Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Custom Log V1 | Yes 🔶 — uses type-suffixed column names |
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| _ResourceId | string |
| AadTenantId_g | string |
| AadTenantId_g_g | string |
| ActionId_g | string |
| ActionIdBefore_g | string |
| ActionSource_s | string |
| Activity_s | string |
| Activity_s_s | string |
| ApplicationId_g | string |
| ApplicationName_s | string |
| ApplicationName_s_s | string |
| Computer | string |
| ContentId_g | string |
| ContentId_g_g | string |
| DataState_s | string |
| DataState_s_s | string |
| DeviceId_g | string |
| DeviceId_s | string |
| DeviceRisk_s | string |
| DiscoveredInformationTypes_s | string |
| InformationTypes_s | string |
| InformationTypesAbove55_s | string |
| InformationTypesAbove65_s | string |
| InformationTypesAbove75_s | string |
| InformationTypesAbove85_s | string |
| InformationTypesAbove95_s | string |
| IPv4_s | string |
| IPv4_s_s | string |
| IsLabelChanged_b | bool |
| IsProtectionChanged_b | bool |
| LabelId_g | string |
| LabelIdBeforeAction_g | string |
| LabelName_s | string |
| LabelNameBefore_s | string |
| Location_s | string |
| LogId_g | string |
| LogId_g_g | string |
| MachineId_s | string |
| MachineName_s | string |
| ManagementGroupName | string |
| MatchedLabelId_g | string |
| MatchedLabelName_s | string |
| MG | string |
| ObjectId_s | string |
| Operation_s | string |
| Operation_s_s | string |
| ParentLabelName_s | string |
| ParentLabelNameBefore_s | string |
| PK_LAContentTypesxml_MN_0_H_nY_t_Q_Ic_g_b_2p_J_6_oE_V_P_t_3_vX_I_u_p_e_nd_z_Q_Q_K_oH_X_U_s | string |
| Platform_s | string |
| Platform_s_s | string |
| ProcessName_s | string |
| ProcessName_s_s | string |
| ProcessVersion_s | string |
| ProcessVersion_s_s | string |
| ProductVersion_s | string |
| Protected_b | bool |
| Protected_b_s | string |
| Protected_s | string |
| ProtectedBeforeAction_b | bool |
| ProtectionOwner_s | string |
| ProtectionOwner_s_s | string |
| ProtectionTime_s | string |
| ProtectionTime_t | datetime |
| ProtectionTime_t_UTC__s | string |
| ProtectionType_s | string |
| ProtectionType_s_s | string |
| ProtectionTypeBefore_s | string |
| RawData | string |
| SensitivityChange_s | string |
| SourceSystem | string |
| TemplateId_g | string |
| TemplateId_g_g | string |
| TemplateIdBefore_g | string |
| TenantId | string |
| TimeGenerated | datetime |
| TimeGenerated_s | string |
| TimeGenerated_UTC__s | string |
| Type | string |
| UserId_s | string |
| UserId_s_s | string |
| Version_s | string |
| Version_s_s | string |
| Workload_s | string |
| Workload_s_s | string |
This table is used by the following solutions:
In solution MicrosoftPurviewInsiderRiskManagement:
| Analytic Rule | Selection Criteria |
|---|---|
| Insider Risk_Sensitive Data Access Outside Organizational Geo-location |
In solution MicrosoftPurviewInsiderRiskManagement:
| Hunting Query | Selection Criteria |
|---|---|
| Insider Risk_Sign In Risk Followed By Sensitive Data Access |
In solution AzureSecurityBenchmark:
| Workbook | Selection Criteria |
|---|---|
| AzureSecurityBenchmark |
In solution ContinuousDiagnostics&Mitigation:
| Workbook | Selection Criteria |
|---|---|
| ContinuousDiagnostics&Mitigation |
In solution CybersecurityMaturityModelCertification(CMMC)2.0:
| Workbook | Selection Criteria |
|---|---|
| CybersecurityMaturityModelCertification_CMMCV2 |
In solution MaturityModelForEventLogManagementM2131:
| Workbook | Selection Criteria |
|---|---|
| MaturityModelForEventLogManagement_M2131 |
In solution ZeroTrust(TIC3.0):
| Workbook | Selection Criteria |
|---|---|
| ZeroTrustTIC3 |
GitHub Only:
| Workbook | Selection Criteria |
|---|---|
| AzureInformationProtection | |
| DoDZeroTrustWorkbook | |
| ZeroTrustStrategyWorkbook |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊