Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Type | Workbook |
| Solution | Microsoft Defender XDR |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AlertEvidence |
ActionType == "Automated Remediation"Title startswith "CC_" |
✓ | ✗ | ✓ |
CloudAppEvents |
ActionType in "AdminSubmissionSubmitted,AttackSimUserSubmission,ClickBlocked,FileMalwareDetected,Malware ZAP,Phish ZAP,Spam ZAP,SubmissionNotification,UserSubmission"ActionType == "Automated Remediation"ActionType contains "AdminSubmission"ActionType contains "AdminSubmissionTriage"ActionType contains "Submission"ActionType contains "UserSubmission"ActionType contains "UserSubmissionTriage"ActionType contains "ZAP"ActionType has "Malware ZAP"ActionType has "Phish ZAP"ActionType has "Spam ZAP"ActionType has "ZAP"ActionType has_any "ClickAllowed"ActionType has_any "ClickBlocked"ActionType has_any "UrlErrorPage"ActionType has_any "UrlScanInProgress"UserAgent == "MS Scanner ATP" |
✓ | ✗ | ✓ |
EmailEvents |
ActionType in "AdminSubmissionSubmitted,Malware ZAP,Phish ZAP,Redelivery,Spam ZAP,UserSubmission"DeliveryAction == "Delivered"DeliveryAction != "Delivered"OrgLevelAction in "Allow,Block"OrgLevelPolicy != "Phishing simulation"OrgLevelPolicy != "SecOps Mailbox"UserLevelAction in "Allow,Block" |
✓ | ✗ | ✓ |
EmailPostDeliveryEvents |
Action == "Quarantine release"ActionResult == "Success" |
✓ | ✗ | ? |
EmailUrlInfo |
✓ | ✗ | ? | |
SecurityAlert |
✓ | ✗ | ✓ | |
SecurityIncident |
✓ | ✗ | ✓ | |
UrlClickEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊