Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Internal Use Table: This table is created and used internally by the Network Session Essentials solution. It is written to by playbooks for solution-specific data storage.
| Attribute | Value |
|---|---|
| Category | Internal |
| Custom Log V1 | Yes 🔶 — uses type-suffixed column names |
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| count__d | int |
| DstAppName_s | string |
| DstPortNumber_d | int |
| DvcAction_s | string |
| EventTime_t | datetime |
| NetworkDirection_s | string |
| NetworkProtocol_s | string |
| TimeGenerated | datetime |
| Type | string |
This table is used by the following solutions:
In solution Network Session Essentials:
In solution Network Session Essentials:
| Hunting Query | Selection Criteria |
|---|---|
| Detect port misuse by anomaly (ASIM Network Session schema) | |
| Detect port misuse by static threshold (ASIM Network Session schema) |
In solution Network Session Essentials:
| Workbook | Selection Criteria |
|---|---|
| NetworkSessionEssentials |
GitHub Only:
| Workbook | Selection Criteria |
|---|---|
| DoDZeroTrustWorkbook | |
| ZeroTrustStrategyWorkbook |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊