LinuxAuditLog Schema #

Table description #

TableSection	TableType	TableSectionName	Description
Usx	Regular	Microsoft Sentinel

HotDays	ColdDays	TotalInteractiveDays
14	76	90

Name	Description	Type
_BilledSize		Double
_IsBillable		String
_ResourceId	A unique identifier for the resource that the record is associated with	String
_SubscriptionId	A unique identifier for the subscription that the record is associated with	String
a0		String
a1		String
a2		String
a3		String
a4		String
a5		String
a6		String
a7		String
a8		String
a9		String
acct		String
addr		String
arch		String
argc		Int64
audit_user		String
AuditID		String
auid		Int64
cmd		String
comm		String
Computer		String
ComputerEnvironment		String
cwd		String
data		String
effective_group		String
effective_user		String
egid		Int64
euid		Int64
exe		String
exit		String
ExternalAgentIp		String
family		String
filetype		String
gid		Int64
group		String
hostname		String
icmptype		String
key		String
ManagementGroup		String
ManagementGroupName		String
name		String
node		String
op		String
path		String
pid		Int64
ppid		Int64
RawRecord		String
RecordType		String
res		String
ResourceId	Unique identifier of the resource accessed	String
result		String
SerialNumber	Unique identifier for the certificate within a certificate authority’s systems	String
ses		Int64
SourceComputerId	The source computer ID of the activity	String
success		String
syscall		String
terminal		String
TimeGenerated		DateTime
TimeUploaded		DateTime
tty		String
Type	The name of the table	String
uid		Int64
user		String
vm		String

Date	Action
2024-10-18	Table added to tracking