Microsoft XDR table schema #
This site documents all table schema in Microsoft XDR and Sentinel and documents changes to the schema. All data is sourced from the official Microsoft XDR page and contains only publicly available information. The schema is subject to change and the information here may not be up to date.
Caution: The data presented here might be incomplete or incorrect. This stems from the fact that not all XDR features are enabled in the tenant used to generate this documentation.
Latest changes #
The following changes have been made to the schema:
| Date | Table | Action |
|---|---|---|
| 2024-10-19 | AzureMetrics | Table added to tracking |
| 2024-10-19 | AZKVAuditLogs | Table added to tracking |
| 2024-10-19 | AzureDiagnostics | Table added to tracking |
| 2024-10-19 | AZKVPolicyEvaluationDetailsLogs | Table added to tracking |
| 2024-10-18 | LinuxAuditLog | Table added to tracking |
| 2024-10-18 | HuntingBookmark | Table added to tracking |
| 2024-10-18 | GoogleCloudSCC | Table added to tracking |
| 2024-10-18 | GCPAuditLogs | Table added to tracking |
| 2024-10-18 | Dynamics365Activity | Table added to tracking |
| 2024-10-18 | DynamicSummary | Table added to tracking |
| 2024-10-18 | DnsInventory | Table added to tracking |
| 2024-10-18 | DnsEvents | Table added to tracking |
| 2024-10-18 | DnsAuditEvents | Table added to tracking |
| 2024-10-18 | DataverseActivity | Table added to tracking |
| 2024-10-18 | McasShadowItReporting | Table added to tracking |
| 2024-10-18 | ConfidentialWatchlist | Table added to tracking |
| 2024-10-18 | CommonSecurityLog | Table added to tracking |
| 2024-10-18 | BehaviorAnalytics | Table added to tracking |
| 2024-10-18 | AzureActivity | Table added to tracking |
| 2024-10-18 | AuditLogs | Table added to tracking |
| 2024-10-18 | AppCenterError | Table added to tracking |
| 2024-10-18 | Anomalies | Table added to tracking |
| 2024-10-18 | Alert | Table added to tracking |
| 2024-10-18 | AWSWAF | Table added to tracking |
| 2024-10-18 | AWSVPCFlow | Table added to tracking |
| 2024-10-18 | AWSGuardDuty | Table added to tracking |
| 2024-10-18 | ComputerGroup | Table added to tracking |
| 2024-10-18 | WindowsEvent | Table added to tracking |
| 2024-10-18 | MicrosoftGraphActivityLogs | Table added to tracking |
| 2024-10-18 | NetworkSessions | Table added to tracking |
| 2024-10-18 | Watchlist | Table added to tracking |
| 2024-10-18 | UserPeerAnalytics | Table added to tracking |
| 2024-10-18 | UserAccessAnalytics | Table added to tracking |
| 2024-10-18 | Usage | Table added to tracking |
| 2024-10-18 | ThreatIntelligenceIndicator | Table added to tracking |
| 2024-10-18 | ThreatIntelObjects | Table added to tracking |
| 2024-10-18 | ThreatIntelIndicators | Table added to tracking |
| 2024-10-18 | SigninLogs | Table added to tracking |
| 2024-10-18 | SentinelHealth | Table added to tracking |
| 2024-10-18 | SentinelAudit | Table added to tracking |
| 2024-10-18 | SecurityIncident | Table added to tracking |
| 2024-10-18 | SecurityEvent | Table added to tracking |
| 2024-10-18 | ProjectActivity | Table added to tracking |
| 2024-10-18 | PowerPlatformDlpActivity | Table added to tracking |
| 2024-10-18 | PowerPlatformConnectorActivity | Table added to tracking |
| 2024-10-18 | PowerPlatformAdminActivity | Table added to tracking |
| 2024-10-18 | PowerBIActivity | Table added to tracking |
| 2024-10-18 | PowerAutomateActivity | Table added to tracking |
| 2024-10-18 | PowerAppsActivity | Table added to tracking |
| 2024-10-18 | Operation | Table added to tracking |
This list is limited to the latest 50 changes.