Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Custom Log V1 | Yes 🔶 — uses type-suffixed column names |
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| _ItemId | string |
| _ResourceId | string |
| actor_alternateId_s | string |
| actor_displayName_s | string |
| actor_id_s | string |
| actor_type_s | string |
| authenticationContext_authenticationProvider_s | string |
| authenticationContext_authenticationStep_d | real |
| authenticationContext_credentialProvider_s | string |
| authenticationContext_credentialType_s | string |
| authenticationContext_externalSessionId_s | string |
| client_device_s | string |
| client_geographicalContext_city_s | string |
| client_geographicalContext_country_s | string |
| client_geographicalContext_geolocation_lat_d | real |
| client_geographicalContext_geolocation_lon_d | real |
| client_geographicalContext_postalCode_s | string |
| client_geographicalContext_state_s | string |
| client_ipAddress_s | string |
| client_userAgent_browser_s | string |
| client_userAgent_os_s | string |
| client_userAgent_rawUserAgent_s | string |
| client_zone_s | string |
| Computer | string |
| debugContext_debugData_appname_s | string |
| debugContext_debugData_attributesAdded_s | string |
| debugContext_debugData_attributesDeleted_s | string |
| debugContext_debugData_attributesModified_s | string |
| debugContext_debugData_authnRequestId_s | string |
| debugContext_debugData_countryCallingCode_s | string |
| debugContext_debugData_detailedmessage_s | string |
| debugContext_debugData_deviceFingerprint_g | string |
| debugContext_debugData_factor_s | string |
| debugContext_debugData_groupAppAssignmentId_s | string |
| debugContext_debugData_importLastToken_s | string |
| debugContext_debugData_importTrigger_s | string |
| debugContext_debugData_importType_s | string |
| debugContext_debugData_initiationType_s | string |
| debugContext_debugData_jobId_s | string |
| debugContext_debugData_loginResult_s | string |
| debugContext_debugData_logOnlySecurityData_s | string |
| debugContext_debugData_requestId_s | string |
| debugContext_debugData_requestUri_s | string |
| debugContext_debugData_signOnMode_s | string |
| debugContext_debugData_smsProvider_s | string |
| debugContext_debugData_threatDetections_s | string |
| debugContext_debugData_threatSuspected_s | string |
| debugContext_debugData_transactionId_g | string |
| debugContext_debugData_url_s | string |
| displayMessage_s | string |
| eventType_s | string |
| legacyEventType_s | string |
| ManagementGroupName | string |
| MG | string |
| outcome_reason_s | string |
| outcome_result_s | string |
| published_t | datetime |
| RawData | string |
| request_ipChain_s | string |
| securityContext_asNumber_d | real |
| securityContext_asOrg_s | string |
| securityContext_domain_s | string |
| securityContext_isp_s | string |
| securityContext_isProxy_b | bool |
| severity_s | string |
| SourceSystem | string |
| target_s | string |
| TenantId | string |
| TimeGenerated | datetime |
| transaction_id_s | string |
| transaction_type_s | string |
| Type | string |
| uuid_g | string |
| version_s | string |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| [DEPRECATED] Okta Single Sign-On (using Azure Function) | |
| Okta Single Sign-On (via Codeless Connector Framework) | |
| Okta Single Sign-On (using Azure Functions) |
In solution Okta Single Sign-On:
In solution Okta Single Sign-On:
In solution Okta Single Sign-On:
| Workbook | Selection Criteria |
|---|---|
| OktaSingleSignOn |
| Parser | Schema | Product | Selection Criteria |
|---|---|---|---|
| ASimAuthenticationOktaSSO | Authentication | Okta |
| Parser | Solution | Selection Criteria |
|---|---|---|
| OktaSSO | Okta Single Sign-On |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊