Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Email campaigns identified by Microsoft Defender for Office 365
| Attribute | Value |
|---|---|
| Category | Security, XDR |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
| Defender XDR Advanced Hunting Schema | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| CampaignId | string | Unique identifier for the campaign, generated by Office 365. |
| CampaignName | string | Name of the email campaign. |
| CampaignSubType | string | Contains more details about the campaign, like the brand being phished, or related malware campaigns, if available. |
| CampaignType | string | Category of the campaign. |
| NetworkMessageId | string | Unique identifier for the email, generated by Office 365. |
| RecipientEmailAddress | string | Email address of the recipient, or email address of the recipient after distribution list expansion. |
| ReportId | string | Unique identifier for the event. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | Date and time (UTC) when the record was generated. |
| Type | string | The name of the table |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊