Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Defender XDR Only: This table is available in Microsoft Defender XDR advanced hunting but is not available in the Azure Monitor Log Analytics table reference.
Security events that occurred after the delivery of a Microsoft Teams message in your organization
| Attribute | Value |
|---|---|
| Category | XDR |
| Ingestion API Supported | ✗ No |
| Defender XDR Advanced Hunting Schema | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| Action | string | Action taken on the message: Blocked, Moved to quarantine |
| ActionResult | string | Result of the action |
| ActionTrigger | string | Indicates whether an action was triggered by an administrator (manually or through approval of a pending automated action), or by some special mechanism, such as a ZAP or Dynamic Delivery |
| ActionType | string | Type of activity that triggered the event: Manual remediation, Phish ZAP, Malware ZAP |
| ConfidenceLevel | dynamic | List of confidence levels for each threat type identified |
| DetectionMethods | string | Methods used to detect malware, phishing, or other threats found in the message |
| IsExternalThread | boolean | Indicates if there are external recipients in the thread (1) or none (0) |
| LatestDeliveryLocation | string | Last known location of the message |
| RecipientDetails | dynamic | Array of recipient data (RecipientSmtpAddress, RecipientDisplayName, RecipientType, RecipientObjectId) |
| ReportId | string | Unique identifier for the event |
| SafetyTip | string | The safety tip that has been added on a message, if any |
| SenderEmailAddress | string | Email address of the sender |
| TeamsMessageId | string | Unique identifier for the message, as generated by Microsoft 365 |
| ThreatTypes | string | Verdict from the filtering stack on whether the message contains malware, phishing, or other threats |
| Timestamp | datetime | Date and time when the event was recorded |
This table is used by the following solutions:
In solution Microsoft Defender XDR:
GitHub Only:
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊