Field in | Field in source table | Field transformation | Data type | Extra Field |
|---|
eventdate | eventdate | | timestamp | |
hostname | hostname | | str | |
type | - | | Code Block |
|---|
"powerplatformadmin" |
| str | |
Id | Id | | str | |
Workload | Workload | | str | |
StatusTime | StatusTime | | str | |
FeatureStatus | FeatureStatus | | str | |
Status | Status | | str | |
StatusDisplayName | StatusDisplayName | | str | |
IncidentIds | IncidentIds | | str | |
WorkloadDisplayName | WorkloadDisplayName | | str | |
UserType | UserType | | int4 | |
timestamp | timestamp | | timestamp | |
Operation | Operation | | str | |
Version | Version | | int4 | |
LogonType | LogonType | | int4 | |
MailboxOwnerSid | MailboxOwnerSid | | str | |
ExternalAccess | ExternalAccess | | bool | |
OrganizationName | OrganizationName | | str | |
SessionId | SessionId | | str | |
ClientAddress | ClientAddress | | str | |
ClientIPAddress | ClientIPAddress | | str | |
ClientProcessName | ClientProcessName | | str | |
ResultStatus | ResultStatus | | str | |
UserId | UserId | | str | |
LogonUserSid | LogonUserSid | | str | |
InternalLogonType | InternalLogonType | | int4 | |
OriginatingServer | OriginatingServer | | str | |
UserKey | UserKey | | str | |
MailboxGuid | MailboxGuid | | str | |
OrganizationId | OrganizationId | | str | |
RecordType | RecordType | | int4 | |
ClientInfoString | ClientInfoString | | str | |
MailboxOwnerUPN | MailboxOwnerUPN | | str | |
CrossMailboxOperation | CrossMailboxOperation | | bool | |
AffectedItems | AffectedItems | | str | |
Folder_Id | Folder_Id | | str | |
Folder_Path | Folder_Path | | str | |
FoldersItemsStr | FoldersItemsStr | | str | |
ForwardTo | ForwardTo | | str | |
Parameters_Raw | Parameters_Raw | | str | |
Item_Subject | Item_Subject | | str | |
Item_Attachments | Item_Attachments | | str | |
Item_ParentFolder_Id | Item_ParentFolder_Id | | str | |
Item_ParentFolder_Path | Item_ParentFolder_Path | | str | |
ModifiedProperties | ModifiedProperties | | str | |
SendOnBehalfOfUserSmtp | SendOnBehalfOfUserSmtp | | str | |
SendAsUserSmtp | SendAsUserSmtp | | str | |
PolicyDetails | PolicyDetails | | str | |
PolicyDetails_PolicyName_str | PolicyDetails_PolicyName_str | | str | |
PolicyDetails_PolicyId_str | PolicyDetails_PolicyId_str | | str | |
PolicyDetails_location_str | PolicyDetails_location_str | | str | |
PolicyDetails_RuleMode_str | PolicyDetails_RuleMode_str | | str | |
PolicyDetails_RuleName_str | PolicyDetails_RuleName_str | | str | |
PolicyDetails_RuleId_str | PolicyDetails_RuleId_str | | str | |
PolicyDetails_Severity_str | PolicyDetails_Severity_str | | str | |
PolicyDetails_ManagementRuleId_str | PolicyDetails_ManagementRuleId_str | | str | |
Unique_PolicyDetails_location_str | Unique_PolicyDetails_location_str | | str | |
PolicyDetails_confidence_str | PolicyDetails_confidence_str | | str | |
PolicyDetails_count_str | PolicyDetails_count_str | | str | |
PolicyDetails_sensitiveType_str | PolicyDetails_sensitiveType_str | | str | |
PolicyDetails_uniqueCount_str | PolicyDetails_uniqueCount_str | | str | |
PolicyDetails_ConditionsMatched_Name_str | PolicyDetails_ConditionsMatched_Name_str | | str | |
PolicyDetails_ConditionsMatched_Value_str | PolicyDetails_ConditionsMatched_Value_str | | str | |
PolicyDetails_ConditionMatchedInNewScheme_str | PolicyDetails_ConditionMatchedInNewScheme_str | | str | |
ExchangeMetaData_BCC | ExchangeMetaData_BCC | | str | |
ExchangeMetaData_MessageID | ExchangeMetaData_MessageID | | str | |
ExchangeMetaData_From | ExchangeMetaData_From | | str | |
ExchangeMetaData_CC | ExchangeMetaData_CC | | str | |
ExchangeMetaData_Sent | ExchangeMetaData_Sent | | str | |
ExchangeMetaData_Subject | ExchangeMetaData_Subject | | str | |
ExchangeMetaData_RecipientCount | ExchangeMetaData_RecipientCount | | int4 | |
ExchangeMetaData_To | ExchangeMetaData_To | | str | |
InterSystemsId | InterSystemsId | | str | |
TargetUserId | TargetUserId | | str | |
Actor_ID_str | Actor_ID_str | | str | |
Actor_Type_str | Actor_Type_str | | str | |
ActorContextId | ActorContextId | | str | |
YammerNetworkId | YammerNetworkId | | int4 | |
ActorUserId | ActorUserId | | str | |
ActorIpAddress | ActorIpAddress | | str | |
Client | Client | | str | |
ClientIP | ClientIP | | str | |
LogonError | LogonError | | str | |
ApplicationId | ApplicationId | | str | |
Target_ID_str | Target_ID_str | | str | |
Target_Type_str | Target_Type_str | | str | |
IntraSystemId | IntraSystemId | | str | |
ExtendedProperties_Name_str | ExtendedProperties_Name_str | | str | |
ExtendedProperties_Value_str | ExtendedProperties_Value_str | | str | |
ActorYammerUserId | ActorYammerUserId | | int8 | |
FileName | FileName | | str | |
TargetContextId | TargetContextId | | str | |
AzureActiveDirectoryEventType | AzureActiveDirectoryEventType | | int4 | |
VersionId | VersionId | | int8 | |
FileId | FileId | | int8 | |
PostIncidentDocumentUrl | PostIncidentDocumentUrl | | str | |
Severity | Severity | | str | |
Title | Title | | str | |
Comments | Comments | | str | |
AffectedWorkloadDisplayNames | AffectedWorkloadDisplayNames | | str | |
AlertEntityId | AlertEntityId | | str | |
Messages_MessageText_str | Messages_MessageText_str | | str | |
Messages_PublishedTime_str | Messages_PublishedTime_str | | str | |
ChannelGuid | ChannelGuid | | str | |
LogonUserDisplayName | LogonUserDisplayName | | str | |
RecipientUPN | RecipientUPN | | str | |
ApplicationDisplayName | ApplicationDisplayName | | str | |
MessageType | MessageType | | str | |
EventSource | EventSource | | str | |
DestinationRelativeUrl | DestinationRelativeUrl | | str | |
MachineId | MachineId | | str | |
WebId | WebId | | str | |
SendOnBehalfOfUserMailboxGuid | SendOnBehalfOfUserMailboxGuid | | str | |
ExtraProperties_Key_str | ExtraProperties_Key_str | | str | |
ExtraProperties_Value_str | ExtraProperties_Value_str | | str | |
SharingPermission | SharingPermission | | int4 | |
ObjectName | ObjectName | | str | |
SharingType | SharingType | | str | |
DataflowRefreshScheduleType | DataflowRefreshScheduleType | | str | |
TenantName | TenantName | | str | |
CustomUniqueId | CustomUniqueId | | bool | |
DatasetId | DatasetId | | str | |
SiteUrl | SiteUrl | | str | |
Parameters_Name_str | Parameters_Name_str | | str | |
Parameters_Value_str | Parameters_Value_str | | str | |
ImportType | ImportType | | str | |
ImportId | ImportId | | str | |
PolicyId | PolicyId | | str | |
ItemName | ItemName | | str | |
Datasets_DatasetId_str | Datasets_DatasetId_str | | str | |
Datasets_DatasetName_str | Datasets_DatasetName_str | | str | |
ImplicitShare | ImplicitShare | | str | |
ImportDisplayName | ImportDisplayName | | str | |
ItemType | ItemType | | str | |
WorkSpaceName | WorkSpaceName | | str | |
DestFolder_Path | DestFolder_Path | | str | |
DestFolder_Id | DestFolder_Id | | str | |
UniqueSharingId | UniqueSharingId | | str | |
TargetUserOrGroupName | TargetUserOrGroupName | | str | |
FlowConnectorNames | FlowConnectorNames | | str | |
FileSyncBytesCommitted | FileSyncBytesCommitted | | str | |
CorrelationId | CorrelationId | | str | |
Members_DisplayName_str | Members_DisplayName_str | | str | |
Members_UPN_str | Members_UPN_str | | str | |
Members_Role_str | Members_Role_str | | str | |
AddOnGuid | AddOnGuid | | str | |
DashboardName | DashboardName | | str | |
IsSuccess | IsSuccess | | bool | |
AlertId | AlertId | | str | |
ListTitle | ListTitle | | str | |
ReportType | ReportType | | str | |
AffectedWorkloadNames | AffectedWorkloadNames | | str | |
FlowDetailsUrl | FlowDetailsUrl | | str | |
TargetYammerUserId | TargetYammerUserId | | int8 | |
ImpactDescription | ImpactDescription | | str | |
BrowserName | BrowserName | | str | |
OperationProperties_Value_str | OperationProperties_Value_str | | str | |
OperationProperties_Name_str | OperationProperties_Name_str | | str | |
ReportId | ReportId | | str | |
DestMailboxOwnerSid | DestMailboxOwnerSid | | str | |
DestMailboxOwnerMasterAccountSid | DestMailboxOwnerMasterAccountSid | | str | |
AffectedUserCount | AffectedUserCount | | int4 | |
Category | Category | | str | |
MachineDomainInfo | MachineDomainInfo | | str | |
ListBaseType | ListBaseType | | str | |
DestMailboxId | DestMailboxId | | str | |
TabType | TabType | | str | |
Activity | Activity | | str | |
DestinationFileExtension | DestinationFileExtension | | str | |
UserUPN | UserUPN | | str | |
ListId | ListId | | str | |
SourceRelativeUrl | SourceRelativeUrl | | str | |
UserTypeInitiated | UserTypeInitiated | | int4 | |
EndTime | EndTime | | str | |
SendAsUserMailboxGuid | SendAsUserMailboxGuid | | str | |
ActionType | ActionType | | str | |
SourceFileExtension | SourceFileExtension | | str | |
DashboardId | DashboardId | | str | |
ClientApplicationId | ClientApplicationId | | str | |
DestMailboxOwnerUPN | DestMailboxOwnerUPN | | str | |
MailboxOwnerMasterAccountSid | MailboxOwnerMasterAccountSid | | str | |
SensitiveInfoDetectionIsIncluded | SensitiveInfoDetectionIsIncluded | | bool | |
Schedules_RefreshFrequency | Schedules_RefreshFrequency | | str | |
Schedules_Days_str | Schedules_Days_str | | str | |
Schedules_Time_str | Schedules_Time_str | | str | |
Schedules_TimeZone | Schedules_TimeZone | | str | |
TeamName | TeamName | | str | |
WorkspaceId | WorkspaceId | | str | |
DataflowType | DataflowType | | str | |
SourceFileName | SourceFileName | | str | |
FeatureDisplayName | FeatureDisplayName | | str | |
EntityPath | EntityPath | | str | |
TeamGuid | TeamGuid | | str | |
ResourceTitle | ResourceTitle | | str | |
Classification | Classification | | str | |
ListBaseTemplateType | ListBaseTemplateType | | str | |
DestinationFileName | DestinationFileName | | str | |
AffectedTenantCount | AffectedTenantCount | | int8 | |
DatasetName | DatasetName | | str | |
LicenseDisplayName | LicenseDisplayName | | str | |
Feature | Feature | | str | |
StartTime | StartTime | | str | |
TargetUserOrGroupType | TargetUserOrGroupType | | str | |
DataConnectivityMode | DataConnectivityMode | | str | |
LastUpdatedTime | LastUpdatedTime | | str | |
ReportName | ReportName | | str | |
EntityType | EntityType | | str | |
OperationDetails | OperationDetails | | str | |
UserAgent | UserAgent | | str | |
AlertType | AlertType | | str | |
Name | Name | | str | |
CmdletVersion | CmdletVersion | | str | |
ImportSource | ImportSource | | str | |
SkypeForBusinessEventType | SkypeForBusinessEventType | | int4 | |
AddOnType | AddOnType | | int4 | |
DoNotDistributeEvent | DoNotDistributeEvent | | bool | |
ChannelName | ChannelName | | str | |
ListItemUniqueId | ListItemUniqueId | | str | |
ObjectId | ObjectId | | str | |
AttachmentData | AttachmentData | | json | |
DeliveryAction | DeliveryAction | | str | |
DetectionMethod | DetectionMethod | | str | |
DetectionType | DetectionType | | str | |
Directionality | Directionality | | str | |
EventDeepLink | EventDeepLink | | str | |
InternetMessageId | InternetMessageId | | str | |
LatestDeliveryLocation | LatestDeliveryLocation | | str | |
MessageTime | MessageTime | | str | |
NetworkMessageId | NetworkMessageId | | str | |
OriginalDeliveryLocation | OriginalDeliveryLocation | | str | |
P1Sender | P1Sender | | str | |
P2Sender | P2Sender | | str | |
Policy | Policy | | str | |
PolicyAction | PolicyAction | | str | |
Recipients | Recipients | | str | |
SenderIp | SenderIp | | str | |
Subject | Subject | | str | |
ThreatsAndDetectionTech | ThreatsAndDetectionTech | | str | |
Verdict | Verdict | | str | |
SourceLocationType | SourceLocationType | | int4 | |
Platform | Platform | | int4 | |
Application | Application | | str | |
FileExtension | FileExtension | | str | |
DeviceName | DeviceName | | str | |
MDATPDeviceId | MDATPDeviceId | | str | |
FileSize | FileSize | | int4 | |
FileType | FileType | | str | |
Hidden | Hidden | | bool | |
Actions | Actions | | json | |
AlertLinks | AlertLinks | | json | |
Data | Data | | json | |
DeepLinkUrl | DeepLinkUrl | | str | |
EndTimeUtc | EndTimeUtc | | timestamp | |
InvestigationId | InvestigationId | | str | |
InvestigationName | InvestigationName | | str | |
InvestigationType | InvestigationType | | str | |
LastUpdateTimeUtc | LastUpdateTimeUtc | | timestamp | |
StartTimeUtc | StartTimeUtc | | timestamp | |
Source | Source | | str | |
message | message | | str | |
hostchain | hostchain | | str | ✓ |
tag | tag | | str | ✓ |
rawSource | rawSource | | str | ✓ |
rawTagged | rawTagged | | str | |
rawMessage | rawMessage | | str | |
