Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
cloud.azure.metrics.metricsTransactionsBlobmetricsTransactionsBlob
Rw ui tabs macro
Rw tab
title81-85

Anchor

tag81

tag82

tag81

tag82
cloud.azure.metrics.

metricsTransactions

Anchor
tag82tag82

Field

Type

Extra fields

eventdate

timestamp

region

str

partitionKey

str

rowKey

str

timestamp

str

totalRequests

int8

totalBillableRequests

int8

totalIngress

int8

totalEgress

int8

availability

float8

averageE2ELatency

float8

averageServerLatency

float8

percentSuccess

float8

percentSuccessOutsideSLA

float8

percentThrottlingError

float8

percentTimeoutError

float8

percentServerOtherError

float8

percentClientOtherError

float8

percentAuthorizationError

float8

percentNetworkError

float8

Success

int8

AnonymousSuccess

int8

sASSuccess

int8

successOutsideSLA

int8

anonymousSuccessOutsideSLA

int8

sASSuccessOutsideSLA

int8

throttlingError

int8

anonymousThrottlingError

int8

sASThrottlingError

int8

clientTimeoutError

int8

anonymousClientTimeoutError

int8

sASClientTimeoutError

int8

serverTimeoutError

int8

anonymousServerTimeoutError

int8

sASServerTimeoutError

int8

clientOtherError

int8

anonymousClientOtherError

int8

sASClientOtherError

int8

serverOtherError

int8

anonymousServerOtherError

int8

sASServerOtherError

int8

authorizationError

int8

anonymousAuthorizationError

int8

sASAuthorizationError

int8

networkError

int8

anonymousNetworkError

int8

sasNetworkError

int8

hostchain

str

tag

str

rawMessage

str

Anchor
tag83
tag83
cloud.azure.metrics.metricsTransactionsQueue

Field

Type

Extra fields

eventdate

timestamp

region

str

partitionKey

str

rowKey

str

timestamp

str

totalRequests

int8

totalBillableRequests

int8

totalIngress

int8

totalEgress

int8

availability

float8

averageE2ELatency

float8

averageServerLatency

float8

percentSuccess

float8

percentSuccessOutsideSLA

float8

percentThrottlingError

float8

percentTimeoutError

float8

percentServerOtherError

float8

percentClientOtherError

float8

percentAuthorizationError

float8

percentNetworkError

float8

Success

int8

AnonymousSuccess

int8

sASSuccess

int8

successOutsideSLA

int8

anonymousSuccessOutsideSLA

int8

sASSuccessOutsideSLA

int8

throttlingError

int8

anonymousThrottlingError

int8

sASThrottlingError

int8

clientTimeoutError

int8

anonymousClientTimeoutError

int8

sASClientTimeoutError

int8

serverTimeoutError

int8

anonymousServerTimeoutError

int8

sASServerTimeoutError

int8

clientOtherError

int8

anonymousClientOtherError

int8

sASClientOtherError

int8

serverOtherError

int8

anonymousServerOtherError

int8

sASServerOtherError

int8

authorizationError

int8

anonymousAuthorizationError

int8

sASAuthorizationError

int8

networkError

int8

anonymousNetworkError

int8

sasNetworkError

int8

hostchain

str

tag

str

rawMessage

str

Anchor
tag84
tag84
cloud.azure.metrics.metricsTransactionsTable

Field

Type

Extra fields

eventdate

timestamp

 

region

str

 

partitionKey

str

 

rowKey

str

 

timestamp

str

 

totalRequests

int8

 

totalBillableRequests

int8

 

totalIngress

int8

 

totalEgress

int8

 

availability

float8

 

averageE2ELatency

float8

 

averageServerLatency

float8

 

percentSuccess

float8

 

percentSuccessOutsideSLA

float8

 

percentThrottlingError

float8

 

percentTimeoutError

float8

 

percentServerOtherError

float8

 

percentClientOtherError

float8

 

percentAuthorizationError

float8

 

percentNetworkError

float8

 

Success

int8

 

AnonymousSuccess

int8

 

sASSuccess

int8

 

successOutsideSLA

int8

 

anonymousSuccessOutsideSLA

int8

 

sASSuccessOutsideSLA

int8

 

throttlingError

int8

 

anonymousThrottlingError

int8

 

sASThrottlingError

int8

 

clientTimeoutError

int8

 

anonymousClientTimeoutError

int8

 

sASClientTimeoutError

int8

 

serverTimeoutError

int8

 

anonymousServerTimeoutError

int8

 

sASServerTimeoutError

int8

 

clientOtherError

int8

 

anonymousClientOtherError

int8

 

sASClientOtherError

int8

 

serverOtherError

int8

 

anonymousServerOtherError

int8

 

sASServerOtherError

int8

 

authorizationError

int8

 

anonymousAuthorizationError

int8

 

sASAuthorizationError

int8

 

networkError

int8

 

anonymousNetworkError

int8

 

sasNetworkError

int8

 

hostchain

str

 

tag

str

 

rawMessage

str

 

Anchor
tag85
tag85
cloud.azure.microsoft_defender.alerts

Rw tab
title86-90

Anchor
tag86
tag86
cloud.azure.microsoft_defender.scorecontrol

Field

Type

Extra fields

eventdate

timestamp

hostname

str

id

str

azureTenantId

str

actionType

str

actionUrl

str

controlCategory

str

title

str

deprecated

bool

implementationCost

str

lastModifiedDateTime

str

maxScore

float8

rank

int4

remediation

str

remediationImpact

str

service

str

threats

str

tier

str

userImpact

str

vendorInformation__provider

str

vendorInformation__providerVersion

str

vendorInformation__subProvider

str

vendorInformation__vendor

str

complianceInformation

str

controlStateUpdates

str

hostchain

str

tag

str

rawMessage

str

Anchor
tag87
tag87
cloud.azure.microsoft_defender.scores

Field

Type

Extra fields

eventdate

timestamp

hostname

str

id

str

azureTenantId

str

activeUserCount

int4

createdDateTime

timestamp

currentScore

float8

enabledServices

str

licensedUserCount

int4

maxScore

float8

vendorInformation__provider

str

vendorInformation__providerVersion

str

vendorInformation__subProvider

str

vendorInformation__vendor

str

averageComparativeScores

str

controlScores

str

hostchain

str

tag

str

rawMessage

str

Anchor
tag88
tag88
cloud.azure.monitor.alert

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC"))

time

resourceId

str

 

 

correlationId

str

 

 

operationName

str

 

 

level

str

 

 

resultType

str

 

 

resultDescription

str

 

 

category

str

 

 

properties__eventCategory

str

 

 

properties__eventProperties__subscriptionId

str

 

 

properties__eventProperties__eventDataId

str

 

 

properties__eventProperties__resourceGroup

str

 

 

properties__eventProperties__resourceId

str

 

 

properties__eventProperties__eventTimestamp

str

 

 

properties__eventProperties__operationName

str

 

 

properties__eventProperties__status

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag89
tag89
cloud.azure.monitor.audit

Field

Type

Extra fields

eventdate

timestamp

hostname

str

timeGenerated

timestamp

resourceId

str

operationName

str

category

str

correlationId

str

properties

json

time

timestamp

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

hostchain

str

tag

str

rawMessage

str

Anchor
tag90
tag90
cloud.azure.nsg.flow

Field

Type

Extra fields

eventdate

timestamp

hostname

str

region

str

resource_id

str

subscription

str

resource_group

str

network_security_group

str

rule

str

unixtimestamp

timestamp

src_ip

ip4

dst_ip

ip4

src_port

int4

dst_port

int4

protocol

str

traffic_flow

str

traffic_decision

str

flow_state

str

src_packets

int4

src_bytes

int4

dst_packets

int4

dst_bytes

int4

hostchain

str

tag

str

rawMessage

str

Rw tab
title91-95

Anchor
tag91
tag91
cloud.azure.others.administrative

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

roleLocation

str

 

 

timestamp

timestamp

Code Block
parsedate(time, ifthenelse(length(time) = 25, dateformat("YYYY-MM-DD[T]HH:mm:ssZZ", "UTC"), dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC")))

time

resourceId

str

 

 

operationName

str

 

 

category

str

 

 

resultType

str

 

 

resultSignature

str

 

 

durationMs

str

 

 

callerIpAddress

ip4

 

 

correlationId

str

 

 

identity__authorization__scope

str

 

 

identity__authorization__action

str

 

 

identity__authorization__evidence__role

str

 

 

identity__authorization__evidence__roleAssignmentScope

str

 

 

identity__authorization__evidence__roleAssignmentId

str

 

 

identity__authorization__evidence__roleDefinitionId

str

 

 

identity__authorization__evidence__principalId

str

 

 

identity__authorization__evidence__principalType

str

 

 

identity__claims

json

 

 

identity__claims__aud

str

 

 

identity__claims__iss

str

 

 

identity__claims__iat

str

 

 

identity__claims__nbf

str

 

 

identity__claims__exp

str

 

 

identity__claims__aio

str

 

 

identity__claims__appid

str

 

 

identity__claims__appidacr

str

 

 

identity__claims__rh

str

 

 

identity__claims__uti

str

 

 

identity__claims__ver

str

 

 

identity__claims__xms_tcdt

str

 

 

level

str

 

 

properties__statusCode

str

 

 

properties__serviceRequestId

str

 

 

properties__responseBody

str

 

 

properties__eventCategory

str

 

 

properties__entity

str

 

 

properties__message

str

 

 

properties__hierarchy

str

 

 

tenantId

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag92
tag92
cloud.azure.others.autoscale

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, ifthenelse(length(time) = 25, dateformat("YYYY-MM-DD[T]HH:mm:ssZZ", "UTC"), dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC")))

time

resourceId

str

 

 

correlationId

str

 

 

operationName

str

 

 

level

str

 

 

resultType

str

 

 

resultDescription

str

 

 

category

str

 

 

properties__eventCategory

str

 

 

properties__eventName

str

 

 

properties__operationId

str

 

 

properties__eventProperties__Description

str

 

 

properties__eventProperties__ResourceName

str

 

 

properties__eventProperties__OldInstancesCount

int4

 

 

properties__eventProperties__NewInstancesCount

int4

 

 

properties__eventProperties__ActiveAutoscaleProfile__Name

str

 

 

properties__eventProperties__ActiveAutoscaleProfile__Capacity__Minimum

str

 

 

properties__eventProperties__ActiveAutoscaleProfile__Capacity__Maximum

str

 

 

properties__eventProperties__ActiveAutoscaleProfile__Capacity__Default

str

 

 

properties__eventProperties__ActiveAutoscaleProfile__Rules

str

 

 

properties__eventProperties__LastScaleActionTime

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag93
tag93
cloud.azure.others.events

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, ifthenelse(length(time) = 25, dateformat("YYYY-MM-DD[T]HH:mm:ssZZ", "UTC"), dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC")))

time

resourceId

str

 

 

correlationId

str

 

 

operationName

str

 

 

roleLocation

str

 

 

category

str

 

 

level

str

 

 

resultType

str

 

 

resultSignature

str

 

 

resultDescription

str

 

 

durationMs

str

 

 

callerIpAddress

ip4

 

 

tenantId

str

 

 

properties

json

 

 

identity

json

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag94
tag94
cloud.azure.others.policy

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

roleLocation

str

 

 

timestamp

timestamp

Code Block
parsedate(time, ifthenelse(length(time) = 25, dateformat("YYYY-MM-DD[T]HH:mm:ssZZ", "UTC"), dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC")))

time

resourceId

str

 

 

operationName

str

 

 

category

str

 

 

resultType

str

 

 

resultSignature

str

 

 

durationMs

str

 

 

callerIpAddress

ip4

 

 

correlationId

str

 

 

identity__authorization__scope

str

 

 

identity__authorization__action

str

 

 

identity__authorization__evidence__role

str

 

 

identity__authorization__evidence__roleAssignmentScope

str

 

 

identity__authorization__evidence__roleAssignmentId

str

 

 

identity__authorization__evidence__roleDefinitionId

str

 

 

identity__authorization__evidence__principalId

str

 

 

identity__authorization__evidence__principalType

str

 

 

identity__claims

json

 

 

identity__claims__aud

str

 

 

identity__claims__iss

str

 

 

identity__claims__iat

str

 

 

identity__claims__nbf

str

 

 

identity__claims__exp

str

 

 

identity__claims__aio

str

 

 

identity__claims__appid

str

 

 

identity__claims__appidacr

str

 

 

identity__claims__rh

str

 

 

identity__claims__uti

str

 

 

identity__claims__ver

str

 

 

identity__claims__xms_tcdt

str

 

 

level

str

 

 

properties__isComplianceCheck

str

 

 

properties__resourceLocation

str

 

 

properties__ancestors

str

 

 

properties__policies

json

 

 

properties__createdResources

json

 

 

properties__updatedResources

json

 

 

properties__deplymentProvisioningState

str

 

 

properties__deploymentId

str

 

 

properties__eventCategory

str

 

 

properties__entity

str

 

 

properties__message

str

 

 

properties__hierarchy

str

 

 

tenantId

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag95
tag95
cloud.azure.others.recommendation

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

correlationId

str

 

 

timestamp

timestamp

Code Block
parsedate(time, ifthenelse(length(time) = 25, dateformat("YYYY-MM-DD[T]HH:mm:ssZZ", "UTC"), dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC")))

time

eventDataId

str

 

 

resourceId

str

 

 

operationName

str

 

 

resultType

str

 

 

properties__recommendationSchemaVersion

str

 

 

properties__recommendationCategory

str

 

 

properties__recommendationImpact

str

 

 

properties__recommendationName

str

 

 

properties__recommendationResourceLink

str

 

 

properties__recommendationType

str

 

 

location

str

 

 

level

str

 

 

category

str

 

 

operationVersion

timestamp

 

 

resultSignature

str

 

 

resultDescription

str

 

 

durationMs

int4

 

 

callerIpAddress

ip4

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Rw tab
title96-100

Anchor
tag96
tag96
cloud.azure.others.resourcehealth

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, ifthenelse(length(time) = 25, dateformat("YYYY-MM-DD[T]HH:mm:ssZZ", "UTC"), dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS[Z]", "UTC")))

time

resourceId

str

 

 

correlationId

str

 

 

operationName

str

 

 

level

str

 

 

resultType

str

 

 

category

str

 

 

properties__eventCategory

str

 

 

properties__eventProperties__title

str

 

 

properties__eventProperties__details

str

 

 

properties__eventProperties__currentHealthStatus

str

 

 

properties__eventProperties__previousHealthStatus

str

 

 

properties__eventProperties__type

str

 

 

properties__eventProperties__cause

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Anchor
tag97
tag97
cloud.azure.postgresql.events

Field

Type

Extra fields

eventdate

timestamp

hostname

str

region

str

timestamp

timestamp

logicalServerName

str

subscriptionId

str

resourceGroup

str

resourceId

str

category

str

operationName

str

properties__prefix

str

properties__message

str

properties__detail

str

properties__errorLevel

str

properties__domain

str

properties__schemaName

str

properties__tableName

str

properties__columnName

str

properties__datatypeName

str

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

hostchain

str

tag

str

rawMessage

str

Anchor
tag98
tag98
cloud.azure.sec.nsg

Field

Type

Extra fields

eventdate

timestamp

region

str

host

str

time

str

timestamp

timestamp

provider

str

resourceType

str

recordCategory

str

operationName

str

resourceId

str

nsgRule1

str

nsgRule1Label

str

smac

str

rt

str

srcip

str

destip

str

srcport

str

destport

str

protocol

str

direction

str

action

str

version

str

hostchain

str

tag

str

rawMessage

str

Anchor
tag99
tag99
cloud.azure.sec.rms

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

region

str

 

date

str

 

time

str

 

row_id

str

 

request_type

str

 

user_id

str

 

result

str

 

correlation_id

str

 

content_id

str

 

owner_email

str

 

issuer

str

 

template_id

str

 

file_name

str

 

date_published

str

 

c_info

str

 

c_ip

str

 

admin_action

str

 

acting_as_user

str

 

hostchain

str

 

tag

str

 

rawMessage

str

rawSource

Anchor
tag100
tag100
cloud.azure.securitycenter.security

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

 

 

region

str

 

 

timestamp

timestamp

Code Block
parsedate(time, ifthenelse(length(time) > 20, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSS[Z]", "UTC"), dateformat("YYYY-MM-DD[T]HH:mm:ss[Z]", "UTC")))

time

resourceId

str

 

 

correlationId

str

 

 

operationName

str

 

 

level

str

 

 

resultType

str

 

 

resultDescription

str

 

 

category

str

 

 

properties__eventCategory

str

 

 

properties__eventName

str

 

 

properties__operationId

str

 

 

properties__eventProperties

json

 

 

properties__eventProperties__resourceType

str

 

 

properties__eventProperties__compromisedHost

str

 

 

properties__eventProperties__actionTaken

str

 

 

properties__eventProperties__attackTypeDetected

str

 

 

properties__eventProperties__possibleVictims

str

 

 

properties__eventProperties__severity

str

 

 

properties__eventProperties__intent_str

str

Code Block
join(properties__eventProperties__intent, ',')

properties__eventProperties__intent

properties__eventProperties__compromisedEntity

str

 

 

properties__eventProperties__remediationSteps_str

str

Code Block
join(properties__eventProperties__remediationSteps, ',')

properties__eventProperties__remediationSteps

properties__eventProperties__attackedResourceType

str

 

 

properties__eventProperties__applicationID

str

 

 

properties__eventProperties__clientObjectID

str

 

 

properties__eventProperties__clientInformation

str

 

 

properties__eventProperties__clientIPAddress

ip4

 

 

properties__eventProperties__resultSignature

str

 

 

properties__eventProperties__target

str

 

 

properties__eventProperties__alertReasons

str

 

 

properties__eventProperties__allVaultOperationsInLast24Hours

str

 

 

properties__eventProperties__suspiciousOperations

str

 

 

properties__eventProperties__startTime

timestamp

 

 

properties__eventProperties__endTime

timestamp

 

 

properties__eventProperties__numberOfFailedAuthenticationAttemptsToHost

int4

 

 

properties__eventProperties__accountsUsedOnFailedSignInToHostAttempts_str

str

Code Block
join(properties__eventProperties__accountsUsedOnFailedSignInToHostAttempts, ',')

properties__eventProperties__accountsUsedOnFailedSignInToHostAttempts

properties__eventProperties__wasSSHSessionInitiated

str

 

 

properties__eventProperties__attackerSourceIP

str

 

 

properties__eventProperties__attackerSourceComputerName

str

 

 

properties__eventProperties__numberOfExistingAccountsUsedBySourceToSignIn

int4

 

 

properties__eventProperties__numberOfNonexistentAccountsUsedBySourceToSignIn

int4

 

 

properties__eventProperties__topAccountsWithFailedSignInAttempts

str

 

 

properties__eventProperties__wasRDPSessionInitiated

str

 

 

at_devo_collector_version

int4

 

 

at_entry_offset

str

 

 

at_enqueued_time

timestamp

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str