SecurityBaseline

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Tables Index

Reference for SecurityBaseline table in Azure Monitor Logs.

Attribute Value
Category Security
Basic Logs Eligible ✗ No (source)
Supports Transformations ✓ Yes (source)
Ingestion API Supported ✗ No
Azure Monitor Tables Reference View Documentation

Contents

Schema (31 columns)

Source: Azure Monitor documentation

Column Name Type Description
_BilledSize real The record size in bytes
_IsBillable string Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account
_ResourceId string A unique identifier for the resource that the record is associated with
_SubscriptionId string A unique identifier for the subscription that the record is associated with
ActualResult string
AnalyzeOperation string
AnalyzeResult string
AssessmentId string
AzId string
BaselineRuleType string
BaselineType string
CceId string
Computer string
ComputerEnvironment string
Description string
ExpectedResult string
ManagementGroupName string
OSName string
Resource string
ResourceGroup string
ResourceId string
ResourceProvider string
ResourceType string
RuleSetting string
RuleSeverity string
SitePath string
SourceComputerId string
SourceSystem string The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics
SubscriptionId string
TimeGenerated datetime
Type string The name of the table

Solutions (7)

This table is used by the following solutions:

Content Items Using This Table (7)

Workbooks (7)

In solution AzureSecurityBenchmark: AnalyzeResult in "Failed,Passed"

Workbook
AzureSecurityBenchmark

In solution ContinuousDiagnostics&Mitigation: AnalyzeResult in "Failed,Passed"

Workbook
ContinuousDiagnostics&Mitigation

In solution CybersecurityMaturityModelCertification(CMMC)2.0: AnalyzeResult in "Failed,Passed"

Workbook
CybersecurityMaturityModelCertification_CMMCV2

In solution NISTSP80053: AnalyzeResult in "Failed,Passed"
RuleSetting contains "DisableLockScreenAppNotifications"
RuleSetting contains "DisablePasswordReveal"
RuleSetting contains "DisableRemovableDriveScanning"
RuleSetting contains "EnableInstallerDetection"
RuleSetting contains "EnableSmartScreen"
RuleSetting contains "NoDriveTypeAutoRun"

Workbook
NISTSP80053

In solution SOC Handbook: AnalyzeResult == "Failed"

Workbook
InvestigationInsights

In solution ThreatAnalysis&Response: AnalyzeResult in "Failed,Passed"

Workbook
DynamicThreatModeling&Response

In solution ZeroTrust(TIC3.0): AnalyzeResult in "Failed,Passed"

Workbook
ZeroTrustTIC3

Resource Types

This table collects data from the following Azure resource types:

Selection Criteria Summary (3 criteria, 7 total references)

References by type: 0 connectors, 7 content items, 0 ASIM parsers, 0 other parsers.

Selection Criteria Connectors Content Items ASIM Parsers Other Parsers Total
AnalyzeResult in "Failed,Passed" - 5 - - 5
AnalyzeResult in "Failed,Passed"
RuleSetting contains "DisableLockScreenAppNotifications"
RuleSetting contains "DisablePasswordReveal"
RuleSetting contains "DisableRemovableDriveScanning"
RuleSetting contains "EnableInstallerDetection"
RuleSetting contains "EnableSmartScreen"
RuleSetting contains "NoDriveTypeAutoRun"		 - 1 - - 1
AnalyzeResult == "Failed" - 1 - - 1
Total 0 7 0 0 7

AnalyzeResult

Value Connectors Content Items ASIM Parsers Other Parsers Total
Failed - 7 - - 7
Passed - 6 - - 6

RuleSetting

Value Connectors Content Items ASIM Parsers Other Parsers Total
contains DisableLockScreenAppNotifications - 1 - - 1
contains DisablePasswordReveal - 1 - - 1
contains DisableRemovableDriveScanning - 1 - - 1
contains EnableInstallerDetection - 1 - - 1
contains EnableSmartScreen - 1 - - 1
contains NoDriveTypeAutoRun - 1 - - 1

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Tables Index