ContinuousDiagnostics&Mitigation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Attribute	Value
Type	Workbook
Solution	ContinuousDiagnostics&Mitigation
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AWSCloudTrail		✓	✓	✓
AWSVPCFlow		✓	✓	✓
AlertEvidence		✓	✗	✓
AuditLogs	OperationName contains "PIM"	✓	✗	✓
AzureActivity		✗	✗	✗
AzureDevOpsAuditing		✓	✗	?
AzureDiagnostics 🔶	Category in "NetworkSecurityGroupEvent,kube-audit" Category contains "SQL" ResourceProvider == "MICROSOFT.KEYVAULT" ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES"	✗	✗	✗
CarbonBlack_Alerts_CL		✗	✓	✗
CommonSecurityLog		✓	✓	✓
ConfigurationData		✓	✗	?
DeviceEvents		✓	✗	✓
DeviceFileEvents		✓	✗	?
DeviceLogonEvents		✓	✗	?
DnsEvents		✓	✗	✓
Dynamics365Activity		✓	✗	✗
GCP_IAM_CL 🔶		?	✓	?
GitHubAuditLogPolling_CL		✓	✓	✓
IdentityInfo		✓	✗	?
InformationProtectionLogs_CL 🔶		?	✓	?
OfficeActivity		✓	✗	✓
QualysHostDetectionV3_CL		✓	✓	✓
SecurityAlert	ProductName in "Azure Active Directory Identity Protection,Azure Security Center for IoT,Microsoft 365 Insider Risk Management,Microsoft Defender Advanced Threat Protection"	✓	✗	✓
SecurityBaseline	AnalyzeResult in "Failed,Passed"	✓	✗	?
SecurityEvent		✓	✓	✓
SecurityIncident		✓	✗	✓
SecurityNestedRecommendation		✓	✗	?
SecurityRecommendation	RecommendationDisplayName contains "access" RecommendationDisplayName contains "account" RecommendationDisplayName contains "admin" RecommendationDisplayName contains "agent" RecommendationDisplayName contains "aks" RecommendationDisplayName contains "audit" RecommendationDisplayName contains "auth" RecommendationDisplayName contains "back" RecommendationDisplayName contains "bound" RecommendationDisplayName contains "cert" RecommendationDisplayName contains "cmk" RecommendationDisplayName contains "collect" RecommendationDisplayName contains "contain" RecommendationDisplayName contains "data" RecommendationDisplayName contains "detect" RecommendationDisplayName contains "edr" RecommendationDisplayName contains "endpoint" RecommendationDisplayName contains "endpoint protection" RecommendationDisplayName contains "event" RecommendationDisplayName contains "firewall" RecommendationDisplayName contains "gateway" RecommendationDisplayName contains "http" RecommendationDisplayName contains "identity" RecommendationDisplayName contains "incident" RecommendationDisplayName contains "internet" RecommendationDisplayName contains "intrusion" RecommendationDisplayName contains "just" RecommendationDisplayName contains "key" RecommendationDisplayName contains "kube" RecommendationDisplayName contains "malware" RecommendationDisplayName contains "network" RecommendationDisplayName contains "port" RecommendationDisplayName contains "priv" RecommendationDisplayName contains "privacy" RecommendationDisplayName contains "protection" RecommendationDisplayName contains "proxy" RecommendationDisplayName contains "root" RecommendationDisplayName contains "sql" RecommendationDisplayName contains "storage" RecommendationDisplayName contains "subnet" RecommendationDisplayName contains "supply" RecommendationDisplayName contains "tls" RecommendationDisplayName contains "token" RecommendationDisplayName contains "traffic" RecommendationDisplayName contains "trust" RecommendationDisplayName contains "url" RecommendationDisplayName contains "user" RecommendationDisplayName contains "web" RecommendationState in "Healthy,NotApplicable,Removed,Unhealthy"	✓	✗	?
SigninLogs		✓	✗	✓
StorageBlobLogs		✓	✗	✓
Syslog		✓	✓	✓
ThreatIntelligenceIndicator		✓	✓	✗
WindowsFirewall		✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Workbooks · Back to ContinuousDiagnostics&Mitigation