| AccountDomain |
Domain of the account |
String |
| AccountName |
User name of the account |
String |
| AccountObjectId |
Unique identifier for the account in Microsoft Entra ID |
String |
| AccountSid |
Security Identifier (SID) of the account |
String |
| AccountUpn |
User principal name (UPN) of the account |
String |
| AdditionalFields |
Additional information about the entity or event |
String |
| AlertId |
Unique identifier for the alert |
String |
| Application |
Application that performed the recorded action |
String |
| ApplicationId |
Unique identifier for the application |
Int32 |
| AttackTechniques |
MITRE ATT&CK techniques associated with the activity that triggered the alert |
String |
| Categories |
List of categories that the information belongs to, in JSON array format |
String |
| CloudPlatform |
The cloud platform that the resource belongs to, can be Azure, Amazon Web Services, or Google Cloud Platform |
String |
| CloudResource |
Cloud resource name |
String |
| DetectionSource |
Detection technology or sensor that identified the notable component or activity |
String |
| DeviceId |
Unique identifier for the device in the service |
String |
| DeviceName |
Fully qualified domain name (FQDN) of the device |
String |
| EmailSubject |
Subject of the email |
String |
| EntityType |
Type of object, such as a file, a process, a device, or a user |
String |
| EvidenceDirection |
Indicates whether the entity is the source or the destination of a network connection |
String |
| EvidenceRole |
How the entity is involved in an alert, indicating whether it is impacted or is merely related |
String |
| FileName |
Name of the file that the recorded action was applied to |
String |
| FileSize |
Size of the file in bytes |
Int64 |
| FolderPath |
Folder containing the file that the recorded action was applied to |
String |
| LocalIP |
IP address assigned to the local machine used during communication |
String |
| MachineGroup |
|
String |
| NetworkMessageId |
Unique identifier for the email, generated by Office 365 |
String |
| OAuthApplicationId |
Unique identifier of the third-party OAuth application |
String |
| ProcessCommandLine |
Command line used to create the new process |
String |
| RegistryKey |
Registry key that the recorded action was applied to |
String |
| RegistryValueData |
Data of the registry value that the recorded action was applied to |
String |
| RegistryValueName |
Name of the registry value that the recorded action was applied to |
String |
| RemoteIP |
IP address that was being connected to |
String |
| RemoteUrl |
URL or fully qualified domain name (FQDN) that was being connected to |
String |
| ResourceID |
Unique identifier of the cloud resource accessed |
String |
| ResourceType |
Type of cloud resource |
String |
| ServiceSource |
Product or service that provided the alert information |
String |
| Severity |
Indicates the potential impact (high, medium, or low) of the threat indicator or breach activity identified by the alert |
String |
| SHA1 |
SHA-1 hash of the file that the recorded action was applied to |
String |
| SHA256 |
SHA-256 of the file that the recorded action was applied to |
String |
| SourceSystem |
|
String |
| SubscriptionId |
Unique identifier of the cloud service subscription |
String |
| TenantId |
|
String |
| ThreatFamily |
Malware family that the suspicious or malicious file or process has been classified under |
String |
| TimeGenerated |
|
DateTime |
| Timestamp |
Date and time when the record was generated |
DateTime |
| Title |
Title of the alert |
String |
| Type |
|
String |