Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for AuditLogs table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Azure Resources, Security |
| Basic Logs Eligible | ✗ No (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| AADOperationType | string | Type of the operation. Possible values are Add Update Delete and Other. |
| AADTenantId | string | ID of the ADD tenant |
| ActivityDateTime | datetime | Date and time the activity was performed in UTC. |
| ActivityDisplayName | string | Activity name or the operation name. Examples include Create User and Add member to group. For full list see Azure AD activity list. |
| AdditionalDetails | dynamic | Indicates additional details on the activity. |
| Category | string | Currently Audit is the only supported value. |
| CorrelationId | string | Optional GUID that's passed by the client. Can help correlate client-side operations with server-side operations and is useful when tracking logs that span services. |
| DurationMs | long | Property is not used and can be ignored. |
| Id | string | GUID that uniquely identifies the activity. |
| Identity | string | Identity from the token that was presented when the request was made. The identity can be a user account system account or service principal. |
| InitiatedBy | dynamic | User or app initiated the activity. |
| Level | string | Message type. This is currently always Informational. |
| Location | string | Location of the datacenter. |
| LoggedByService | string | Service that initiated the activity (For example: Self-service Password Management Core Directory B2C Invited Users Microsoft Identity Manager Privileged Identity Management. |
| OperationName | string | Name of the operation. |
| OperationVersion | string | REST API version that's requested by the client. |
| Resource | string | |
| ResourceGroup | string | |
| ResourceId | string | |
| ResourceProvider | string | |
| Result | string | Result of the activity. Possible values are: success failure timeout unknownFutureValue. |
| ResultDescription | string | Additional description of the result. |
| ResultReason | string | Describes cause of failure or timeout results. |
| ResultSignature | string | Property is not used and can be ignored. |
| ResultType | string | Result of the operation. Possible values are Success and Failure. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TargetResources | dynamic | Indicates information on which resource was changed due to the activity. Target Resource Type can be User Device Directory App Role Group Policy or Other. |
| TimeGenerated | datetime | Date and time the record was created. |
| Type | string | The name of the table |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Microsoft Entra ID |
In solution Business Email Compromise - Financial Fraud:
| Analytic Rule | Selection Criteria |
|---|---|
| Account Elevated to New Role | OperationName == "Add member to role completed (PIM activation)" |
| Authentication Method Changed for Privileged Account | |
| Privileged Account Permissions Changed | OperationName has "Add eligible member" |
| User Added to Admin Role |
In solution Cloud Identity Threat Protection Essentials:
| Analytic Rule | Selection Criteria |
|---|---|
| Multi-Factor Authentication Disabled for a User | |
| New External User Granted Admin Role | OperationName in "Invite external user,Redeem external user invite"OperationName has "Invite external user"OperationName has "Redeem external user invite" |
In solution Microsoft Business Applications:
| Analytic Rule | Selection Criteria |
|---|---|
| Dataverse - Guest user exfiltration following Power Platform defense impairment | OperationName == "Update user" |
| Dataverse - New non-interactive identity granted access | OperationName == "Update application" |
| Power Apps - Bulk sharing of Power Apps to newly created guest users | OperationName == "Invite external user" |
| Power Platform - Account added to privileged Microsoft Entra roles |
In solution Microsoft Entra ID:
In solution SecurityThreatEssentialSolution:
In solution Threat Intelligence:
| Analytic Rule | Selection Criteria |
|---|---|
| TI Map URL Entity to AuditLogs |
In solution Threat Intelligence (NEW):
| Analytic Rule | Selection Criteria |
|---|---|
| TI Map URL Entity to AuditLogs |
Standalone Content:
In solution Business Email Compromise - Financial Fraud:
| Hunting Query | Selection Criteria |
|---|---|
| Risky Sign-in with new MFA method | |
| User detection added to privilege groups based in Watchlist |
In solution Cloud Identity Threat Protection Essentials:
| Hunting Query | Selection Criteria |
|---|---|
| Application Granted EWS Permissions | OperationName has "Add app role assignment to service principal" |
| Interactive STS refresh token modifications | OperationName has "StsRefreshTokenValidFrom" |
| User Granted Access and Grants Access to Other Users |
In solution Microsoft Business Applications:
| Hunting Query | Selection Criteria |
|---|---|
| Power Apps - Anomalous bulk sharing of Power App to newly created guest users |
In solution UEBA Essentials:
| Hunting Query | Selection Criteria |
|---|---|
| Anomalous Entra High-Privilege Role Modification | OperationName == "Update user" |
| Anomalous High-Privileged Role Assignment | OperationName == "Add member to role" |
Standalone Content:
| Hunting Query | Selection Criteria |
|---|---|
| Consent to Application discovery | OperationName == "Consent to application"OperationName != "Consent to application" |
| Failed service logon attempt by user account with available AuditData | |
| Inactive or new account signins | |
| Rare Audit activity initiated by App | |
| Rare Audit activity initiated by User | |
| Rare domains seen in Cloud Logs | |
| Tracking Password Changes | |
| User Granted Access and associated audit activity | |
| User Granted Access and created resources |
GitHub Only:
| Hunting Query | Selection Criteria |
|---|---|
| Account Added to Privileged PIM Group | |
| Account MFA Modifications | OperationName in "Admin deleted security info,Admin registered security info,Admin updated security info,User changed default security info,User deleted security info,User registered all required security info,User registered security info,User started security info registration" |
| Approved Access Packages Details | OperationName in "Approve access package assignment request,Request approved,User requests access package assignment" |
| BitLocker Key Retrieval | OperationName == "Read BitLocker key" |
| Critical user management operations followed by disabling of System Restore from admin account | |
| Dormant User Update MFA and Logs In | OperationName == "User registered security info" |
| Dormant User Update MFA and Logs In - UEBA | OperationName == "User registered security info" |
| High Risk Sign In Around Authentication Method Added or Device Registration | OperationName in "Register device,User registered security info" |
| Invited Guest User but not redeemed Invite for longer period. | OperationName in "Invite external user,Redeem external user invite" |
| Multiple Entra ID Admins Removed | OperationName in "Remove eligible member from role,Remove member from role" |
| OAuth Application Required Resource Access Update | |
| Privileged Account Password Changes | OperationName has_any "password,security info" |
| Risky Sign-in with Device Registration | OperationName == "Add registered owner to device" |
| SQL Alert Correlation with CommonSecurityLogs and AuditLogs | |
| Storage Account Key Enumeration | |
| Storage Alerts Correlation with CommonSecurityLogs & AuditLogs | |
| Successful Sign-In From Non-Compliant Device with bulk download activity | OperationName has_any "Download group members,Download groups,Download user registeration details,Download users" |
| Unfamiliar Signin Correlation with AzurePortal Signin Attempts and AuditLogs | OperationName has_any "Add member to role" |
In solution AzureSecurityBenchmark: OperationName in "Add member to role,Add user,AzureFirewallIDSLog,NetworkSecurityGroupEvents,Reset user password,Update user"OperationName contains "PIM"OperationName contains "create"OperationName contains "delete"OperationName contains "lockbox"OperationName contains "remove"OperationName contains "update"
| Workbook |
|---|
| AzureSecurityBenchmark |
In solution ContinuousDiagnostics&Mitigation: OperationName contains "PIM"
| Workbook |
|---|
| ContinuousDiagnostics&Mitigation |
In solution CybersecurityMaturityModelCertification(CMMC)2.0: OperationName in "Add member to role,Add user,NetworkSecurityGroupEvents,Reset user password,Update user"OperationName contains "Add"OperationName contains "Audit"OperationName contains "Change"OperationName contains "Create"OperationName contains "Delete"OperationName contains "Log"OperationName contains "Monitor"OperationName contains "PIM"OperationName contains "Remove"OperationName contains "Update"OperationName contains "Write"OperationName contains "reset"
| Workbook |
|---|
| CybersecurityMaturityModelCertification_CMMCV2 |
In solution DPDP Compliance: OperationName in "Add member to role,Add user,Consent to application,Reset user password,Update user"OperationName == "Sign-in activity"OperationName != "Consent to application"
| Workbook |
|---|
| DPDPCompliance |
In solution GDPR Compliance & Data Security: OperationName in "Add member to role,Add user,Consent to application,Reset user password,Update user"OperationName == "Sign-in activity"OperationName != "Consent to application"
| Workbook |
|---|
| GDPRComplianceAndDataSecurity |
In solution Lumen Defender Threat Feed:
| Workbook | Selection Criteria |
|---|---|
| Lumen-Threat-Feed-Overview |
In solution MaturityModelForEventLogManagementM2131: OperationName in "Add member to role,Add user,ApplicationGatewayFirewall,AzureFirewallIDSLog,Reset user password,Update user"OperationName !contains "external"OperationName !contains "invite"OperationName !contains "licnense"OperationName contains "group"OperationName contains "member"OperationName contains "principal"OperationName contains "role"OperationName contains "user"
| Workbook |
|---|
| MaturityModelForEventLogManagement_M2131 |
In solution Microsoft Entra ID:
| Workbook | Selection Criteria |
|---|---|
| AzureActiveDirectoryAuditLogs | |
| ConditionalAccessSISM |
In solution MicrosoftPurviewInsiderRiskManagement: OperationName in "Add member to role,Add user,Consent to application,Create Deployment,Create or Update Virtual Machine,Create role assignment,List Storage Account Keys,Reset user password,Update user"OperationName in "Set domain authentication,Set federation settings on domain,Sign-in activity"OperationName != "Consent to application"OperationName contains "Create"OperationName contains "Delete"OperationName contains "Update"OperationName contains "delet"OperationName contains "delete"OperationName contains "remove"OperationName has "Create"OperationName has_any "Create,Update"OperationName has_any "Ip,Security Rule"
| Workbook |
|---|
| InsiderRiskManagement |
In solution NISTSP80053: OperationName contains "Delete"OperationName contains "PIM"OperationName contains "Remove"
| Workbook |
|---|
| NISTSP80053 |
In solution SOC Handbook: OperationName == "Consent to application"OperationName == "Disable Strong Authentication"OperationName contains "password"
| Workbook |
|---|
| InvestigationInsights |
In solution SOX IT Compliance:
| Workbook | Selection Criteria |
|---|---|
| SOXITCompliance |
In solution ZeroTrust(TIC3.0): OperationName in "Add member to role,Add user,ApplicationGatewayFirewall,AzureFirewallIDSLog,AzureFirewallThreatIntelLog,NetworkSecurityGroupEvents,Reset user password,Update user"OperationName contains "PIM"
| Workbook |
|---|
| ZeroTrustTIC3 |
GitHub Only:
| Workbook | Selection Criteria |
|---|---|
| AzureActiveDirectoryAuditLogs | |
| AzureLogCoverage | |
| AzureThreatResearchMatrixWorkbook | |
| ConditionalAccessTrendsandChanges | OperationName in "Add conditional access policy,Add member to group,Delete conditional access policy,Update conditional access policy"OperationName contains "group" |
| DoDZeroTrustWorkbook | OperationName in "Add app role assignment grant to user,Add application,Add group,Add member to role,Add member to role completed (PIM activation),Add user,Create access package,Reset user password,Update conditional access policy,Update user,User requests access package assignment"OperationName contains "PIM"OperationName contains "create access package"OperationName contains "permanent"OperationName has "User requests access package assignment"OperationName has "application" |
| InvestigationInsights | OperationName == "Consent to application"OperationName == "Disable Strong Authentication"OperationName contains "password" |
| MicrosoftSentinelDeploymentandMigrationTracker | |
| SentinelWorkspaceReconTools | |
| SolarWindsPostCompromiseHunting | |
| User_Analytics_Workbook | |
| ZeroTrustStrategyWorkbook | OperationName in "Add app role assignment grant to user,Add application,Add group,Add member to role,Add member to role completed (PIM activation),Add user,Create access package,Reset user password,Update conditional access policy,Update user,User requests access package assignment"OperationName contains "PIM"OperationName contains "create access package"OperationName contains "permanent"OperationName has "User requests access package assignment"OperationName has "application" |
This table collects data from the following Azure resource types:
microsoft.azureadgraph/tenantsmicrosoft.graph/tenantsReferences by type: 0 connectors, 91 content items, 0 ASIM parsers, 0 other parsers.
| Selection Criteria | Connectors | Content Items | ASIM Parsers | Other Parsers | Total |
|---|---|---|---|---|---|
OperationName == "Update conditional access policy" |
- | 6 | - | - | 6 |
OperationName == "Update user" |
- | 5 | - | - | 5 |
OperationName has "Update a partner cross-tenant access setting" |
- | 4 | - | - | 4 |
OperationName == "Invite external user" |
- | 3 | - | - | 3 |
OperationName in "Add OAuth2PermissionGrant,Add delegated permission grant,Add service principal,Consent to application" |
- | 3 | - | - | 3 |
OperationName has_any "Add service principal,Certificatessecrets management" |
- | 3 | - | - | 3 |
OperationName in "Add user,Delete user" |
- | 2 | - | - | 2 |
OperationName in "Set domain authentication,Set federation settings on domain" |
- | 2 | - | - | 2 |
OperationName == "Add app role assignment to service principal" |
- | 2 | - | - | 2 |
OperationName == "Add member to role"OperationName has "Add member to role outside of PIM" |
- | 2 | - | - | 2 |
OperationName has "Consent to application" |
- | 2 | - | - | 2 |
OperationName has_any "Update Application,Update Service principal" |
- | 2 | - | - | 2 |
OperationName == "Update Application" |
- | 2 | - | - | 2 |
OperationName == "Add user" |
- | 2 | - | - | 2 |
OperationName == "User registered security info" |
- | 2 | - | - | 2 |
OperationName in "Add member to role,Add user,Consent to application,Reset user password,Update user"OperationName == "Sign-in activity"OperationName != "Consent to application" |
- | 2 | - | - | 2 |
OperationName == "Add member to role completed (PIM activation)" |
- | 1 | - | - | 1 |
OperationName has "Add eligible member" |
- | 1 | - | - | 1 |
OperationName in "Invite external user,Redeem external user invite"OperationName has "Invite external user"OperationName has "Redeem external user invite" |
- | 1 | - | - | 1 |
OperationName == "Update application" |
- | 1 | - | - | 1 |
OperationName in "Add app role assignment to service principal,Add delegated permission grant" |
- | 1 | - | - | 1 |
OperationName == "Delete conditional access policy" |
- | 1 | - | - | 1 |
OperationName == "Add conditional access policy" |
- | 1 | - | - | 1 |
OperationName == "Update group" |
- | 1 | - | - | 1 |
OperationName in "Add service principal credentials,Consent to application" |
- | 1 | - | - | 1 |
OperationName has "Add a partner to cross-tenant access setting" |
- | 1 | - | - | 1 |
OperationName has "Delete partner specific cross-tenant access setting" |
- | 1 | - | - | 1 |
OperationName == "Consent to application" |
- | 1 | - | - | 1 |
OperationName has "Certificatessecrets management" |
- | 1 | - | - | 1 |
OperationName in "Add member to group,Add owner to group" |
- | 1 | - | - | 1 |
OperationName in "Add unverified domain,Add verified domain" |
- | 1 | - | - | 1 |
OperationName == "Add unverified domain" |
- | 1 | - | - | 1 |
OperationName == "Update device" |
- | 1 | - | - | 1 |
OperationName == "Remove service principal"OperationName has_all "Update application" |
- | 1 | - | - | 1 |
OperationName == "Admin registered security info" |
- | 1 | - | - | 1 |
OperationName == "Add owner to application" |
- | 1 | - | - | 1 |
OperationName == "Update role setting in PIM" |
- | 1 | - | - | 1 |
OperationName has "conditional access policy" |
- | 1 | - | - | 1 |
OperationName has_all "member to role" |
- | 1 | - | - | 1 |
OperationName == "Add User" |
- | 1 | - | - | 1 |
OperationName == "Delete user" |
- | 1 | - | - | 1 |
OperationName has "Add app role assignment to service principal" |
- | 1 | - | - | 1 |
OperationName has "StsRefreshTokenValidFrom" |
- | 1 | - | - | 1 |
OperationName == "Add member to role" |
- | 1 | - | - | 1 |
OperationName in "Admin deleted security info,Admin registered security info,Admin updated security info,User changed default security info,User deleted security info,User registered all required security info,User registered security info,User started security info registration" |
- | 1 | - | - | 1 |
OperationName in "Approve access package assignment request,Request approved,User requests access package assignment" |
- | 1 | - | - | 1 |
OperationName == "Read BitLocker key" |
- | 1 | - | - | 1 |
OperationName == "Consent to application"OperationName != "Consent to application" |
- | 1 | - | - | 1 |
OperationName in "Invite external user,Redeem external user invite" |
- | 1 | - | - | 1 |
OperationName in "Register device,User registered security info" |
- | 1 | - | - | 1 |
OperationName has_any "Download group members,Download groups,Download user registeration details,Download users" |
- | 1 | - | - | 1 |
OperationName has_any "password,security info" |
- | 1 | - | - | 1 |
OperationName has_any "Add member to role" |
- | 1 | - | - | 1 |
OperationName in "Remove eligible member from role,Remove member from role" |
- | 1 | - | - | 1 |
OperationName == "Add registered owner to device" |
- | 1 | - | - | 1 |
OperationName in "Add member to role,Add user,AzureFirewallIDSLog,NetworkSecurityGroupEvents,Reset user password,Update user"OperationName contains "PIM"OperationName contains "create"OperationName contains "delete"OperationName contains "lockbox"OperationName contains "remove"OperationName contains "update" |
- | 1 | - | - | 1 |
OperationName contains "PIM" |
- | 1 | - | - | 1 |
OperationName in "Add member to role,Add user,NetworkSecurityGroupEvents,Reset user password,Update user"OperationName contains "Add"OperationName contains "Audit"OperationName contains "Change"OperationName contains "Create"OperationName contains "Delete"OperationName contains "Log"OperationName contains "Monitor"OperationName contains "PIM"OperationName contains "Remove"OperationName contains "Update"OperationName contains "Write"OperationName contains "reset" |
- | 1 | - | - | 1 |
OperationName in "Add member to role,Add user,ApplicationGatewayFirewall,AzureFirewallIDSLog,Reset user password,Update user"OperationName !contains "external"OperationName !contains "invite"OperationName !contains "licnense"OperationName contains "group"OperationName contains "member"OperationName contains "principal"OperationName contains "role"OperationName contains "user" |
- | 1 | - | - | 1 |
OperationName in "Add member to role,Add user,Consent to application,Create Deployment,Create or Update Virtual Machine,Create role assignment,List Storage Account Keys,Reset user password,Update user"OperationName in "Set domain authentication,Set federation settings on domain,Sign-in activity"OperationName != "Consent to application"OperationName contains "Create"OperationName contains "Delete"OperationName contains "Update"OperationName contains "delet"OperationName contains "delete"OperationName contains "remove"OperationName has "Create"OperationName has_any "Create,Update"OperationName has_any "Ip,Security Rule" |
- | 1 | - | - | 1 |
OperationName contains "Delete"OperationName contains "PIM"OperationName contains "Remove" |
- | 1 | - | - | 1 |
OperationName == "Consent to application"OperationName == "Disable Strong Authentication"OperationName contains "password" |
- | 1 | - | - | 1 |
OperationName in "Add member to role,Add user,ApplicationGatewayFirewall,AzureFirewallIDSLog,AzureFirewallThreatIntelLog,NetworkSecurityGroupEvents,Reset user password,Update user"OperationName contains "PIM" |
- | 1 | - | - | 1 |
| Total | 0 | 91 | 0 | 0 | 91 |
| Value | Connectors | Content Items | ASIM Parsers | Other Parsers | Total |
|---|---|---|---|---|---|
Update user |
- | 12 | - | - | 12 |
Add user |
- | 11 | - | - | 11 |
Consent to application |
- | 10 | - | - | 10 |
Add member to role |
- | 10 | - | - | 10 |
Reset user password |
- | 7 | - | - | 7 |
Update conditional access policy |
- | 6 | - | - | 6 |
Invite external user |
- | 5 | - | - | 5 |
contains PIM |
- | 5 | - | - | 5 |
Add delegated permission grant |
- | 4 | - | - | 4 |
has Update a partner cross-tenant access setting |
- | 4 | - | - | 4 |
User registered security info |
- | 4 | - | - | 4 |
!= Consent to application |
- | 4 | - | - | 4 |
Delete user |
- | 3 | - | - | 3 |
Set domain authentication |
- | 3 | - | - | 3 |
Set federation settings on domain |
- | 3 | - | - | 3 |
Add app role assignment to service principal |
- | 3 | - | - | 3 |
Add OAuth2PermissionGrant |
- | 3 | - | - | 3 |
Add service principal |
- | 3 | - | - | 3 |
has_any Add service principal |
- | 3 | - | - | 3 |
has_any Certificates |
- | 3 | - | - | 3 |
AzureFirewallIDSLog |
- | 3 | - | - | 3 |
NetworkSecurityGroupEvents |
- | 3 | - | - | 3 |
contains Delete |
- | 3 | - | - | 3 |
Sign-in activity |
- | 3 | - | - | 3 |
Redeem external user invite |
- | 2 | - | - | 2 |
Add unverified domain |
- | 2 | - | - | 2 |
has Add member to role outside of PIM |
- | 2 | - | - | 2 |
has Consent to application |
- | 2 | - | - | 2 |
Admin registered security info |
- | 2 | - | - | 2 |
has_any Update Application |
- | 2 | - | - | 2 |
has_any Update Service principal |
- | 2 | - | - | 2 |
Update Application |
- | 2 | - | - | 2 |
contains delete |
- | 2 | - | - | 2 |
contains remove |
- | 2 | - | - | 2 |
contains Create |
- | 2 | - | - | 2 |
contains Remove |
- | 2 | - | - | 2 |
contains Update |
- | 2 | - | - | 2 |
ApplicationGatewayFirewall |
- | 2 | - | - | 2 |
Add member to role completed (PIM activation) |
- | 1 | - | - | 1 |
has Add eligible member |
- | 1 | - | - | 1 |
has Invite external user |
- | 1 | - | - | 1 |
has Redeem external user invite |
- | 1 | - | - | 1 |
Update application |
- | 1 | - | - | 1 |
Delete conditional access policy |
- | 1 | - | - | 1 |
Add conditional access policy |
- | 1 | - | - | 1 |
Update group |
- | 1 | - | - | 1 |
Add service principal credentials |
- | 1 | - | - | 1 |
has Add a partner to cross-tenant access setting |
- | 1 | - | - | 1 |
has Delete partner specific cross-tenant access setting |
- | 1 | - | - | 1 |
has Certificates |
- | 1 | - | - | 1 |
Add member to group |
- | 1 | - | - | 1 |
Add owner to group |
- | 1 | - | - | 1 |
Add verified domain |
- | 1 | - | - | 1 |
Update device |
- | 1 | - | - | 1 |
Remove service principal |
- | 1 | - | - | 1 |
has_all Update application |
- | 1 | - | - | 1 |
Add owner to application |
- | 1 | - | - | 1 |
Update role setting in PIM |
- | 1 | - | - | 1 |
has conditional access policy |
- | 1 | - | - | 1 |
has_all member to role |
- | 1 | - | - | 1 |
Add User |
- | 1 | - | - | 1 |
has Add app role assignment to service principal |
- | 1 | - | - | 1 |
has StsRefreshTokenValidFrom |
- | 1 | - | - | 1 |
Admin deleted security info |
- | 1 | - | - | 1 |
Admin updated security info |
- | 1 | - | - | 1 |
User changed default security info |
- | 1 | - | - | 1 |
User deleted security info |
- | 1 | - | - | 1 |
User registered all required security info |
- | 1 | - | - | 1 |
User started security info registration |
- | 1 | - | - | 1 |
Approve access package assignment request |
- | 1 | - | - | 1 |
Request approved |
- | 1 | - | - | 1 |
User requests access package assignment |
- | 1 | - | - | 1 |
Read BitLocker key |
- | 1 | - | - | 1 |
Register device |
- | 1 | - | - | 1 |
has_any Download group members |
- | 1 | - | - | 1 |
has_any Download groups |
- | 1 | - | - | 1 |
has_any Download user registeration details |
- | 1 | - | - | 1 |
has_any Download users |
- | 1 | - | - | 1 |
has_any password |
- | 1 | - | - | 1 |
has_any security info |
- | 1 | - | - | 1 |
has_any Add member to role |
- | 1 | - | - | 1 |
Remove eligible member from role |
- | 1 | - | - | 1 |
Remove member from role |
- | 1 | - | - | 1 |
Add registered owner to device |
- | 1 | - | - | 1 |
contains create |
- | 1 | - | - | 1 |
contains lockbox |
- | 1 | - | - | 1 |
contains update |
- | 1 | - | - | 1 |
contains Add |
- | 1 | - | - | 1 |
contains Audit |
- | 1 | - | - | 1 |
contains Change |
- | 1 | - | - | 1 |
contains Log |
- | 1 | - | - | 1 |
contains Monitor |
- | 1 | - | - | 1 |
contains Write |
- | 1 | - | - | 1 |
contains reset |
- | 1 | - | - | 1 |
!contains external |
- | 1 | - | - | 1 |
!contains invite |
- | 1 | - | - | 1 |
!contains licnense |
- | 1 | - | - | 1 |
contains group |
- | 1 | - | - | 1 |
contains member |
- | 1 | - | - | 1 |
contains principal |
- | 1 | - | - | 1 |
contains role |
- | 1 | - | - | 1 |
contains user |
- | 1 | - | - | 1 |
Create Deployment |
- | 1 | - | - | 1 |
Create or Update Virtual Machine |
- | 1 | - | - | 1 |
Create role assignment |
- | 1 | - | - | 1 |
List Storage Account Keys |
- | 1 | - | - | 1 |
contains delet |
- | 1 | - | - | 1 |
has Create |
- | 1 | - | - | 1 |
has_any Create |
- | 1 | - | - | 1 |
has_any Update |
- | 1 | - | - | 1 |
has_any Ip |
- | 1 | - | - | 1 |
has_any Security Rule |
- | 1 | - | - | 1 |
Disable Strong Authentication |
- | 1 | - | - | 1 |
contains password |
- | 1 | - | - | 1 |
AzureFirewallThreatIntelLog |
- | 1 | - | - | 1 |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊