| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| Action |
Action taken on the entity |
String |
| ActionResult |
Result of the action |
String |
| ActionTrigger |
Indicates whether an action was triggered by an administrator (manually or through approval of a pending automated action), or by some special mechanism, such as a ZAP or String Delivery |
String |
| ActionType |
Type of activity that triggered the event |
String |
| DeliveryLocation |
Delivered email location: Inbox/Folder, On-premises/External, Junk, Quarantine, Failed, Dropped, Deleted items |
String |
| DetectionMethods |
Methods used to detect malware, phishing, or other threats found in the email |
String |
| InternetMessageId |
Public-facing identifier for the email that is set by the sending email system |
String |
| NetworkMessageId |
Email unique identifier generated by Office 365 |
String |
| RecipientEmailAddress |
Recipient email address or email address of the recipient after distribution list expansion |
String |
| ReportId |
Unique identifier for the event |
String |
| SourceSystem |
|
String |
| TenantId |
|
String |
| ThreatTypes |
Verdict from the email filtering stack on whether the email contains malware, phishing, or other threats |
String |
| TimeGenerated |
Date and time (UTC) when the record was generated |
DateTime |
| Timestamp |
Date and time when the record was generated |
DateTime |
| Type |
The name of the table |
String |