Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Reference for AggregatedSecurityAlert table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Security |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| AggregatedSecurityAlertRuleIds | string | IDs assigned to the aggregated security data sharing rules by Sentinel. |
| AggregatedSecurityAlertRuleNames | string | The names of the aggregated security data sharing rules. |
| AlertName | string | The name of the alert. |
| AlertSeverity | string | The sevirity of the alert. |
| AlertType | string | The type name of the alert. |
| CompromisedEntity | string | Display name of the main entity being reported on. |
| ConfidenceLevel | string | The level of confidence that the alert is not a false-positive. |
| ConfidenceScore | real | The level of confidence that the alert is not a false-positive. This property allows for more fined grained representation, represented by a number between 0 and 1 (inclusive). |
| Description | string | The description of the alert. |
| DisplayName | string | The name of the alert. |
| EndTime | datetime | The end time of the impact of the alert. |
| Entities | string | A list of entities related to the alert. This list can hold a mixture of entities of different types. |
| ExtendedLinks | string | A set of link objects the can provide additional data on the alert. |
| ExtendedProperties | string | Additional data about the alert. |
| PartnerDisplayName | string | Name of the partner who sent the alert. |
| PartnerId | string | An ID assigned to the partner who sent the alert. |
| PartnerMetadata | string | Metadata about the partner who sent the alert. |
| ProcessingEndTime | datetime | The time the alert was received for processing. |
| ProductComponentName | string | The name of a component inside the product which generated the alert. |
| ProductName | string | The name of the product that generated the alert. |
| ProviderName | string | The name of the provider that generated the alert. |
| RemediationSteps | string | Action items to take to remediate the alert. |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| StartTime | datetime | The start time of the impact of the alert. |
| Status | string | The lifecycle status of the alert (new, in progress, closed). |
| SubTechniques | string | A list of adversary MITRE ATT&CK sub techniques involved in this security issue. |
| SystemAlertId | string | An ID assigned to the alert by Sentinel. |
| Tactics | string | A list of adversary MITRE ATT&CK tactics involved in this security issue. |
| Techniques | string | A list of adversary MITRE ATT&CK techniques involved in this security issue. |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp (UTC) of when the alert was generated. |
| Type | string | The name of the table |
| VendorName | string | The name of the vendor owning the provider that generated the alert. |
| VendorOriginalId | string | An ID assigned to the alert by the vendor, to help track down the alert in the original system. |
This table collects data from the following Azure resource types:
microsoft.securityinsights/securityinsightsBrowse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊