Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for MDCDetectionProcessV2Events table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Security |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| AdditionalData | dynamic | Additional metadata about the container event. |
| AgentId | string | The ID of the monitoring agent tracking the container. |
| Auid | string | The audit user ID associated with the container process. |
| Cmdline | string | The command-line instruction that started the container. |
| Comm | string | The name of the executed command. |
| Computer | string | The name of the node where the container is running. |
| ContainerID | string | The unique identifier of the running container. |
| ContainerName | string | The name of the container. |
| Cwd | string | The current working directory of the container process. |
| Digest | string | The SHA-256 digest of the container image. |
| DriftAction | string | Indicates if there were any modifications in the container files. |
| Exe | string | The path to the executable running inside the container. |
| Gid | string | The group ID under which the process is running. |
| Group | string | The group name associated with the process. |
| Memfd | bool | Indicates if the container has memory file descriptor (memfd) execution. |
| Namespace | string | The namespace where the Kubernetes pod is deployed. |
| Pid | string | The process ID of the containerized application. |
| Pname | string | The parent process name of the containerized application. |
| PodLabels | dynamic | Labels associated with the Kubernetes pod. |
| PodName | string | The name of the Kubernetes pod. |
| Ppid | string | The parent process ID of the containerized application. |
| Repository | string | The container image repository. |
| Ses | string | The session ID of the container process. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| Success | string | Indicates whether the command execution was successful. |
| Tag | string | The tag of the container image. |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp when the event was recorded in UTC. |
| Type | string | The name of the table |
| Uid | string | The user ID under which the process is running. |
| UpperLayer | bool | Indicates if the container image uses an upper layer in the overlay filesystem. |
| User | string | The username running the process inside the container. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊