Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Reference for Usage table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Azure Monitor |
| Basic Logs Eligible | ✗ No |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| AvgLatencyInSeconds | real | Deprecated |
| BatchesCapped | long | Deprecated |
| BatchesOutsideSla | long | Deprecated |
| BatchesWithinSla | long | Deprecated |
| Computer | string | Deprecated |
| DataType | string | Table that usage is being reported about. |
| EndTime | datetime | End time of the one hour aggregation window. |
| IsBillable | bool | Logical flag to indicate whether we bill for this data record. |
| LinkedMeterId | string | Deprecated |
| LinkedResourceUri | string | Deprecated |
| MeterId | string | GUID of the meter used for billing. |
| Plan | string | Plan of this table (Analytics, Basic or Auxiliary). |
| Quantity | real | Size of data in Mbytes. |
| QuantityUnit | string | Value is alwais Mbytes. |
| ResourceUri | string | The URI of the workspace. This will be same for all records in this table in workspace. |
| Solution | string | Solution about which usage is being reported. |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| StartTime | datetime | Start time of the 1 hour aggregation window (same as TimeGenerated). |
| TimeGenerated | datetime | Date and time the record was created. |
| TotalBatches | long | Deprecated |
| Type | string | The name of the table |
This table is used by the following solutions:
In solution MaturityModelForEventLogManagementM2131:
| Analytic Rule | Selection Criteria |
|---|---|
| M2131_RecommendedDatatableUnhealthy |
In solution MaturityModelForEventLogManagementM2131:
| Hunting Query | Selection Criteria |
|---|---|
| M2131_RecommendedDatatableNotLogged_EL0 | |
| M2131_RecommendedDatatableNotLogged_EL1 | |
| M2131_RecommendedDatatableNotLogged_EL2 | |
| M2131_RecommendedDatatableNotLogged_EL3 |
In solution Corelight:
| Workbook | Selection Criteria |
|---|---|
| Corelight_Operations |
In solution CybersecurityMaturityModelCertification(CMMC)2.0:
| Workbook | Selection Criteria |
|---|---|
| CybersecurityMaturityModelCertification_CMMCV2 |
In solution MaturityModelForEventLogManagementM2131:
| Workbook | Selection Criteria |
|---|---|
| MaturityModelForEventLogManagement_M2131 |
In solution NISTSP80053:
| Workbook | Selection Criteria |
|---|---|
| NISTSP80053 |
In solution SOC Handbook:
| Workbook | Selection Criteria |
|---|---|
| AzureSentinelCost | DataType in "AADManagedIdentitySignInLogs,AADNonInteractiveUserSignInLogs,AADProvisioningLogs,AADServicePrincipalSignInLogs,ADFSSignInLogs,AlertEvidence,AuditLogs,CloudAppEvents,DeviceEvents,DeviceFileCertificateInfo,DeviceFileEvents,DeviceImageLoadEvents,DeviceInfo,DeviceLogonEvents,DeviceNetworkEvents,DeviceNetworkInfo,DeviceProcessEvents,DeviceRegistryEvents,EmailAttachmentInfo,EmailEvents,EmailPostDeliveryEvents,EmailUrlInfo,IdentityDirectoryEvents,IdentityLogonEvents,IdentityQueryEvents,InformationProtectionLogs_CL,MDCFileIntegrityMonitoringEvents,McasShadowItReporting,ProtectionStatus,SecurityAlert,SecurityBaseline,SecurityBaselineSummary,SecurityDetection,SecurityEvent,SigninLogs,WindowsFirewall" |
| InvestigationInsights | |
| MITREAttack |
In solution SOC-Process-Framework:
| Workbook | Selection Criteria |
|---|---|
| SOCProcessFramework |
In solution ThreatAnalysis&Response:
| Workbook | Selection Criteria |
|---|---|
| ThreatAnalysis&Response |
In solution ZeroTrust(TIC3.0):
| Workbook | Selection Criteria |
|---|---|
| ZeroTrustTIC3 |
References by type: 0 connectors, 1 content items, 0 ASIM parsers, 0 other parsers.
| Selection Criteria | Connectors | Content Items | ASIM Parsers | Other Parsers | Total |
|---|---|---|---|---|---|
DataType in "AADManagedIdentitySignInLogs,AADNonInteractiveUserSignInLogs,AADProvisioningLogs,AADServicePrincipalSignInLogs,ADFSSignInLogs,AlertEvidence,AuditLogs,CloudAppEvents,DeviceEvents,DeviceFileCertificateInfo,DeviceFileEvents,DeviceImageLoadEvents,DeviceInfo,DeviceLogonEvents,DeviceNetworkEvents,DeviceNetworkInfo,DeviceProcessEvents,DeviceRegistryEvents,EmailAttachmentInfo,EmailEvents,EmailPostDeliveryEvents,EmailUrlInfo,IdentityDirectoryEvents,IdentityLogonEvents,IdentityQueryEvents,InformationProtectionLogs_CL,MDCFileIntegrityMonitoringEvents,McasShadowItReporting,ProtectionStatus,SecurityAlert,SecurityBaseline,SecurityBaselineSummary,SecurityDetection,SecurityEvent,SigninLogs,WindowsFirewall" |
- | 1 | - | - | 1 |
| Total | 0 | 1 | 0 | 0 | 1 |
| Value | Connectors | Content Items | ASIM Parsers | Other Parsers | Total |
|---|---|---|---|---|---|
AADManagedIdentitySignInLogs |
- | 1 | - | - | 1 |
AADNonInteractiveUserSignInLogs |
- | 1 | - | - | 1 |
AADProvisioningLogs |
- | 1 | - | - | 1 |
AADServicePrincipalSignInLogs |
- | 1 | - | - | 1 |
ADFSSignInLogs |
- | 1 | - | - | 1 |
AlertEvidence |
- | 1 | - | - | 1 |
AuditLogs |
- | 1 | - | - | 1 |
CloudAppEvents |
- | 1 | - | - | 1 |
DeviceEvents |
- | 1 | - | - | 1 |
DeviceFileCertificateInfo |
- | 1 | - | - | 1 |
DeviceFileEvents |
- | 1 | - | - | 1 |
DeviceImageLoadEvents |
- | 1 | - | - | 1 |
DeviceInfo |
- | 1 | - | - | 1 |
DeviceLogonEvents |
- | 1 | - | - | 1 |
DeviceNetworkEvents |
- | 1 | - | - | 1 |
DeviceNetworkInfo |
- | 1 | - | - | 1 |
DeviceProcessEvents |
- | 1 | - | - | 1 |
DeviceRegistryEvents |
- | 1 | - | - | 1 |
EmailAttachmentInfo |
- | 1 | - | - | 1 |
EmailEvents |
- | 1 | - | - | 1 |
EmailPostDeliveryEvents |
- | 1 | - | - | 1 |
EmailUrlInfo |
- | 1 | - | - | 1 |
IdentityDirectoryEvents |
- | 1 | - | - | 1 |
IdentityLogonEvents |
- | 1 | - | - | 1 |
IdentityQueryEvents |
- | 1 | - | - | 1 |
InformationProtectionLogs_CL |
- | 1 | - | - | 1 |
MDCFileIntegrityMonitoringEvents |
- | 1 | - | - | 1 |
McasShadowItReporting |
- | 1 | - | - | 1 |
ProtectionStatus |
- | 1 | - | - | 1 |
SecurityAlert |
- | 1 | - | - | 1 |
SecurityBaseline |
- | 1 | - | - | 1 |
SecurityBaselineSummary |
- | 1 | - | - | 1 |
SecurityDetection |
- | 1 | - | - | 1 |
SecurityEvent |
- | 1 | - | - | 1 |
SigninLogs |
- | 1 | - | - | 1 |
WindowsFirewall |
- | 1 | - | - | 1 |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊