| AggregatedSecurityAlertRuleIds |
string |
IDs assigned to the aggregated security data sharing rules by Sentinel. |
| AggregatedSecurityAlertRuleNames |
string |
The names of the aggregated security data sharing rules. |
| AlertName |
string |
The name of the alert. |
| AlertSeverity |
string |
The sevirity of the alert. |
| AlertType |
string |
The type name of the alert. |
| _BilledSize |
real |
The record size in bytes |
| CompromisedEntity |
string |
Display name of the main entity being reported on. |
| ConfidenceLevel |
string |
The level of confidence that the alert is not a false-positive. |
| ConfidenceScore |
real |
The level of confidence that the alert is not a false-positive. This property allows for more fined grained representation, represented by a number between 0 and 1 (inclusive). |
| Description |
string |
The description of the alert. |
| DisplayName |
string |
The name of the alert. |
| EndTime |
datetime |
The end time of the impact of the alert. |
| Entities |
string |
A list of entities related to the alert. This list can hold a mixture of entities of different types. |
| ExtendedLinks |
string |
A set of link objects the can provide additional data on the alert. |
| ExtendedProperties |
string |
Additional data about the alert. |
| _IsBillable |
string |
Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| PartnerDisplayName |
string |
Name of the partner who sent the alert. |
| PartnerId |
string |
An ID assigned to the partner who sent the alert. |
| PartnerMetadata |
string |
Metadata about the partner who sent the alert. |
| ProcessingEndTime |
datetime |
The time the alert was received for processing. |
| ProductComponentName |
string |
The name of a component inside the product which generated the alert. |
| ProductName |
string |
The name of the product that generated the alert. |
| ProviderName |
string |
The name of the provider that generated the alert. |
| RemediationSteps |
string |
Action items to take to remediate the alert. |
| _ResourceId |
string |
A unique identifier for the resource that the record is associated with |
| SourceSystem |
string |
The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| StartTime |
datetime |
The start time of the impact of the alert. |
| Status |
string |
The lifecycle status of the alert (new, in progress, closed). |
| _SubscriptionId |
string |
A unique identifier for the subscription that the record is associated with |
| SubTechniques |
string |
A list of adversary MITRE ATT&CK sub techniques involved in this security issue. |
| SystemAlertId |
string |
An ID assigned to the alert by Sentinel. |
| Tactics |
string |
A list of adversary MITRE ATT&CK tactics involved in this security issue. |
| Techniques |
string |
A list of adversary MITRE ATT&CK techniques involved in this security issue. |
| TenantId |
string |
The Log Analytics workspace ID |
| TimeGenerated |
datetime |
The timestamp (UTC) of when the alert was generated. |
| Type |
string |
The name of the table |
| VendorName |
string |
The name of the vendor owning the provider that generated the alert. |
| VendorOriginalId |
string |
An ID assigned to the alert by the vendor, to help track down the alert in the original system. |