| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| AdditionalData |
Additional data on the incident |
Object |
| AlertIds |
The IDs of the alerts related to the incident |
Object |
| BookmarkIds |
The IDs of the bookmarks related to the incident |
Object |
| Classification |
The classification the incident was given when closed |
String |
| ClassificationComment |
Description of the reason the incident was closed |
String |
| ClassificationReason |
The classification reason the incident was given when closed |
String |
| ClosedTime |
Timestamp (UTC) of when the incident was last closed |
DateTime |
| Comments |
The comments added to the incident |
Object |
| CreatedTime |
Timestamp (UTC) of when the incident was created |
DateTime |
| Description |
The description of the incident |
String |
| FirstActivityTime |
Timestamp (UTC) of when the first activity in the incident occured |
DateTime |
| FirstModifiedTime |
Timestamp (UTC) of when the incident was first modified |
DateTime |
| IncidentName |
The resource name of the incident |
String |
| IncidentNumber |
The sequential number of the incident |
Int32 |
| IncidentUrl |
The URI to open the incident in Azure Sentinel portal |
String |
| Labels |
The labels added to the incident |
Object |
| LastActivityTime |
Timestamp (UTC) of when the last activity in the incident occured |
DateTime |
| LastModifiedTime |
Timestamp (UTC) of when the incident was last modified |
DateTime |
| ModifiedBy |
The source of the change in the incident |
String |
| Owner |
The user the incident is assigned to |
Object |
| ProviderIncidentId |
The incident ID assigned by the incident provider |
String |
| ProviderName |
The name of the source provider that generated the incident |
String |
| RelatedAnalyticRuleIds |
The IDs of the Analytic rules associated with the incident |
Object |
| Severity |
The severity of the incident |
String |
| SourceSystem |
|
String |
| Status |
The status of the incident |
String |
| Tasks |
The tasks added to the incident |
Object |
| TenantId |
|
String |
| TimeGenerated |
Timestamp (UTC) of when the incident was ingested |
DateTime |
| Title |
The title of the incident |
String |
| Type |
The name of the table |
String |