InsiderRiskManagement

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

Attribute Value
Type Workbook
Solution MicrosoftPurviewInsiderRiskManagement
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
AADNonInteractiveUserSignInLogs ?
AADUserRiskEvents ?
Anomalies ?
AuditLogs OperationName in "Add member to role,Add user,Consent to application,Create Deployment,Create or Update Virtual Machine,Create role assignment,List Storage Account Keys,Reset user password,Update user"
OperationName in "Set domain authentication,Set federation settings on domain,Sign-in activity"
OperationName != "Consent to application"
OperationName contains "Create"
OperationName contains "Delete"
OperationName contains "Update"
OperationName contains "delet"
OperationName contains "delete"
OperationName contains "remove"
OperationName has "Create"
OperationName has_any "Create,Update"
OperationName has_any "Ip,Security Rule"		 ?
AzureActivity ? ?
BehaviorAnalytics ?
EmailEvents ActionType in "Add member to role,Add user,InteractiveLogon,RemoteInteractiveLogon,Reset user password,ResourceAccess,Sign-in,Update user" ?
IdentityInfo ?
LAQueryLogs ?
MicrosoftPurviewInformationProtection ?
OfficeActivity OfficeWorkload == "Exchange"
OfficeWorkload in "AzureActiveDirectory,MicrosoftTeams"
OfficeWorkload has_any "Exchange,OneDrive"
RecordType in "ExchangeAdmin,SharePointFileOperation"		 ?
Operation ? ?
SecurityAlert ?
SecurityEvent EventID in "4723,4724" ?
SecurityIncident ?
SigninLogs ?
Syslog Facility in "auth,authpriv" ?
Update ?
Watchlist ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Workbooks · Back to MicrosoftPurviewInsiderRiskManagement