Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for Operation table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Azure Monitor |
| Basic Logs Eligible | ✗ No |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| Computer | string | Name of a physical or virtual machine having membership with Log Analytics agent. |
| CorrelationId | string | GUID that is shared with telemetry belonging to the same uber action. |
| Detail | string | User friendly string that describes further details about the operation |
| ErrorId | string | Deprecated. |
| HelpLink | string | Reference URL for additional contextual information. |
| ManagementGroupName | string | Name of the Operations Manager management group for System Center Operations Manager agents. |
| OperationCategory | string | Name of the area that produced the record. |
| OperationKey | string | Operation ID. Can be a GUID or string. |
| OperationStatus | string | Operation status description. Ccommon values include Warning Succeeded Failed Error. |
| Solution | string | Name of the managed solution that produced the record. Can also include other sources such as RestAPI. |
| SourceComputerId | string | Unique GUID identifier for a computer. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TimeGenerated | datetime | Date and time that the record was created. |
| Type | string | The name of the table |
This table is used by the following solutions:
Standalone Content:
| Analytic Rule | Selection Criteria |
|---|---|
| Anomalous login followed by Teams action |
Standalone Content:
| Hunting Query | Selection Criteria |
|---|---|
| Permutations on logon attempts by UserPrincipalNames indicating potential brute force | |
| User Granted Access and created resources |
In solution Azure SQL Database solution for sentinel:
| Workbook | Selection Criteria |
|---|---|
| Workbook-AzureSQLSecurity |
In solution DPDP Compliance:
| Workbook | Selection Criteria |
|---|---|
| DPDPCompliance |
In solution GDPR Compliance & Data Security:
| Workbook | Selection Criteria |
|---|---|
| GDPRComplianceAndDataSecurity |
In solution Global Secure Access:
| Workbook | Selection Criteria |
|---|---|
| GSAM365EnrichedEvents |
In solution MaturityModelForEventLogManagementM2131:
| Workbook | Selection Criteria |
|---|---|
| MaturityModelForEventLogManagement_M2131 |
In solution Microsoft 365:
| Workbook | Selection Criteria |
|---|---|
| ExchangeOnline | |
| Office365 | |
| SharePointAndOneDrive |
In solution MicrosoftPurviewInsiderRiskManagement:
| Workbook | Selection Criteria |
|---|---|
| InsiderRiskManagement | |
| InsiderRiskManagement |
In solution NISTSP80053:
| Workbook | Selection Criteria |
|---|---|
| NISTSP80053 |
In solution SOC Handbook:
| Workbook | Selection Criteria |
|---|---|
| InvestigationInsights |
In solution SOX IT Compliance:
| Workbook | Selection Criteria |
|---|---|
| SOXITCompliance |
In solution ZeroTrust(TIC3.0):
| Workbook | Selection Criteria |
|---|---|
| ZeroTrustTIC3 |
GitHub Only:
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊