| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| _ResourceId |
A unique identifier for the resource that the record is associated with |
String |
| _SubscriptionId |
A unique identifier for the subscription that the record is associated with |
String |
| AggregatedSecurityAlertRuleIds |
IDs assigned to the aggregated security data sharing rules by Sentinel. |
String |
| AggregatedSecurityAlertRuleNames |
The names of the aggregated security data sharing rules. |
String |
| AlertName |
The name of the alert. |
String |
| AlertSeverity |
The sevirity of the alert. |
String |
| AlertType |
The type name of the alert. |
String |
| CompromisedEntity |
Display name of the main entity being reported on. |
String |
| ConfidenceLevel |
The level of confidence that the alert is not a false-positive. |
String |
| ConfidenceScore |
The level of confidence that the alert is not a false-positive. This property allows for more fined grained representation, represented by a number between 0 and 1 (inclusive). |
Double |
| Description |
The description of the alert. |
String |
| DisplayName |
The name of the alert. |
String |
| EndTime |
The end time of the impact of the alert. |
DateTime |
| Entities |
A list of entities related to the alert. This list can hold a mixture of entities of different types. |
String |
| ExtendedLinks |
A set of link objects the can provide additional data on the alert. |
String |
| ExtendedProperties |
Additional data about the alert. |
String |
| PartnerDisplayName |
Name of the partner who sent the alert. |
String |
| PartnerId |
An ID assigned to the partner who sent the alert. |
String |
| PartnerMetadata |
Metadata about the partner who sent the alert. |
String |
| ProcessingEndTime |
The time the alert was received for processing. |
DateTime |
| ProductComponentName |
The name of a component inside the product which generated the alert. |
String |
| ProductName |
The name of the product that generated the alert. |
String |
| ProviderName |
The name of the provider that generated the alert. |
String |
| RemediationSteps |
Action items to take to remediate the alert. |
String |
| SourceSystem |
The Log Analytics source system. Will always be ‘Detection’. |
String |
| StartTime |
The start time of the impact of the alert. |
DateTime |
| Status |
The lifecycle status of the alert (new, in progress, closed). |
String |
| SubTechniques |
A list of adversary MITRE ATT&CK sub techniques involved in this security issue. |
String |
| SystemAlertId |
An ID assigned to the alert by Sentinel. |
String |
| Tactics |
A list of adversary MITRE ATT&CK tactics involved in this security issue. |
String |
| Techniques |
A list of adversary MITRE ATT&CK techniques involved in this security issue. |
String |
| TenantId |
Unique identifier of the tenant into which the data connector ingests data. |
String |
| TimeGenerated |
The timestamp (UTC) of when the alert was generated. |
DateTime |
| Type |
The name of the table |
String |
| VendorName |
The name of the vendor owning the provider that generated the alert. |
String |
| VendorOriginalId |
An ID assigned to the alert by the vendor, to help track down the alert in the original system. |
String |