Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for NetworkAccessTraffic table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | IT & Management Tools, Network, Security |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| AccessType | string | Type of accessed application. Access type options: QuickAccess, PrivateAccess. |
| Action | string | The action taken on the network session. Allowed, Denied. |
| AgentVersion | string | The version of the agent connecting. |
| AIAgentId | string | The unique identifier of the AI agent associated with the traffic. |
| AIAgentName | string | The name of the AI agent associated with the traffic. |
| AppId | string | Destination Application ID accessed in Azure AD during the transaction. |
| AppSegmentId | string | Destination Application segment ID from Azure AD accessed during the transaction. |
| CloudAppCatalogId | string | The id of the application in the saas application catalog. |
| CloudAppCategories | string | The category list of the cloud application (i.e social media, search, generative AI). |
| CloudAppCategory | string | The category of the cloud application (i.e social media, search, generative AI). |
| CloudAppComplianceScore | int | The compliance score of the application. |
| CloudAppGeneralScore | int | The general score of the application. |
| CloudAppLegalScore | int | The legal score of the application. |
| CloudAppLoginUser | string | The username that was used to log into the application. |
| CloudAppName | string | The name of the application (i.e chatGPT, SalesForce, Bing). |
| CloudAppRiskScore | int | The risk score of the application. |
| ConnectionId | string | Unique identifier representing the connection this traffic log was initiated from. |
| ConnectionStatus | string | Status of a connection. Status options: Open, Active, Closed. |
| ConnectorId | string | Private access connector ID. |
| ConnectorIp | string | Private access connector IP. |
| ConnectorName | string | Private access connector name. |
| Description | string | Additional details describing the traffic. |
| DestinationFqdn | string | The destination device hostname, including domain information when available. |
| DestinationIp | string | The IP address of the connection or session destination. |
| DestinationPort | int | The destination IP port. |
| DestinationUrl | string | The Url link of the connection or session destination. |
| DestinationWebCategories | string | The destination FQDN's Web Categories. |
| DeviceCategory | string | Device type the transaction originated from. Client, Branch. |
| DeviceId | string | The ID of the source device as reported in the record. |
| DeviceOperatingSystem | string | The client connecting operating system type. |
| DeviceOperatingSystemVersion | string | The client connecting operating system version. |
| DnsResponseOrigin | string | The origin of the DNS response for the traffic. Possible values: Cache, Onprem. |
| FilteringProfileId | string | The ID of the Filtering Profile associated with the action performed on traffic. |
| FilteringProfileName | string | The name of the Filtering Profile associated with the action performed on traffic. |
| HttpMethod | string | The http method used in the request. |
| HttpRequestContentType | string | The content type specified in the HTTP request header. |
| HttpResponseContentType | string | The content type specified in the HTTP response header. |
| HttpUserAgent | string | The user agent string from the HTTP request header. |
| InitiatingProcessName | string | The process initiating the traffic transaction. |
| KerberosClientName | string | Name associated with client during authentication. |
| KerberosErrorCode | int | Kerberos error code (0-81). See KerberosErrorCodeName for corresponding error name. |
| KerberosErrorCodeName | string | Kerberos error code name. Possible values: KDC_ERR_NONE (0), KDC_ERR_NAME_EXP (1), KDC_ERR_SERVICE_EXP (2), KDC_ERR_BAD_PVNO (3), KDC_ERR_C_OLD_MAST_KVNO (4), KDC_ERR_S_OLD_MAST_KVNO (5), KDC_ERR_C_PRINCIPAL_UNKNOWN (6), KDC_ERR_S_PRINCIPAL_UNKNOWN (7), KDC_ERR_PRINCIPAL_NOT_UNIQUE (8), KDC_ERR_NULL_KEY (9), KDC_ERR_CANNOT_POSTDATE (10), KDC_ERR_NEVER_VALID (11), KDC_ERR_POLICY (12), KDC_ERR_BADOPTION (13), KDC_ERR_ETYPE_NOSUPP (14), KDC_ERR_SUMTYPE_NOSUPP (15), KDC_ERR_PADATA_TYPE_NOSUPP (16), KDC_ERR_TRTYPE_NOSUPP (17), KDC_ERR_CLIENT_REVOKED (18), KDC_ERR_SERVICE_REVOKED (19), KDC_ERR_TGT_REVOKED (20), KDC_ERR_CLIENT_NOTYET (21), KDC_ERR_SERVICE_NOTYET (22), KDC_ERR_KEY_EXPIRED (23), KDC_ERR_PREAUTH_FAILED (24), KDC_ERR_PREAUTH_REQUIRED (25), KDC_ERR_SERVER_NOMATCH (26), KDC_ERR_MUST_USE_USER2USER (27), KDC_ERR_PATH_NOT_ACCEPTED (28), KDC_ERR_SVC_UNAVAILABLE (29), KRB_AP_ERR_BAD_INTEGRITY (31), KRB_AP_ERR_TKT_EXPIRED (32), KRB_AP_ERR_TKT_NYV (33), KRB_AP_ERR_REPEAT (34), KRB_AP_ERR_NOT_US (35), KRB_AP_ERR_BADMATCH (36), KRB_AP_ERR_SKEW (37), KRB_AP_ERR_BADADDR (38), KRB_AP_ERR_BADVERSION (39), KRB_AP_ERR_MSG_TYPE (40), KRB_AP_ERR_MODIFIED (41), KRB_AP_ERR_BADORDER (42), KRB_AP_ERR_BADKEYVER (44), KRB_AP_ERR_NOKEY (45), KRB_AP_ERR_MUT_FAIL (46), KRB_AP_ERR_BADDIRECTION (47), KRB_AP_ERR_METHOD (48), KRB_AP_ERR_BADSEQ (49), KRB_AP_ERR_INAPP_CKSUM (50), KRB_AP_PATH_NOT_ACCEPTED (51), KRB_ERR_RESPONSE_TOO_BIG (52), KRB_ERR_GENERIC (60), KRB_ERR_FIELD_TOOLONG (61), KDC_ERR_CLIENT_NOT_TRUSTED (62), KDC_ERR_KDC_NOT_TRUSTED (63), KDC_ERR_INVALID_SIG (64), KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED (65), KDC_ERR_CERTIFICATE_MISMATCH (66), KRB_AP_ERR_NO_TGT (67), KDC_ERR_WRONG_REALM (68), KRB_AP_ERR_USER_TO_USER_REQUIRED (69), KDC_ERR_CANT_VERIFY_CERTIFICATE (70), KDC_ERR_INVALID_CERTIFICATE (71), KDC_ERR_REVOKED_CERTIFICATE (72), KDC_ERR_REVOCATION_STATUS_UNKNOWN (73), KDC_ERR_REVOCATION_STATUS_UNAVAILABLE (74), KDC_ERR_CLIENT_NAME_MISMATCH (75), KDC_ERR_KDC_NAME_MISMATCH (76), KDC_ERR_INCONSISTENT_KEY_PURPOSE (77), KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED (78), KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED (79), KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED (80), KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED (81). |
| KerberosErrorText | string | Kerberos error text description. |
| KerberosMsgType | string | Kerberos message type number (AS/TGS). Possible values: 10 (AS_REQ), 11 (AS_REP), 12 (TGS_REQ), 13 (TGS_REP). |
| KerberosNonce | int | Random number for request/reply matching. |
| NetworkProtocol | string | The network protocol, IPv6 or IPv4. |
| OnPremAccount | string | Client principal name requesting the ticket. |
| OriginHeader | string | The origin header value. |
| PolicyId | string | The ID of the policy for which the request was denied by its rule. |
| PolicyName | string | The name of the filtering policy associated with the action performed on traffic. |
| PolicyRuleId | string | The ID of the rule for which the request was denied by. |
| ProcessingRegion | string | Region where the request was processed by the backend service. |
| Realm | string | Kerberos realm of the target service. |
| ReceivedBytes | long | The number of bytes received. |
| ReferrerHeader | string | The Referer header value. |
| RemoteNetworkId | string | The ID from which traffic was sent or received, providing visibility into the origin of the traffic. |
| ResourceTenantId | string | Tenant ID that owns the resource. |
| ResponseCode | int | The response code returned from the server. |
| RuleName | string | The name of the rule associated with the action performed on traffic. |
| SentBytes | long | The number of bytes sent. |
| ServicePrincipalName | string | Target service the client is trying to access. |
| SessionId | string | Unique identifier representing the session. |
| SourceIp | string | The IP address from which the connection or session originated. |
| SourcePort | int | The IP port from which the connection originated. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| ThreatType | string | The identified threat type associated with the traffic. |
| TimeGenerated | datetime | The date and time (UTC) that the event was generated. |
| TlsAction | string | The TLS action taken on the traffic. |
| TlsPolicyId | string | The unique token identifier of the TLS policy applied to the traffic. |
| TlsPolicyName | string | The name for the TLS policy applied to the traffic. |
| TlsRuleId | string | The unique identifier of the TLS rule applied to the traffic. |
| TlsRuleName | string | The name of the TLS rule applied to the traffic. |
| TlsStatus | string | The status of the Tls option. |
| Token3PExpiry | datetime | The expiry date of the access token used to access the private access application. |
| Token3PIssuedAt | datetime | The issued date of the access token used to access the private access application. |
| Token3PUniqueId | string | The unique token identifier of the access token used to access the private access application. |
| Token3PValidFrom | datetime | The validity date of the access token used to access the private access application. |
| TrafficType | string | The type of the target destination traffic. |
| TransactionId | string | Unique identifier that representing a roundtrip of request response. |
| TransportProtocol | string | The IP protocol used by the connection or session as listed in IANA protocol assignment. |
| Type | string | The name of the table |
| UniqueTokenId | string | The unique token identifier. |
| UserId | string | A machine-readable, alphanumeric, unique representation of the source user. |
| UserPrincipalName | string | The source username, including domain information when available. |
| VendorNames | string | The name of the vendors who detected the threat. |
| XForwardedFor | string | X-Forwarded-For header of the HTTP request. |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Microsoft Entra ID |
In solution Global Secure Access:
In solution Global Secure Access:
| Workbook | Selection Criteria |
|---|---|
| GSAM365EnrichedEvents | |
| GSANetworkTraffic |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊