Page Comparison

eventdate

timestamp

hostname

str

region

str

product

str

vproduct

type

str

vtype

rawMessage

str

✓

hostchain

str

✓

tag

str

✓

eventdate

timestamp

region

str

host

str

category

str

timestamp

timestamp

timestamp_str

resourceId

str

accid

str

operationName

str

resultType

str

resultSignature

str

durationMs

int4

callerIpAddress

ip4

correlationId

str

identity_authorization_scope

str

identity_authorization_action

str

identity_authorization_evidence

str

identity_authorization_evidence_role

str

identity_authorization_evidence_roleAssignmentScope

str

identity_authorization_evidence_roleAssignmentId

str

identity_authorization_evidence_roleDefinitionId

str

identity_authorization_evidence_principalId

str

identity_authorization_evidence_principalType

str

identity_claims

str

identity_claims_onprem_sid

str

identity_claims_name

str

level

str

location

str

properties

str

properties_json

json

properties_requestbody

str

properties_statusCode

str

properties_serviceRequestId

str

properties_eventCategory

str

properties_eventName

str

properties_operationId

str

properties__hostname

str

properties__userAgent

str

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

hostname

str

id

str

azureTenantId

str

azureSubscriptionId

str

riskScore

str

tags

str

activityGroupName

str

assignedTo

str

category

str

closedDateTime

timestamp

comments

str

confidence

int4

createdDateTime

str

description

str

detectionIds

str

eventDateTime

str

feedback

str

incidentIds

str

lastModifiedDateTime

str

recommendedActions

str

severity

str

sourceMaterials

str

status

str

title

str

vendorInformation__provider

str

vendorInformation__providerVersion

str

vendorInformation__subProvider

str

vendorInformation__vendor

str

cloudAppStates_json

json

fileStates_json

json

hostStates_json

json

historyStates_json

json

malwareStates_json

json

networkConnections_json

json

processes_json

json

registryKeyStates_json

json

securityResources_json

json

triggers_json

json

userStates_json

json

vulnerabilityStates_json

json

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

region

str

timestamp

timestamp

resourceId

str

operationName

str

operationVersion

str

category

str

tenantId

str

resultSignature

str

resultDescription

str

durationMs

int4

callerIpAddress

str

correlationId

str

identity

str

level

str

Level

int4

properties_id

str

properties_category

str

properties_correlationId

str

properties_result

str

properties_resultReason

str

properties_activityDisplayName

str

properties_activityDateTime

str

properties_loggedByService

str

properties_operationType

str

properties_initiatedBy_user_id

str

properties_initiatedBy_user_displayName

str

properties_initiatedBy_user_userPrincipalName

str

properties_initiatedBy_user_ipAddress

str

properties_initiatedBy_app_appId

str

properties_initiatedBy_app_displayName

str

properties_initiatedBy_app_servicePrincipalId

str

properties_initiatedBy_app_servicePrincipalName

str

properties_targetResources

json

properties_additionalDetails

json

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

rawJson

json

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

hostname

str

region

str

id

str

requestId

str

correlationId

str

riskEventType

str

riskState

str

riskLevel

str

riskDetail

str

source

str

detectionTimingType

str

activity

str

tokenIssuerType

str

ipAddress

ip4

activityDateTime

str

detectedDateTime

str

lastUpdatedDateTime

str

userId

str

userDisplayName

str

userPrincipalName

str

additionalInfo

str

location__city

str

location__state

str

location__countryOrRegion

str

location__geoCoordinates__latitude

float8

location__geoCoordinates__longitude

float8

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

hostname

str

time

str

resource_id

str

operation_name

str

operation_version

str

category

str

tenant_id

str

result_signature

str

duration_ms

int4

caller_ip_str

str

caller_ip_ip4

ip4

caller_ip_str

caller_ip_ip6

ip6

caller_ip_str

correlation_id

str

level2

int4

destination_location

str

properties__time_generated

str

properties__location

str

properties__request_id

str

properties__operation_id

str

properties__client_request_id

str

properties__api_version

str

properties__request_method

str

properties__response_status_code

int4

properties__tenant_id

str

properties__ip_address_str

str

properties__ip_address_ip4

ip4

properties__ip_address_str

properties__ip_address_ip6

ip6

properties__ip_address_str

properties__user_agent

str

properties__request_uri

str

properties__duration_ms

int4

properties__response_size_bytes

int4

properties__sign_in_activity_id

str

properties__roles

str

properties__token_issued_at

timestamp

properties__app_id

str

properties__user_id

str

properties__service_principal_id

str

properties__scopes

str

properties__identity_provider

str

properties__client_auth_method

str

properties__wids

str

properties__at_content

str

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

timestamp

timestamp

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

hostname

str

region

str

rawMessage

str

rawSource

timestamp

timestamp

resourceId

str

signInEventTypes

str

operationName

str

operationVersion

str

category

str

tenantId

str

resultType

str

resultSignature

str

resultDescription

str

durationMs

int4

callerIpAddress

str

correlationId

str

identity

str

Level

int4

location

str

properties

json

properties_id

str

properties_createdDateTime

str

properties_userDisplayName

str

properties_userPrincipalName

str

properties_userId

str

properties_appId

str

properties_appDisplayName

str

properties_ipAddress

str

properties_status_errorCode

int4

properties_status_failureReason

str

properties_clientAppUsed

str

properties_userAgent

str

properties_deviceDetail_operatingSystem

str

properties_deviceDetail_browser

str

properties_deviceDetail_deviceId

str

properties_deviceDetail_displayName

str

properties_deviceDetail_isCompliant

bool

properties_deviceDetail_isManaged

bool

properties_deviceDetail_trustType

str

properties_location_city

str

properties_location_state

str

properties_location_countryOrRegion

str

properties_location_geoCoordinates_latitude

float8

properties_location_geoCoordinates_longitude

float8

properties_mfaDetail_authMethod

str

properties_mfaDetail_authDetail

str

properties_correlationId

str

properties_conditionalAccessStatus

str

properties_originalRequestId

str

properties_isInteractive

bool

properties_tokenIssuerName

str

properties_tokenIssuerType

str

properties_processingTimeInMilliseconds

int4

properties_riskDetail

str

properties_riskLevelAggregated

str

properties_riskLevelDuringSignIn

str

properties_riskState

str

properties_resourceDisplayName

str

properties_resourceId

str

properties_resourceTenantId

str

properties_homeTenantId

str

properties_alternateSignInName

str

properties_signInIdentifier

str

properties_signInIdentifierType

int4

properties_servicePrincipalId

str

properties_userType

str

properties_flaggedForReview

bool

isTenantRestricted

bool

autonomousSystemNumber

int4

crossTenantAccessType

str

servicePrincipalCredentialKeyId

str

servicePrincipalCredentialThumbprint

str

uniqueTokenIdentifier

str

incomingTokenType

str

authenticationProtocol

str

resourceServicePrincipalId

str

authenticationContextClassReferences

str

sessionLifetimePolicies

str

privateLinkDetails__policyId

str

privateLinkDetails__policyName

str

privateLinkDetails__resourceId

str

privateLinkDetails__policyTenantId

str

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

hostchain

str

✓

tag

str

✓

eventdate

timestamp

region

str

hostname

str

timestamp

timestamp

resourceId

str

operationName

str

operationVersion

str

category

str

tenantId

str

resultType

str

resultSignature

str

resultDescription

str

durationMs

int4

correlationId

str

identity

str

Level

int4

properties_id

str

properties_activityDateTime

str

properties_tenantId

str

properties_jobId

str

properties_cycleId

str

properties_changeId

str

properties_action

str

properties_servicePrincipal_Id

str

properties_servicePrincipal_Name

str

properties_sourceSystem_details_dynamicProperties

str

properties_sourceSystem_Id

str

properties_sourceSystem_Name

str

properties_targetSystem_details_dynamicProperties_ApplicationId

str

properties_targetSystem_details_dynamicProperties_ServicePrincipalId

str

properties_targetSystem_details_dynamicProperties_ServicePrincipalDisplayName

str

properties_targetSystem_Id

str

properties_targetSystem_Name

str

properties_initiatedBy_Type

str

properties_initiatedBy_Id

str

properties_initiatedBy_Name

str

properties_sourceIdentity_identityType

str

properties_sourceIdentity_details_dynamicProperties

str

properties_sourceIdentity_Id

str

properties_sourceIdentity_Name

str

properties_targetIdentity_identityType

str

properties_targetIdentity_details_dynamicProperties

str

properties_targetIdentity_Id

str

properties_targetIdentity_Name

str

properties_statusInfo_ErrorCode

str

properties_statusInfo_Reason

str

properties_statusInfo_AdditionalDetails

str

properties_statusInfo_ErrorCategory

str

properties_statusInfo_RecommendedAction

str

properties_statusInfo_Status

int4

properties_provisioningSteps

json

properties_modifiedProperties

str

properties_durationInMilliseconds

int4

provisioningAction

str

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

hostname

str

time

str

resourceId

str

operationName

str

operationVersion

str

category

str

tenantId

str

resultSignature

str

durationMs

int4

correlationId

str

identity

str

Level

int4

location

str

id

str

accountEnabled

bool

isProcessing

bool

riskLastUpdatedDateTime

timestamp

riskState

str

riskDetail

str

riskLevel

str

displayName

str

appId

str

servicePrincipalType

str

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

timestamp

timestamp

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

Extra fields

timestamp

hostname

str

region

str

category

str

correlationId

str

durationMs

int4

properties__id

str

identity

str

properties__isDeleted

bool

properties__isGuest

bool

properties__isProcessing

bool

level

int4

location

str

operationName

str

operationVersion

str

resourceId

str

resultSignature

str

properties__riskDetail

str

properties__riskLastUpdatedDateTime_str

str

properties__riskLevel

str

properties__riskState

str

tenantId

str

timeGenerated_str

str

properties__userDisplayName

str

properties__userPrincipalName

str

properties__sourceSystem

str

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

hostname

str

time

str

resourceId

str

operationName

str

operationVersion

str

category

str

tenantId

str

resultSignature

str

durationMs

int4

correlationId

str

identity

str

Level

int4

location

str

properties__correlationId

str

properties__location

str

id

str

requestId

str

riskEventType

str

riskState

str

riskLevel

str

riskDetail

str

source

str

detectionTimingType

str

activity

str

ipAddress

str

activityDateTime

timestamp

detectedDateTime

timestamp

lastUpdatedDateTime

timestamp

servicePrincipalId

str

servicePrincipalDisplayName

str

appId

str

keyIds

str

additionalInfo

str

tokenIssuerType

str

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

timestamp

timestamp

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

hostname

str

region

str

rawMessage

str

rawSource

timestamp

timestamp

resourceId

str

operationName

str

operationVersion

str

category

str

tenantId

str

resultType

str

resultSignature

str

durationMs

int4

callerIpAddress

str

correlationId

str

Level

int4

location

str

properties_id

str

properties_createdDateTime

str

properties_userId

str

properties_appId

str

properties_ipAddress

str

properties_status_errorCode

int4

properties_location_city

str

properties_location_state

str

properties_location_countryOrRegion

str

properties_location_geoCoordinates_latitude

float8

properties_location_geoCoordinates_longitude

float8

properties_correlationId

str

properties_isInteractive

bool

properties_tokenIssuerType

str

properties_processingTimeInMilliseconds

int4

properties_riskDetail

str

properties_riskLevelAggregated

str

properties_riskLevelDuringSignIn

str

properties_riskState

str

properties_resourceDisplayName

str

properties_resourceId

str

properties_servicePrincipalName

str

properties_servicePrincipalId

str

properties_flaggedForReview

bool

isTenantRestricted

bool

autonomousSystemNumber

int4

crossTenantAccessType

str

servicePrincipalCredentialKeyId

str

servicePrincipalCredentialThumbprint

str

uniqueTokenIdentifier

str

incomingTokenType

str

authenticationProtocol

str

resourceServicePrincipalId

str

authenticationContextClassReferences

str

sessionLifetimePolicies

str

privateLinkDetails__policyId

str

privateLinkDetails__policyName

str

privateLinkDetails__resourceId

str

privateLinkDetails__policyTenantId

str

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

hostchain

str

✓

tag

str

✓

eventdate

timestamp

hostname

str

region

str

rawMessage

str

rawSource

timestamp

timestamp

resourceId

str

operationName

str

operationVersion

str

category

str

tenantId

str

resultType

str

resultSignature

str

resultDescription

str

durationMs

int4

callerIpAddress

str

correlationId

str

identity

str

Level

int4

location

str

properties

json

properties_id

str

properties_createdDateTime

str

properties_userDisplayName

str

properties_userPrincipalName

str

properties_userId

str

properties_appId

str

properties_appDisplayName

str

properties_ipAddress

str

properties_status_errorCode

int4

properties_status_failureReason

str

properties_clientAppUsed

str

properties_userAgent

str

properties_deviceDetail_operatingSystem

str

properties_deviceDetail_browser

str

properties_deviceDetail_deviceId

str

properties_deviceDetail_displayName

str

properties_deviceDetail_isCompliant

bool

properties_deviceDetail_isManaged

bool

properties_deviceDetail_trustType

str

properties_location_city

str

properties_location_state

str

properties_location_countryOrRegion

str

properties_location_geoCoordinates_latitude

float8

properties_location_geoCoordinates_longitude

float8

properties_mfaDetail_authMethod

str

properties_mfaDetail_authDetail

str

properties_correlationId

str

properties_conditionalAccessStatus

str

properties_originalRequestId

str

properties_isInteractive

bool

properties_tokenIssuerName

str

properties_tokenIssuerType

str

properties_processingTimeInMilliseconds

int4

properties_riskDetail

str

properties_riskLevelAggregated

str

properties_riskLevelDuringSignIn

str

properties_riskState

str

properties_resourceDisplayName

str

properties_resourceId

str

properties_resourceTenantId

str

properties_homeTenantId

str

properties_alternateSignInName

str

properties_signInIdentifier

str

properties_signInIdentifierType

int4

properties_servicePrincipalId

str

properties_userType

str

properties_flaggedForReview

bool

at_devo_collector_version

int4

at_entry_offset

str

at_enqueued_time

timestamp

hostchain

str

✓

tag

str

✓

eventdate

timestamp

hostname

str

region

str

timeGenerated_str

str

resourceId

str

operationName

str

operationVersion

str

category

str

tenantId

str

resultSignature

str

durationMs

int4

callerIpAddress

ip4

correlationId

str

identity

str

Level

int4

location

str

properties__id

str

properties__requestId

str

properties__correlationId

str

properties__riskType

str

properties__riskEventType

str

properties__riskState

str

properties__riskLevel

str

properties__riskDetail

str

properties__source

str

properties__detectionTimingType

str

properties__activity

str

properties__ipAddress

ip4

properties__location

json

properties__activityDateTime_str

str

properties__detectedDateTime_str

str

properties__lastUpdatedDateTime_str

str

properties__userId

str

properties__userDisplayName

str

properties__userPrincipalName

str

properties__additionalInfo

str

properties__tokenIssuerType

str

properties__sourceSystem

str

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

hostname

str

region

str

type

str

vtype

timestamp

timestamp

ccpNamespace

str

UnderlayName

str

operationName

str

category

str

UnderlayClass

str

properties

json

Environment

str

Cloud

str

attrs

str

resourceId

str

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

eventdate

timestamp

hostname

str

region

str

timestamp

timestamp

ccpNamespace

str

UnderlayName

str

operationName

str

category

str

UnderlayClass

str