id: dea70aa0-cd14-4e7f-bac4-a73d9d57eae1 Function: Title: Backward Compatibility Parser for Azure DevOps Audit Logs Description: | This parser is used to unify the Azure DevOps Audit Logs data from different sources into a single table ADOAuditLogs for easier querying and analysis. It combines data from the AzureDevOpsAuditing table and the ADOAuditLogs_CL custom log table, renaming the ActionId field to OperationName for consistency. Version: '1.0.0' LastUpdated: '2025-04-06' Category: Microsoft Sentinel Parser FunctionName: ADOAuditLogs FunctionAlias: ADOAuditLogs FunctionQuery: | let ADOAuditLogs = union isfuzzy=true AzureDevOpsAuditing, (ADOAuditLogs_CL | project-rename OperationName = ActionId); ADOAuditLogs