 10.10.10.10
UserKey: ThreatIntel
UserType: 4
Version: 1
Workload: ThreatIntelligence
}
Thank you.
... View more