Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
URLs sent through Microsoft Teams messages in your organization
| Attribute | Value |
|---|---|
| Category | Security, XDR |
| Basic Logs Eligible | ✓ Yes |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
| Defender XDR Advanced Hunting Schema | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| ReportId | string | Unique identifier for the event |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| TeamsMessageId | string | Unique identifier for the message, as generated by Microsoft 365 |
| TenantId | string | The Log Analytics workspace ID |
| ThreatTypes | string | Verdict from the filtering stack on whether the message contains malware, phishing, or other threats |
| TimeGenerated | datetime | Date and time (UTC) when the record was generated. |
| Type | string | The name of the table |
| Url | string | URL from message |
| UrlDomain | string | Domain name or host name of the URL |
This table is used by the following solutions:
In solution Microsoft Defender XDR:
GitHub Only:
| Hunting Query | Selection Criteria |
|---|---|
| Punycode lookalikes |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊