Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Custom Log V1 | Yes 🔶 — uses type-suffixed column names |
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| _ResourceId | string |
| _ResourceId_s | string |
| amsi_threat_data_parentProcessId_s | string |
| amsi_threat_data_parentProcessId_s_s | string |
| amsi_threat_data_parentProcessPath_s | string |
| amsi_threat_data_parentProcessPath_s_s | string |
| amsi_threat_data_processId_s | string |
| amsi_threat_data_processId_s_s | string |
| amsi_threat_data_processName_s | string |
| amsi_threat_data_processName_s_s | string |
| amsi_threat_data_processPath_s | string |
| amsi_threat_data_processPath_s_s | string |
| Computer | string |
| Created | datetime |
| created_at_t | datetime |
| customer_id_g | string |
| datastream_s | string |
| endpoint_id_g | string |
| endpoint_type_s | string |
| EventEndTime | datetime |
| EventProduct_s | string |
| EventVendor_s | string |
| group_s | string |
| id_g | string |
| location_s | string |
| ManagementGroupName | string |
| MG | string |
| name_s | string |
| origin_s | string |
| RawData | string |
| severity_s | string |
| source_info_ip_s | string |
| source_s | string |
| SourceSystem | string |
| TenantId | string |
| threat_s | string |
| TimeGenerated | datetime |
| TimeGenerated_s | string |
| Type | string |
| type_s | string |
| user_id_s | string |
| when_t | datetime |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| [DEPRECATED] Sophos Endpoint Protection (using Azure Function) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊