| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| AlertLink |
|
String |
| AlertName |
|
String |
| AlertSeverity |
|
String |
| AlertType |
|
String |
| CompromisedEntity |
|
String |
| ConfidenceLevel |
List of confidence levels of any spam or phishing verdicts. For spam, this column shows the spam confidence level (SCL), indicating if the email was skipped (-1), found to be not spam (0,1), found to be spam with moderate confidence (5,6), or found to be spam with high confidence (9). For phishing, this column displays whether the confidence level is “High” or “Low”. |
String |
| ConfidenceScore |
|
Double |
| Description |
Description of the information gathered |
String |
| DisplayName |
Name of the account user displayed in the address book. Typically a combination of a given or first name, a middle initial, and a last name or surname. |
String |
| EndTime |
Date and time of the last activity related to the behavior |
DateTime |
| Entities |
|
String |
| ExtendedLinks |
|
String |
| ExtendedProperties |
|
String |
| IsIncident |
|
Boolean |
| ProcessingEndTime |
|
DateTime |
| ProductComponentName |
|
String |
| ProductName |
|
String |
| ProviderName |
|
String |
| RemediationSteps |
|
String |
| ResourceId |
Unique identifier of the resource accessed |
String |
| SourceComputerId |
The source computer ID of the activity |
String |
| StartTime |
Date and time of the first activity related to the behavior |
DateTime |
| Status |
Indicator of the profile status - can be Enabled or Disabled |
String |
| SubTechniques |
|
String |
| SystemAlertId |
|
String |
| Tactics |
|
String |
| Techniques |
|
String |
| TimeGenerated |
|
DateTime |
| Type |
The name of the table |
String |
| VendorName |
|
String |
| VendorOriginalId |
|
String |
| WorkspaceResourceGroup |
|
String |
| WorkspaceSubscriptionId |
|
String |