Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Custom Log V1 | Yes 🔶 — uses type-suffixed column names |
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| actions_s | string |
| activityId_s | string |
| alert_name_s | string |
| anomaly_score_d | real |
| antigena_b | bool |
| attachment_sha1s_s | string |
| bestDeviceName_s | string |
| blocked_b | bool |
| breachTime_s | string |
| breachUrl_s | string |
| Category | string |
| child_id_d | real |
| compliance_b | bool |
| cSensor_b | bool |
| cSensorID_g | guid |
| cSensorID_s | string |
| currentGroup_s | string |
| description_s | string |
| destHost_s | string |
| destIP_s | string |
| destMac_s | string |
| destPort_s | string |
| details_s | string |
| deviceId_d | real |
| deviceIP_s | string |
| direction_s | string |
| dtProduct_s | string |
| endTime_s | string |
| externalId_g | guid |
| friendlyName_s | string |
| from_s | string |
| groupByActivity_b | bool |
| groupCategory_s | string |
| groupingId_s | string |
| groupPreviousGroups_s | string |
| groupScore_d | string |
| hostname_s | string |
| identifier_s | string |
| ip_address_s | string |
| last_updated_d | real |
| last_updated_status_d | real |
| latitude_d | real |
| link_hosts_s | string |
| longitude_d | real |
| mac_s | string |
| Message | string |
| mitreTechniques_s | string |
| modelName_s | string |
| name_s | string |
| newEvent_b | bool |
| pid_d | real |
| priority_code_d | real |
| priority_d | real |
| priority_level_s | string |
| priority_s | string |
| recipients_s | string |
| score_d | real |
| Severity | real |
| sid_d | real |
| sourceHost_s | string |
| SourceIP | string |
| sourceMac_s | string |
| sourcePort_s | string |
| startTime_s | string |
| status_s | string |
| subject_s | string |
| summary_s | string |
| summaryFirstSentence_s | string |
| tags_s | string |
| threatID_d | real |
| time_s | string |
| TimeGenerated | datetime |
| timestamp_t | datetime |
| title_s | string |
| triggeredComponents_s | string |
| typeLabel_s | string |
| url_s | string |
| uuid_g | guid |
| uuid_s | string |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Darktrace Connector for Microsoft Sentinel REST API |
In solution Darktrace:
| Analytic Rule | Selection Criteria |
|---|---|
| Darktrace AI Analyst | |
| Darktrace Model Breach | |
| Darktrace System Status |
In solution Darktrace:
| Workbook | Selection Criteria |
|---|---|
| DarktraceWorkbook |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊