SentinelAudit

SentinelAudit Schema #

Table description #

TableSection	TableType	TableSectionName	Description
Usx	Regular	Microsoft Sentinel	Audit logs for operations performed on Azure Sentinel resources, such as Data Connectors, Analytic Rules and more. These logs can be used to audit operations on your Sentinel resources.

Table retention #

HotDays	ColdDays	TotalInteractiveDays
14	76	90

Schema #

Name	Description	Type
_BilledSize		Double
_IsBillable		String
CorrelationId	A unique record identifier.	String
Description	The operation description.	String
ExtendedProperties	Additional information based on the resource type.	Object
OperationName	The name of the operation that triggered the event.	String
SentinelResourceId	The Sentinel resource ID.	String
SentinelResourceKind	The resource kind, for example: connector kind (such as Office365, AmazonWebServicesCloudTrail), alert rule kind (scheduld).	String
SentinelResourceName	The Sentinel resource name.	String
SentinelResourceType	The resource type, for example: DataConnector, AlertRule, etc.	String
SourceSystem		String
Status	Status of the operation, for example: Success, Failure, Warning, Informational, Partial Success.	String
TenantId		String
TimeGenerated	The timestamp (UTC) of when the event was generated.	DateTime
Type	The name of the table	String
WorkspaceId	The workspace ID.	String

Schema changes #

Date	Action
2024-10-18	Table added to tracking