Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Information about URLs on emails
| Attribute | Value |
|---|---|
| Category | Defender |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
| Defender XDR Advanced Hunting Schema | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| NetworkMessageId | string | Email unique identifier generated by Office 365 |
| ReportId | string | Unique identifier for the event |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | Date and time (UTC) when the record was generated |
| Type | string | The name of the table |
| Url | string | Information about URLs on Office 365 emails |
| UrlDomain | string | Domain part of the Url |
| UrlLocation | string | Indicates which part of the email the URL is located |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Microsoft Defender XDR |
In solution Threat Intelligence:
| Analytic Rule | Selection Criteria |
|---|---|
| TI Map URL Entity to EmailUrlInfo | |
| TI map Domain entity to EmailUrlInfo |
In solution Threat Intelligence (NEW):
| Analytic Rule | Selection Criteria |
|---|---|
| TI Map URL Entity to EmailUrlInfo | |
| TI map Domain entity to EmailUrlInfo |
In solution Visa Threat Intelligence (VTI):
| Analytic Rule | Selection Criteria |
|---|---|
| VTI - High Severity Domain Collision Detection |
Standalone Content:
| Analytic Rule | Selection Criteria |
|---|---|
| Star Blizzard C2 Domains August 2022 |
In solution Microsoft Defender XDR:
| Hunting Query | Selection Criteria |
|---|---|
| Message with URL listed on OpenPhish delivered into Inbox | |
| Potential OAuth phishing email delivered into Inbox |
GitHub Only:
In solution MaturityModelForEventLogManagementM2131:
| Workbook | Selection Criteria |
|---|---|
| MaturityModelForEventLogManagement_M2131 |
In solution Microsoft Defender XDR:
| Workbook | Selection Criteria |
|---|---|
| MicrosoftDefenderForOffice365detectionsandinsights |
In solution Microsoft Defender for Office 365:
| Workbook | Selection Criteria |
|---|---|
| MicrosoftDefenderForOffice365 |
In solution ZeroTrust(TIC3.0):
| Workbook | Selection Criteria |
|---|---|
| ZeroTrustTIC3 |
GitHub Only:
| Workbook | Selection Criteria |
|---|---|
| MicrosoftDefenderForOffice365 | |
| MicrosoftSentinelDeploymentandMigrationTracker |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊