Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Security events that occurred after the delivery of a Microsoft Teams message in your organization
| Attribute | Value |
|---|---|
| Category | Security, XDR |
| Basic Logs Eligible | ✓ Yes |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
| Defender XDR Advanced Hunting Schema | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| Action | string | Action taken on the message: Blocked, Moved to quarantine |
| ActionResult | string | Result of the action |
| ActionTrigger | string | Indicates whether an action was triggered by an administrator (manually or through approval of a pending automated action), or by some special mechanism, such as a ZAP or Dynamic Delivery |
| ActionType | string | Type of activity that triggered the event: Manual remediation, Phish ZAP, Malware ZAP |
| ConfidenceLevel | dynamic | List of confidence levels for each threat type identified |
| DetectionMethods | string | Methods used to detect malware, phishing, or other threats found in the message |
| IsExternalThread | bool | Indicates if there are external recipients in the thread (1) or none (0) |
| LatestDeliveryLocation | string | Last known location of the message |
| RecipientDetails | dynamic | Array of recipient data (RecipientSmtpAddress, RecipientDisplayName, RecipientType, RecipientObjectId) |
| ReportId | string | Unique identifier for the event |
| SafetyTip | string | The safety tip that has been added on a message, if any |
| SenderEmailAddress | string | Email address of the sender |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| TeamsMessageId | string | Unique identifier for the message, as generated by Microsoft 365 |
| TenantId | string | The Log Analytics workspace ID |
| ThreatTypes | string | Verdict from the filtering stack on whether the message contains malware, phishing, or other threats |
| TimeGenerated | datetime | Date and time (UTC) when the record was generated. |
| Type | string | The name of the table |
This table is used by the following solutions:
In solution Microsoft Defender XDR:
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊