Rw ui tabs macro | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
microsoft_graph_useractivity_signin Anchor | | tag6 | tag6 | cloud.azure.ad.noninteractive_user_signin||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Field | Type | Source field name | Extra fields | eventdate |
|
| hostname |
|
| region |
|
| rawMessage |
| rawSource | timestamp |
|
| resourceId |
|
| signInEventTypes |
|
| operationName |
|
| operationVersion |
|
Field | Type | Field transformation | Source field name | Extra fields |
---|---|---|---|---|
eventdate |
|
|
| |
hostname |
|
|
| |
time |
|
|
| |
resource_id |
|
|
| |
operation_name |
|
|
| |
operation_version |
|
|
| |
category |
|
|
str
|
tenant_id |
|
|
| ||
result_signature |
|
|
resultDescription
str
|
duration_ms |
|
|
callerIpAddress
str
|
correlationId
identity
caller_ip_str |
|
|
Level
int4
|
location
str
properties
json
properties_id
str
properties_createdDateTime
str
properties_userDisplayName
str
properties_userPrincipalName
str
properties_userId
str
properties_appId
str
caller_ip_ip4 |
|
| caller_ip_str | |||
caller_ip_ip6 |
|
| caller_ip_str | |||
correlation_id |
|
|
| |||
level2 |
|
|
| |||
destination_location |
|
|
| |||
properties__ |
time_generated |
|
|
| |
properties_ |
_ |
location |
|
int4
|
| |
properties_ |
_request_ |
id |
|
|
| |
properties__operation_ |
id |
|
|
| |
properties_ |
_client_request_id |
|
|
| |
properties__ |
api_ |
version |
|
|
| |
properties__ |
request_ |
method |
|
|
| |
properties__ |
str
response_status_code |
|
|
| |
properties_ |
_tenant_ |
id |
|
|
| |
properties_ |
bool
_ip_address_str |
|
|
| |
properties_ |
bool
properties_deviceDetail_trustType
str
properties_location_city
str
properties_location_state
str
properties_location_countryOrRegion
str
properties_location_geoCoordinates_latitude
float8
properties_location_geoCoordinates_longitude
float8
properties_mfaDetail_authMethod
str
_ip_address_ip4 |
|
| properties__ip_address_str | |||
properties__ip_address_ip6 |
|
| properties__ip_address_str | |||
properties__user_agent |
|
|
| |||
properties__request_uri |
|
|
| |||
properties_ |
_ |
str
duration_ms |
|
|
| |
properties_ |
str
_response_size_bytes |
|
|
| |
properties_ |
_sign_in_activity_id |
|
|
| |
properties__ |
roles |
|
|
| |
properties_ |
bool
properties_tokenIssuerName
str
_token_issued_at |
|
|
| |
properties__app_ |
id |
|
|
properties_processingTimeInMilliseconds
int4
| |
properties__user_ |
id |
|
|
| |
properties_ |
_service_principal_id |
|
|
| |
properties_ |
_scopes |
|
|
| |
properties__identity_ |
provider |
|
|
| |
properties_ |
_client_auth_method |
|
|
| |
properties__ |
wids |
|
|
| |
properties_ |
str
_at_content |
|
|
|
properties_homeTenantId
at_devo_collector_version |
|
|
properties_alternateSignInName
str
|
at_entry_ |
offset |
|
|
properties_signInIdentifierType
int4
properties_servicePrincipalId
str
properties_userType
str
properties_flaggedForReview
bool
isTenantRestricted
bool
autonomousSystemNumber
int4
| ||||
at_enqueued_time |
|
|
| |
timestamp |
|
|
| |
hostchain |
|
|
|
str
✓ |
tag |
|
|
uniqueTokenIdentifier
str
|
✓ |
str
rawMessage |
authenticationProtocol
|
|
resourceServicePrincipalId
str
|
✓ |
str
Field
Type
Extra fields
eventdate
timestamp
hostname
str
time
str
resourceId
str
operationName
str
operationVersion
str
category
str
tenantId
str
resultSignature
str
durationMs
int4
correlationId
str
identity
str
Level
int4
location
str
id
str
accountEnabled
bool
isProcessing
bool
riskLastUpdatedDateTime
timestamp
riskState
str
riskDetail
str
riskLevel
str
displayName
str
appId
str
servicePrincipalType
str
at_devo_collector_version
int4
at_entry_offset
str
at_enqueued_time
timestamp
timestamp
timestamp
hostchain
str
✓
tag
str
✓
rawMessage
str
✓
Field
Type
Extra fields
Extra fields
timestamp
hostname
str
region
str
category
str
correlationId
str
durationMs
int4
properties__id
str
identity
str
properties__isDeleted
bool
properties__isGuest
bool
properties__isProcessing
bool
level
int4
location
str
operationName
str
operationVersion
str
resourceId
str
resultSignature
str
properties__riskDetail
str
properties__riskLastUpdatedDateTime_str
str
properties__riskLevel
str
properties__riskState
str
tenantId
str
timeGenerated_str
str
properties__userDisplayName
str
properties__userPrincipalName
str
Rw tab |
---|
sessionLifetimePolicies
str
privateLinkDetails__policyId
str
privateLinkDetails__policyName
str
privateLinkDetails__resourceId
str
privateLinkDetails__policyTenantId
str
at_devo_collector_version
int4
at_entry_offset
str
at_enqueued_time
timestamp
hostchain
str
✓
tag
str
✓
Field
Type
Extra fields
eventdate
timestamp
region
str
hostname
str
timestamp
timestamp
resourceId
str
operationName
str
operationVersion
str
category
str
tenantId
str
resultType
str
resultSignature
str
resultDescription
str
durationMs
int4
correlationId
str
identity
str
Level
int4
properties_id
str
properties_activityDateTime
str
properties_tenantId
str
properties_jobId
str
properties_cycleId
str
properties_changeId
str
properties_action
str
properties_servicePrincipal_Id
str
properties_servicePrincipal_Name
str
properties_sourceSystem_details_dynamicProperties
str
properties_sourceSystem_Id
str
properties_sourceSystem_Name
str
properties_targetSystem_details_dynamicProperties_ApplicationId
str
properties_targetSystem_details_dynamicProperties_ServicePrincipalId
str
properties_targetSystem_details_dynamicProperties_ServicePrincipalDisplayName
str
properties_targetSystem_Id
str
properties_targetSystem_Name
str
properties_initiatedBy_Type
str
properties_initiatedBy_Id
str
properties_initiatedBy_Name
str
properties_sourceIdentity_identityType
str
properties_sourceIdentity_details_dynamicProperties
str
properties_sourceIdentity_Id
str
properties_sourceIdentity_Name
str
properties_targetIdentity_identityType
str
properties_targetIdentity_details_dynamicProperties
str
properties_targetIdentity_Id
str
properties_targetIdentity_Name
str
properties_statusInfo_ErrorCode
str
properties_statusInfo_Reason
str
properties_statusInfo_AdditionalDetails
str
properties_statusInfo_ErrorCategory
str
properties_statusInfo_RecommendedAction
str
properties_statusInfo_Status
int4
properties_provisioningSteps
json
properties_modifiedProperties
str
properties_durationInMilliseconds
int4
provisioningAction
str
at_devo_collector_version
int4
at_entry_offset
str
at_enqueued_time
timestamp
hostchain
str
✓
tag
str
✓
rawMessage
str
✓
|
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
hostname |
|
| |
region |
|
| |
rawMessage |
| rawSource | |
timestamp |
|
| |
resourceId |
|
| |
signInEventTypes |
|
| |
operationName |
|
| |
operationVersion |
|
| |
category |
|
| |
tenantId |
|
| |
resultType |
|
| |
resultSignature |
|
| |
resultDescription |
|
| |
durationMs |
|
| |
callerIpAddress |
|
| |
correlationId |
|
| |
identity |
|
| |
Level |
|
| |
location |
|
| |
properties |
|
| |
properties_id |
|
| |
properties_createdDateTime |
|
| |
properties_userDisplayName |
|
| |
properties_userPrincipalName |
|
| |
properties_userId |
|
| |
properties_appId |
|
| |
properties_appDisplayName |
|
| |
properties_ipAddress |
|
| |
properties_status_errorCode |
|
| |
properties_status_failureReason |
|
| |
properties_clientAppUsed |
|
| |
properties_userAgent |
|
| |
properties_deviceDetail_operatingSystem |
|
| |
properties_deviceDetail_browser |
|
| |
properties_deviceDetail_deviceId |
|
| |
properties_deviceDetail_displayName |
|
| |
properties_deviceDetail_isCompliant |
|
| |
properties_deviceDetail_isManaged |
|
| |
properties_deviceDetail_trustType |
|
| |
properties_location_city |
|
| |
properties_location_state |
|
| |
properties_location_countryOrRegion |
|
| |
properties_location_geoCoordinates_latitude |
|
| |
properties_location_geoCoordinates_longitude |
|
| |
properties_mfaDetail_authMethod |
|
| |
properties_mfaDetail_authDetail |
|
| |
properties_correlationId |
|
| |
properties_conditionalAccessStatus |
|
| |
properties_originalRequestId |
|
| |
properties_isInteractive |
|
| |
properties_tokenIssuerName |
|
| |
properties_tokenIssuerType |
|
| |
properties_processingTimeInMilliseconds |
|
| |
properties_riskDetail |
|
| |
properties_riskLevelAggregated |
|
| |
properties_riskLevelDuringSignIn |
|
| |
properties_riskState |
|
| |
properties_resourceDisplayName |
|
| |
properties_resourceId |
|
| |
properties_resourceTenantId |
|
| |
properties_homeTenantId |
|
| |
properties_alternateSignInName |
|
| |
properties_signInIdentifier |
|
| |
properties_signInIdentifierType |
|
| |
properties_servicePrincipalId |
|
| |
properties_userType |
|
| |
properties_flaggedForReview |
|
| |
isTenantRestricted |
|
| |
autonomousSystemNumber |
|
| |
crossTenantAccessType |
|
| |
servicePrincipalCredentialKeyId |
|
| |
servicePrincipalCredentialThumbprint |
|
| |
uniqueTokenIdentifier |
|
| |
incomingTokenType |
|
| |
authenticationProtocol |
|
| |
resourceServicePrincipalId |
|
| |
authenticationContextClassReferences |
|
| |
sessionLifetimePolicies |
|
| |
privateLinkDetails__policyId |
|
| |
privateLinkDetails__policyName |
|
| |
privateLinkDetails__resourceId |
|
| |
privateLinkDetails__policyTenantId |
|
| |
at_devo_collector_version |
|
| |
at_entry_offset |
|
| |
at_enqueued_time |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
region |
| |
hostname |
| |
timestamp |
| |
resourceId |
| |
operationName |
| |
operationVersion |
| |
category |
| |
tenantId |
| |
resultType |
| |
resultSignature |
| |
resultDescription |
| |
durationMs |
| |
correlationId |
| |
identity |
| |
Level |
| |
properties_id |
| |
properties_activityDateTime |
| |
properties_tenantId |
| |
properties_jobId |
| |
properties_cycleId |
| |
properties_changeId |
| |
properties_action |
| |
properties_servicePrincipal_Id |
| |
properties_servicePrincipal_Name |
| |
properties_sourceSystem_details_dynamicProperties |
| |
properties_sourceSystem_Id |
| |
properties_sourceSystem_Name |
| |
properties_targetSystem_details_dynamicProperties_ApplicationId |
| |
properties_targetSystem_details_dynamicProperties_ServicePrincipalId |
| |
properties_targetSystem_details_dynamicProperties_ServicePrincipalDisplayName |
| |
properties_targetSystem_Id |
| |
properties_targetSystem_Name |
| |
properties_initiatedBy_Type |
| |
properties_initiatedBy_Id |
| |
properties_initiatedBy_Name |
| |
properties_sourceIdentity_identityType |
| |
properties_sourceIdentity_details_dynamicProperties |
| |
properties_sourceIdentity_Id |
| |
properties_sourceIdentity_Name |
| |
properties_targetIdentity_identityType |
| |
properties_targetIdentity_details_dynamicProperties |
| |
properties_targetIdentity_Id |
| |
properties_targetIdentity_Name |
| |
properties_statusInfo_ErrorCode |
| |
properties_statusInfo_Reason |
| |
properties_statusInfo_AdditionalDetails |
| |
properties_statusInfo_ErrorCategory |
| |
properties_statusInfo_RecommendedAction |
| |
properties_statusInfo_Status |
| |
properties_provisioningSteps |
| |
properties_modifiedProperties |
| |
properties_durationInMilliseconds |
| |
provisioningAction |
| |
at_devo_collector_version |
| |
at_entry_offset |
| |
at_enqueued_time |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
hostname |
| |
time |
| |
resourceId |
| |
operationName |
| |
operationVersion |
| |
category |
| |
tenantId |
| |
resultSignature |
| |
durationMs |
| |
correlationId |
| |
identity |
| |
Level |
| |
location |
| |
id |
| |
accountEnabled |
| |
isProcessing |
| |
riskLastUpdatedDateTime |
| |
riskState |
| |
riskDetail |
| |
riskLevel |
| |
displayName |
| |
appId |
| |
servicePrincipalType |
| |
at_devo_collector_version |
| |
at_entry_offset |
| |
at_enqueued_time |
| |
timestamp |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
Extra fields |
| |
hostname |
| |
region |
| |
category |
| |
correlationId |
| |
durationMs |
| |
properties__id |
| |
identity |
| |
properties__isDeleted |
| |
properties__isGuest |
| |
properties__isProcessing |
| |
level |
| |
location |
| |
operationName |
| |
operationVersion |
| |
resourceId |
| |
resultSignature |
| |
properties__riskDetail |
| |
properties__riskLastUpdatedDateTime_str |
| |
properties__riskLevel |
| |
properties__riskState |
| |
tenantId |
| |
timeGenerated_str |
| |
properties__userDisplayName |
| |
properties__userPrincipalName |
| |
properties__sourceSystem |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
hostname |
| |
time |
| |
resourceId |
| |
operationName |
| |
operationVersion |
| |
category |
| |
tenantId |
| |
resultSignature |
| |
durationMs |
| |
correlationId |
| |
identity |
| |
Level |
| |
location |
| |
properties__correlationId |
| |
properties__location |
| |
id |
| |
requestId |
| |
riskEventType |
| |
riskState |
| |
riskLevel |
| |
riskDetail |
| |
source |
| |
detectionTimingType |
| |
activity |
| |
ipAddress |
| |
activityDateTime |
| |
detectedDateTime |
| |
lastUpdatedDateTime |
| |
servicePrincipalId |
| |
servicePrincipalDisplayName |
| |
appId |
| |
keyIds |
| |
additionalInfo |
| |
tokenIssuerType |
| |
at_devo_collector_version |
| |
at_entry_offset |
| |
at_enqueued_time |
| |
timestamp |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Rw tab | ||
---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
hostname |
|
| |
region |
|
| |
rawMessage |
| rawSource | |
timestamp |
|
| |
resourceId |
|
| |
operationName |
|
| |
operationVersion |
|
| |
category |
|
| |
tenantId |
|
| |
resultType |
|
| |
resultSignature |
|
| |
durationMs |
|
| |
callerIpAddress |
|
| |
correlationId |
|
| |
Level |
|
| |
location |
|
| |
properties_id |
|
| |
properties_createdDateTime |
|
| |
properties_userId |
|
| |
properties_appId |
|
| |
properties_ipAddress |
|
| |
properties_status_errorCode |
|
| |
properties_location_city |
|
| |
properties_location_state |
|
| |
properties_location_countryOrRegion |
|
| |
properties_location_geoCoordinates_latitude |
|
| |
properties_location_geoCoordinates_longitude |
|
| |
properties_correlationId |
|
| |
properties_isInteractive |
|
| |
properties_tokenIssuerType |
|
| |
properties_processingTimeInMilliseconds |
|
| |
properties_riskDetail |
|
| |
properties_riskLevelAggregated |
|
| |
properties_riskLevelDuringSignIn |
|
| |
properties_riskState |
|
| |
properties_resourceDisplayName |
|
| |
properties_resourceId |
|
| |
properties_servicePrincipalName |
|
| |
properties_servicePrincipalId |
|
| |
properties_flaggedForReview |
|
| |
isTenantRestricted |
|
| |
autonomousSystemNumber |
|
| |
crossTenantAccessType |
|
| |
servicePrincipalCredentialKeyId |
|
| |
servicePrincipalCredentialThumbprint |
|
| |
uniqueTokenIdentifier |
|
| |
incomingTokenType |
|
| |
authenticationProtocol |
|
| |
resourceServicePrincipalId |
|
| |
authenticationContextClassReferences |
|
| |
sessionLifetimePolicies |
|
| |
privateLinkDetails__policyId |
|
| |
privateLinkDetails__policyName |
|
| |
privateLinkDetails__resourceId |
|
| |
privateLinkDetails__policyTenantId |
|
| |
at_devo_collector_version |
|
| |
at_entry_offset |
|
| |
at_enqueued_time |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
hostname |
|
| |
region |
|
| |
rawMessage |
| rawSource | |
timestamp |
|
| |
resourceId |
|
| |
operationName |
|
| |
operationVersion |
|
| |
category |
|
| |
tenantId |
|
| |
resultType |
|
| |
resultSignature |
|
| |
resultDescription |
|
| |
durationMs |
|
| |
callerIpAddress |
|
| |
correlationId |
|
| |
identity |
|
| |
Level |
|
| |
location |
|
| |
properties |
|
| |
properties_id |
|
| |
properties_createdDateTime |
|
| |
properties_userDisplayName |
|
| |
properties_userPrincipalName |
|
| |
properties_userId |
|
| |
properties_appId |
|
| |
properties_appDisplayName |
|
| |
properties_ipAddress |
|
| |
properties_status_errorCode |
|
| |
properties_status_failureReason |
|
| |
properties_clientAppUsed |
|
| |
properties_userAgent |
|
| |
properties_deviceDetail_operatingSystem |
|
| |
properties_deviceDetail_browser |
|
| |
properties_deviceDetail_deviceId |
|
| |
properties_deviceDetail_displayName |
|
| |
properties_deviceDetail_isCompliant |
|
| |
properties_deviceDetail_isManaged |
|
| |
properties_deviceDetail_trustType |
|
| |
properties_location_city |
|
| |
properties_location_state |
|
| |
properties_location_countryOrRegion |
|
| |
properties_location_geoCoordinates_latitude |
|
| |
properties_location_geoCoordinates_longitude |
|
| |
properties_mfaDetail_authMethod |
|
| |
properties_mfaDetail_authDetail |
|
| |
properties_correlationId |
|
| |
properties_conditionalAccessStatus |
|
| |
properties_originalRequestId |
|
| |
properties_isInteractive |
|
| |
properties_tokenIssuerName |
|
| |
properties_tokenIssuerType |
|
| |
properties_processingTimeInMilliseconds |
|
| |
properties_riskDetail |
|
| |
properties_riskLevelAggregated |
|
| |
properties_riskLevelDuringSignIn |
|
| |
properties_riskState |
|
| |
properties_resourceDisplayName |
|
| |
properties_resourceId |
|
| |
properties_resourceTenantId |
|
| |
properties_homeTenantId |
|
| |
properties_alternateSignInName |
|
| |
properties_signInIdentifier |
|
| |
properties_signInIdentifierType |
|
| |
properties_servicePrincipalId |
|
| |
properties_userType |
|
| |
properties_flaggedForReview |
|
| |
at_devo_collector_version |
|
| |
at_entry_offset |
|
| |
at_enqueued_time |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
|
|
hostname |
|
|
region |
|
|
timeGenerated_str |
|
|
resourceId |
|
|
operationName |
|
|
operationVersion |
|
|
category |
|
|
tenantId |
|
|
resultSignature |
|
|
durationMs |
|
|
callerIpAddress |
|
|
callerIpAddress_ipv6 |
|
|
correlationId |
|
|
identity |
|
|
Level |
|
|
location |
|
|
properties__id |
|
|
properties__requestId |
|
|
properties__correlationId |
|
|
properties__riskType |
|
|
properties__riskEventType |
|
|
properties__riskState |
|
|
properties__riskLevel |
|
|
properties__riskDetail |
|
|
properties__source |
|
|
properties__detectionTimingType |
|
|
properties__activity |
|
|
properties__ipAddress |
|
|
properties__ipAddress_ipv6 |
|
|
properties__location |
|
|
properties__activityDateTime_str |
|
|
properties__detectedDateTime_str |
|
|
properties__lastUpdatedDateTime_str |
|
|
properties__userId |
|
|
properties__userDisplayName |
|
|
properties__userPrincipalName |
|
|
properties__additionalInfo |
|
|
properties__tokenIssuerType |
|
|
properties__sourceSystem |
|
|
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
hostname |
|
| |
region |
|
| |
type |
| vtype | |
timestamp |
|
| |
ccpNamespace |
|
| |
UnderlayName |
|
| |
operationName |
|
| |
category |
|
| |
UnderlayClass |
|
| |
properties |
|
| |
Environment |
|
| |
Cloud |
|
| |
attrs |
|
| |
resourceId |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
rawMessage |
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
hostname |
| |
region |
| |
timestamp |
| |
ccpNamespace |
| |
UnderlayName |
| |
operationName |
| |
category |
| |
UnderlayClass |
| |
properties__log |
| |
properties__stream |
| |
properties__containerID |
| |
properties__pod |
| |
Environment |
| |
Cloud |
| |
attrs |
| |
resourceId |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Rw tab | ||
---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
|
|
hostname |
|
|
tenantId |
|
|
sourceSystem |
|
|
timeGenerated |
|
|
computer |
|
|
timeOfCommand |
|
|
containerID |
|
|
image |
|
|
imageTag |
|
|
repository |
|
|
name |
|
|
logEntry |
|
|
logEntrySource |
|
|
type |
|
|
ResourceId |
|
|
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
hostname |
| |
region |
| |
timestamp |
| |
ccpNamespace |
| |
UnderlayName |
| |
operationName |
| |
category |
| |
UnderlayClass |
| |
properties__log |
| |
properties__stream |
| |
properties__containerID |
| |
properties__pod |
| |
Environment |
| |
Cloud |
| |
attrs |
| |
resourceId |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
hostname |
| |
region |
| |
timestamp |
| |
ccpNamespace |
| |
UnderlayName |
| |
operationName |
| |
category |
| |
UnderlayClass |
| |
properties__log |
| |
properties__stream |
| |
properties__containerID |
| |
properties__pod |
| |
Environment |
| |
Cloud |
| |
attrs |
| |
resourceId |
| |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
Anchor |
---|
|
|
aks.
servicekube_
principalaudit_
risk_eventsadmin
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
hostname |
|
region |
|
properties__pod |
|
properties__stream |
|
properties__log |
|
UnderlayName |
|
tenantId
str
resultSignature
str
durationMs
int4
Environment |
| |
UnderlayClass |
|
ccpNamespace |
|
timestamp |
int4
|
Cloud |
|
category |
|
operationName |
|
resourceId |
|
hostchain |
| ✓ |
tag |
| ✓ |
at_entry_offset
str
at_enqueued_time
timestamp
timestamp
timestamp
hostchain
str
✓
tag
str
✓
rawMessage
str
rawMessage |
|
riskLevel
str
riskDetail
str
source
str
detectionTimingType
str
activity
str
ipAddress
str
activityDateTime
timestamp
detectedDateTime
timestamp
lastUpdatedDateTime
timestamp
servicePrincipalId
str
servicePrincipalDisplayName
str
appId
str
keyIds
str
additionalInfo
str
tokenIssuerType
str
at_devo_collector_version
int4
✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Extra fields |
---|---|---|
eventdate |
| |
hostname |
| |
region |
| |
timestamp |
| |
ccpNamespace |
| |
UnderlayName |
| |
operationName |
| |
category |
| |
UnderlayClass |
| |
properties__log |
| |
properties__stream |
| |
properties__containerID |
| |
properties__pod |
| |
Environment |
| |
Cloud |
| |
attrs |
| |
resourceId |
| |
hostchain |
| |
tag |
| |
rawMessage |
|