Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for NTAIpDetails table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Network |
| Basic Logs Eligible | ✗ No (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| DnsDomain | string | For Malicious IPs only: Domain name associated with this IP. |
| FaSchemaVersion | string | Schema version. |
| FlowIntervalEndTime | datetime | End time of the flow log processing interval. |
| FlowIntervalStartTime | datetime | Start time of the flow log processing interval. This is time from which flow interval is measured. |
| FlowType | string | Can be AzurePublic/ExternalPublic/MaliciousFlow. |
| Ip | string | Public IP whose information is provided in the record. |
| Location | string | For Azure Public IP: Azure region of virtual network/network interface/virtual machine to which the IP belongs OR Global for IP 168.63.129.16. For External Public IP and Malicious IP: 2-letter country code where IP is located (ISO 3166-1 alpha-2). |
| Port | int | For Malicious IPs only: Port associated with this IP. |
| PublicIpDetails | string | For AzurePublic IP: Azure Service owning the IP OR "Microsoft Virtual Public IP" for IP 168.63.129.16 . ExternalPublic/Malicious IP: WhoIS information of the IP. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| SubType | string | Subtype for the flow logs. Use only FlowLog, other values of SubType_s are for internal workings of the product. |
| TenantId | string | The Log Analytics workspace ID |
| ThreatDescription | string | For Malicious IPs only: Description of the threat posed by the malicious IP. |
| ThreatType | string | For Malicious IPs only: One of the threats from the list of currently allowed values. |
| TimeGenerated | datetime | The time when the data gets ingested into the Log Analytics Workspace. |
| Type | string | The name of the table |
| Url | string | For Malicious IPs only: Url associated with this IP. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊