| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| AzureTenantId |
The AAD tenant ID to which this DynamicSummary table belongs. |
String |
| CreatedBy |
The JSON object with the user who created summary, including: object ID, email and name. |
Object |
| CreatedTimeUTC |
The time (UTC) when the summary was created. |
DateTime |
| EventTimeUTC |
The time (UTC) when the summary item occurred originally. |
DateTime |
| ObservableType |
Observables are stateful events ot properties that are related to the operation of computing system, which are helpful in identifying indicators of compromise. For example, login. |
String |
| ObservableValue |
Value for observable type, such as: anomalous RDP activity. |
String |
| PackedContent |
The JSON object has packed columns which can be generated by using KQL pack_all(). |
Object |
| Query |
This is the query that was used to generate the result. |
String |
| QueryEndDate |
Events that occurred before this datetime will be included in the result. |
DateTime |
| QueryStartDate |
Events that occurred after this datetime will be included in the result. |
DateTime |
| RelationId |
The original data source ID |
String |
| RelationName |
The original data source name. |
String |
| SearchKey |
SearchKey is used to optimize query performance when using DynamicSummary for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field to join in other event tables by IP address. |
String |
| SourceInfo |
The JSON object with the data producer info, including source, name, version. |
Object |
| SourceSystem |
|
String |
| SummaryDataType |
This flag is used to tell if the record is either a summary level or a summary item level record. |
String |
| SummaryDescription |
The description provided by user. |
String |
| SummaryId |
Summary unique ID. |
String |
| SummaryItemId |
Summary item unique ID. |
String |
| SummaryName |
The Summary display name, unique within workspace. |
String |
| SummaryStatus |
Active or deleted. |
String |
| Tactics |
MITRE ATT&CK tactics are what attackers are trying to achieve. For example, exfiltration. |
Object |
| Techniques |
MITRE ATT&CK techniques are how those tactics are accomplished. |
Object |
| TenantId |
|
String |
| TimeGenerated |
The timestamp (UTC) of when the event was ingested to Azure Monitor. |
DateTime |
| Type |
The name of the table |
String |
| UpdatedBy |
The JSON object with the user who updated summary, including: object ID, email and name. |
Object |
| UpdatedTimeUTC |
The time (UTC) when the summary was updated. |
DateTime |