Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Network properties of devices, including physical adapters, IP and MAC addresses, as well as connected networks and domains
| Attribute | Value |
|---|---|
| Category | MDE |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
| Defender XDR Advanced Hunting Schema | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| ConnectedNetworks | dynamic | Networks that the adapter is connected to. Each JSON element in the array contains the network name, category (public, private or domain), a description, and a flag indicating if it is connected publicly to the internet. |
| DefaultGateways | dynamic | Default gateway addresses in JSON array format. |
| DeviceId | string | Unique identifier for the device in the service. |
| DeviceName | string | Fully qualified domain name (FQDN) of the device. |
| DnsAddresses | dynamic | DNS server addresses in JSON array format. |
| IPAddresses | dynamic | JSON array containing all the IP addresses assigned to the adapter, along with their respective subnet prefix and the IP class (RFC 1918 & RFC 4291). |
| IPv4Dhcp | string | IPv4 address of the configured DHCP server. |
| IPv6Dhcp | string | IPv6 address of the configured DHCP server. |
| MacAddress | string | MAC address of the network adapter. |
| MachineGroup | string | The machine-group which this machine is associated to. This group is used by role-based access control to determine access to the machine. |
| NetworkAdapterName | string | Name of the network adapter. |
| NetworkAdapterStatus | string | Operational status of the network adapter. |
| NetworkAdapterType | string | Network adapter type. |
| NetworkAdapterVendor | string | Name of the manufacturer or vendor of the network adapter. |
| ReportId | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and/or Timestamp columns. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | Date and time the event was recorded by the MDE agent on the endpoint. |
| TunnelType | string | Tunneling protocol, when the interface is used for this purpose, for example 6to4, Teredo, ISATAP, PPTP, SSTP, and SSH. |
| Type | string | The name of the table |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Microsoft Defender XDR |
Standalone Content:
| Analytic Rule | Selection Criteria |
|---|---|
| RDP Nesting |
Standalone Content:
| Hunting Query | Selection Criteria |
|---|---|
| MDE_DeviceInventory-LastUserLoggedIn |
GitHub Only:
In solution MaturityModelForEventLogManagementM2131:
| Workbook | Selection Criteria |
|---|---|
| MaturityModelForEventLogManagement_M2131 |
In solution Microsoft Defender XDR:
| Workbook | Selection Criteria |
|---|---|
| MicrosoftDefenderForEndPoint |
GitHub Only:
| Workbook | Selection Criteria |
|---|---|
| MicrosoftDefenderForEndPoint | |
| MicrosoftSentinelDeploymentandMigrationTracker |
| Parser | Solution | Selection Criteria |
|---|---|---|
| AssignedIPAddress | MicrosoftDefenderForEndpoint | |
| Devicefromip | MicrosoftDefenderForEndpoint |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊