Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Email campaigns identified by Microsoft Defender for Office 365
| Attribute | Value |
|---|---|
| Category | Security, XDR |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
| Defender XDR Advanced Hunting Schema | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| CampaignId | string | Unique identifier for the campaign, generated by Office 365. |
| CampaignName | string | Name of the email campaign. |
| CampaignSubType | string | Contains more details about the campaign, like the brand being phished, or related malware campaigns, if available. |
| CampaignType | string | Category of the campaign. |
| NetworkMessageId | string | Unique identifier for the email, generated by Office 365. |
| RecipientEmailAddress | string | Email address of the recipient, or email address of the recipient after distribution list expansion. |
| ReportId | string | Unique identifier for the event. |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | Date and time (UTC) when the record was generated. |
| Type | string | The name of the table |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊