MicrosoftDefenderForOffice365detectionsandinsights

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

Attribute	Value
Type	Workbook
Solution	Microsoft Defender XDR
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
`AlertEvidence`	`ActionType == "Automated Remediation"`	✓	✗	?
`CloudAppEvents`	`ActionType in "AdminSubmissionSubmitted,AttackSimUserSubmission,FileMalwareDetected,Malware ZAP,Phish ZAP,Redelivery,Spam ZAP,SubmissionNotification,UserSubmission"` `ActionType contains "AdminSubmission"` `ActionType contains "AdminSubmissionTriage"` `ActionType contains "Submission"` `ActionType contains "UserSubmission"` `ActionType contains "UserSubmissionTriage"`	✓	✗	?
`EmailEvents`	`ActionType in "AdminSubmissionSubmitted,AttackSimUserSubmission,ClickBlocked,Malware ZAP,Phish ZAP,Spam ZAP,UserSubmission"` `ActionType == "Automated Remediation"` `ActionType contains "Submission"` `ActionType contains "UserSubmission"` `ActionType contains "ZAP"` `ActionType has "Malware ZAP"` `ActionType has "Phish ZAP"` `ActionType has "Spam ZAP"` `ActionType has "ZAP"` `ActionType has_any "ClickAllowed"` `ActionType has_any "ClickBlocked"` `ActionType has_any "UrlErrorPage"` `ActionType has_any "UrlScanInProgress"`	✓	✗	?
`EmailPostDeliveryEvents`		✓	✗	?
`EmailUrlInfo`		✓	✗	?
`SecurityAlert`		✓	✗	?
`SecurityIncident`		✓	✗	?
`UrlClickEvents`		✓	✗	?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Workbooks · Back to Microsoft Defender XDR