MessageUrlInfo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index

---

Defender XDR Only: This table is available in Microsoft Defender XDR advanced hunting but is not available in the Azure Monitor Log Analytics table reference.

URLs sent through Microsoft Teams messages in your organization

Attribute	Value
Category	XDR
Ingestion API Supported	✗ No
Defender XDR Advanced Hunting Schema	View Documentation

Contents

• Schema
• Solutions
• Content Items

Schema (6 columns)

Source: Azure Monitor documentation

Column Name	Type	Description
ReportId	string	Unique identifier for the event
TeamsMessageId	string	Unique identifier for the message, as generated by Microsoft 365
ThreatTypes	string	Verdict from the filtering stack on whether the message contains malware, phishing, or other threats
Timestamp	datetime	Date and time when the event was recorded
Url	string	URL from message
UrlDomain	string	Domain name or host name of the URL

Solutions (1)

This table is used by the following solutions:

• Microsoft Defender XDR

---

Content Items Using This Table (13)

Hunting Queries (13)

In solution Microsoft Defender XDR:

Hunting Query	Selection Criteria
Hunt for malicious messages using External Threat Intelligence
Rare Domains in External Teams Messages
Teams Message with URL listed on OpenPhish
Teams messages with suspicious URL domains
Teams users clicking on suspicious URL domains

GitHub Only:

Hunting Query	Selection Criteria
Hunt for malicious messages using External Threat Intelligence
Punycode lookalikes
Punycode lookalikes
Rare Domains in External Teams Messages
Teams Message with URL listed on OpenPhish
Teams Threat Intelligence Indicator Hit for Domain or URL
Teams messages with suspicious URL domains
Teams users clicking on suspicious URL domains

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Tables Index