| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| ActivityInsights |
Insights about the activites corresponding to the generated anomaly as JSON. |
Object |
| AnomalyDetails |
JSON object containing general information about the rule and algorithm that generated the anomaly as well as explanations for the anomaly. |
Object |
| AnomalyReasons |
The detailed explanation of the generated anomaly as JSON. |
Object |
| AnomalyTemplateId |
The ID of the Anomaly template that generated this anomaly. |
String |
| AnomalyTemplateName |
The name of the Anomaly template that generated this anomaly. |
String |
| AnomalyTemplateVersion |
The version of the Anomaly template that generated this anomaly. |
String |
| Description |
The description of the anomaly. |
String |
| DestinationDevice |
The destination device for which the anomaly was generated. |
String |
| DestinationIpAddress |
The destination ip address for which the anomaly was generated. |
String |
| DestinationLocation |
Info about the destination location for which the anomaly was generated as JSON. |
Object |
| DeviceInsights |
Insights about the devices corresponding to the generated anomaly as JSON. |
Object |
| EndTime |
The time (UTC) when the anomaly ended. |
DateTime |
| Entities |
JSON object containing all entities involved in the generated anomaly. |
Object |
| ExtendedLinks |
List of links pointing to the data that generated the anomaly. |
Object |
| ExtendedProperties |
JSON object with additional data on the anomaly as key-value pairs. |
Object |
| Id |
The ID of the generated anomaly. |
String |
| RuleConfigVersion |
The configuration version of the Anomaly analytics rule that generated this anomaly. |
String |
| RuleId |
The ID of the Anomaly analytics rule that generated this anomaly. |
String |
| RuleName |
The name of the Anomaly analytics rule that generated this anomaly. |
String |
| RuleStatus |
The status (Flighting/Production) of the Anomaly analytics rule that generated this anomaly. |
String |
| Score |
The score of the anomaly. |
Double |
| SourceDevice |
The source device for which the anomaly was generated. |
String |
| SourceIpAddress |
The source ip address for which the anomaly was generated. |
String |
| SourceLocation |
Info about the source location for which the anomaly was generated as JSON. |
Object |
| SourceSystem |
|
String |
| StartTime |
The time (UTC) when the anomaly started. |
DateTime |
| Tactics |
List of MITRE ATT&CK tactics (strings) corresponding to the anomaly. |
String |
| Techniques |
List MITRE ATT&CK techniques (strings) corresponding to the anomaly. |
String |
| TenantId |
|
String |
| TimeGenerated |
The timestamp (UTC) of when the anomaly was generated. |
DateTime |
| Type |
The name of the table |
String |
| UserInsights |
Insights about the users corresponding to the generated anomaly as JSON. |
Object |
| UserName |
The username for which the anomaly was generated. |
String |
| UserPrincipalName |
The UPN of the user for which the anomaly was generated. |
String |
| VendorName |
The name of the vendor that generated this anomaly. |
String |
| WorkspaceId |
The ID of the Sentinel workspace. |
String |