| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| _ResourceId |
A unique identifier for the resource that the record is associated with |
String |
| _SubscriptionId |
A unique identifier for the subscription that the record is associated with |
String |
| AccountDomain |
Domain of the account. |
String |
| AccountName |
User name of the account. |
String |
| AccountObjectId |
Unique identifier for the account in Microsoft Entra ID. |
String |
| AccountSid |
Security Identifier (SID) of the account. |
String |
| AccountUpn |
User principal name (UPN) of the account. |
String |
| ActionType |
Type of behavior. |
String |
| AdditionalFields |
Additional information about the entity or event. |
String |
| Application |
Application that performed the recorded action. |
String |
| ApplicationId |
Unique identifier for the application. |
String |
| BehaviorId |
Unique identifier for the behavior. |
String |
| Categories |
Type of threat indicator or breach activity identified by the behavior. |
String |
| CloudPlatform |
The cloud platform that the resource belongs to, can be Azure, Amazon Web Services, or Google Cloud Platform. |
String |
| CloudResource |
Cloud resource name. |
String |
| CloudResourceId |
Unique identifier of the cloud resource accessed. |
String |
| CloudResourceType |
Type of cloud resource. |
String |
| CloudSubscriptionId |
Unique identifier of the cloud service subscription. |
String |
| DataSources |
Products or services that provided information for the behavior. |
String |
| DetailedEntityRole |
The role of the entity in the behavior. |
String |
| DetectionSource |
Detection technology or sensor that identified the notable component or activity. |
String |
| DeviceId |
Unique identifier for the device in the service. |
String |
| DeviceName |
Fully qualified domain name (FQDN) of the device. |
String |
| EmailClusterId |
Identifier for the group of similar emails clustered based on heuristic analysis of their contents. |
String |
| EmailSubject |
Subject of the email. |
String |
| EntityRole |
Indicates whether the entity is impacted or merely related. |
String |
| EntityType |
Type of object, such as a file, a process, a device, or a user. |
String |
| FileName |
Name of the file that the behavior applies to. |
String |
| FileSize |
Size, in bytes, of the file that the behavior applies to. |
Int64 |
| FolderPath |
Folder containing the file that the behavior applies to. |
String |
| LocalIP |
IP address assigned to the local machine used during communication. |
String |
| NetworkMessageId |
Unique identifier for the email in UUID format, generated by Office 365. |
String |
| OAuthApplicationId |
Unique identifier of the third-party OAuth application in UUID format. |
String |
| ProcessCommandLine |
Command line used to create the new process. |
String |
| RegistryKey |
Registry key that the recorded action was applied to. |
String |
| RegistryValueData |
Data of the registry value that the recorded action was applied to. |
String |
| RegistryValueName |
Name of the registry value that the recorded action was applied to. |
String |
| RemoteIP |
IP address that was being connected to. |
String |
| RemoteUrl |
URL or fully qualified domain name (FQDN) that was being connected to. |
String |
| ServiceSource |
Product or service that identified the behavior. |
String |
| SHA1 |
SHA-256 of the file that the behavior applies to. |
String |
| SHA256 |
SHA-256 of the file. Empty unless EntityType is “File” or “Process”. |
String |
| SourceSystem |
|
String |
| TenantId |
Unique identifier of the tenant into which the data connector ingests data. |
String |
| ThreatFamily |
Malware family that the suspicious or malicious file or process has been classified under. |
String |
| TimeGenerated |
Date and time when the record was generated. |
DateTime |
| Type |
The name of the table |
String |