Tables from 9 to 12
- Juan Tomás Alonso Nieto (Deactivated)
cloud.office365.management.onedrive
Field in | Field in source table | Field transformation | Data type | Extra Field |
|---|---|---|---|---|
eventdate | eventdate |
| timestamp |
|
hostname | hostname |
| str |
|
type | - | "onedrive" | str |
|
Id | Id |
| str |
|
Workload | Workload |
| str |
|
StatusTime | StatusTime |
| str |
|
FeatureStatus | FeatureStatus |
| str |
|
Status | Status |
| str |
|
StatusDisplayName | StatusDisplayName |
| str |
|
IncidentIds | IncidentIds |
| str |
|
WorkloadDisplayName | WorkloadDisplayName |
| str |
|
UserType | UserType |
| int4 |
|
timestamp | timestamp |
| timestamp |
|
Operation | Operation |
| str |
|
Version | Version |
| int4 |
|
LogonType | LogonType |
| int4 |
|
MailboxOwnerSid | MailboxOwnerSid |
| str |
|
ExternalAccess | ExternalAccess |
| bool |
|
OrganizationName | OrganizationName |
| str |
|
SessionId | SessionId |
| str |
|
ClientAddress | ClientAddress |
| str |
|
ClientIPAddress | ClientIPAddress |
| str |
|
ClientProcessName | ClientProcessName |
| str |
|
ResultStatus | ResultStatus |
| str |
|
UserId | UserId |
| str |
|
LogonUserSid | LogonUserSid |
| str |
|
InternalLogonType | InternalLogonType |
| int4 |
|
OriginatingServer | OriginatingServer |
| str |
|
UserKey | UserKey |
| str |
|
MailboxGuid | MailboxGuid |
| str |
|
OrganizationId | OrganizationId |
| str |
|
RecordType | RecordType |
| int4 |
|
ClientInfoString | ClientInfoString |
| str |
|
MailboxOwnerUPN | MailboxOwnerUPN |
| str |
|
CrossMailboxOperation | CrossMailboxOperation |
| bool |
|
AffectedItems | AffectedItems |
| str |
|
Folder_Id | Folder_Id |
| str |
|
Folder_Path | Folder_Path |
| str |
|
FoldersItemsStr | FoldersItemsStr |
| str |
|
ForwardTo | ForwardTo |
| str |
|
Parameters_Raw | Parameters_Raw |
| str |
|
Item_Subject | Item_Subject |
| str |
|
Item_Attachments | Item_Attachments |
| str |
|
Item_ParentFolder_Id | Item_ParentFolder_Id |
| str |
|
Item_ParentFolder_Path | Item_ParentFolder_Path |
| str |
|
ModifiedProperties | ModifiedProperties |
| str |
|
SendOnBehalfOfUserSmtp | SendOnBehalfOfUserSmtp |
| str |
|
SendAsUserSmtp | SendAsUserSmtp |
| str |
|
PolicyDetails | PolicyDetails |
| str |
|
PolicyDetails_PolicyName_str | PolicyDetails_PolicyName_str |
| str |
|
PolicyDetails_PolicyId_str | PolicyDetails_PolicyId_str |
| str |
|
PolicyDetails_location_str | PolicyDetails_location_str |
| str |
|
PolicyDetails_RuleMode_str | PolicyDetails_RuleMode_str |
| str |
|
PolicyDetails_RuleName_str | PolicyDetails_RuleName_str |
| str |
|
PolicyDetails_RuleId_str | PolicyDetails_RuleId_str |
| str |
|
PolicyDetails_Severity_str | PolicyDetails_Severity_str |
| str |
|
PolicyDetails_ManagementRuleId_str | PolicyDetails_ManagementRuleId_str |
| str |
|
Unique_PolicyDetails_location_str | Unique_PolicyDetails_location_str |
| str |
|
PolicyDetails_confidence_str | PolicyDetails_confidence_str |
| str |
|
PolicyDetails_count_str | PolicyDetails_count_str |
| str |
|
PolicyDetails_sensitiveType_str | PolicyDetails_sensitiveType_str |
| str |
|
PolicyDetails_uniqueCount_str | PolicyDetails_uniqueCount_str |
| str |
|
PolicyDetails_ConditionsMatched_Name_str | PolicyDetails_ConditionsMatched_Name_str |
| str |
|
PolicyDetails_ConditionsMatched_Value_str | PolicyDetails_ConditionsMatched_Value_str |
| str |
|
PolicyDetails_ConditionMatchedInNewScheme_str | PolicyDetails_ConditionMatchedInNewScheme_str |
| str |
|
ExchangeMetaData_BCC | ExchangeMetaData_BCC |
| str |
|
ExchangeMetaData_MessageID | ExchangeMetaData_MessageID |
| str |
|
ExchangeMetaData_From | ExchangeMetaData_From |
| str |
|
ExchangeMetaData_CC | ExchangeMetaData_CC |
| str |
|
ExchangeMetaData_Sent | ExchangeMetaData_Sent |
| str |
|
ExchangeMetaData_Subject | ExchangeMetaData_Subject |
| str |
|
ExchangeMetaData_RecipientCount | ExchangeMetaData_RecipientCount |
| int4 |
|
ExchangeMetaData_To | ExchangeMetaData_To |
| str |
|
InterSystemsId | InterSystemsId |
| str |
|
TargetUserId | TargetUserId |
| str |
|
Actor_ID_str | Actor_ID_str |
| str |
|
Actor_Type_str | Actor_Type_str |
| str |
|
ActorContextId | ActorContextId |
| str |
|
YammerNetworkId | YammerNetworkId |
| int4 |
|
ActorUserId | ActorUserId |
| str |
|
ActorIpAddress | ActorIpAddress |
| str |
|
Client | Client |
| str |
|
ClientIP | ClientIP |
| str |
|
LogonError | LogonError |
| str |
|
ApplicationId | ApplicationId |
| str |
|
Target_ID_str | Target_ID_str |
| str |
|
Target_Type_str | Target_Type_str |
| str |
|
IntraSystemId | IntraSystemId |
| str |
|
ExtendedProperties_Name_str | ExtendedProperties_Name_str |
| str |
|
ExtendedProperties_Value_str | ExtendedProperties_Value_str |
| str |
|
ActorYammerUserId | ActorYammerUserId |
| int8 |
|
FileName | FileName |
| str |
|
TargetContextId | TargetContextId |
| str |
|
AzureActiveDirectoryEventType | AzureActiveDirectoryEventType |
| int4 |
|
VersionId | VersionId |
| int8 |
|
FileId | FileId |
| int8 |
|
PostIncidentDocumentUrl | PostIncidentDocumentUrl |
| str |
|
Severity | Severity |
| str |
|
Title | Title |
| str |
|
Comments | Comments |
| str |
|
AffectedWorkloadDisplayNames | AffectedWorkloadDisplayNames |
| str |
|
AlertEntityId | AlertEntityId |
| str |
|
Messages_MessageText_str | Messages_MessageText_str |
| str |
|
Messages_PublishedTime_str | Messages_PublishedTime_str |
| str |
|
ChannelGuid | ChannelGuid |
| str |
|
LogonUserDisplayName | LogonUserDisplayName |
| str |
|
RecipientUPN | RecipientUPN |
| str |
|
ApplicationDisplayName | ApplicationDisplayName |
| str |
|
MessageType | MessageType |
| str |
|
EventSource | EventSource |
| str |
|
DestinationRelativeUrl | DestinationRelativeUrl |
| str |
|
MachineId | MachineId |
| str |
|
WebId | WebId |
| str |
|
SendOnBehalfOfUserMailboxGuid | SendOnBehalfOfUserMailboxGuid |
| str |
|
ExtraProperties_Key_str | ExtraProperties_Key_str |
| str |
|
ExtraProperties_Value_str | ExtraProperties_Value_str |
| str |
|
SharingPermission | SharingPermission |
| int4 |
|
ObjectName | ObjectName |
| str |
|
SharingType | SharingType |
| str |
|
DataflowRefreshScheduleType | DataflowRefreshScheduleType |
| str |
|
TenantName | TenantName |
| str |
|
CustomUniqueId | CustomUniqueId |
| bool |
|
DatasetId | DatasetId |
| str |
|
SiteUrl | SiteUrl |
| str |
|
Parameters_Name_str | Parameters_Name_str |
| str |
|
Parameters_Value_str | Parameters_Value_str |
| str |
|
ImportType | ImportType |
| str |
|
ImportId | ImportId |
| str |
|
PolicyId | PolicyId |
| str |
|
ItemName | ItemName |
| str |
|
Datasets_DatasetId_str | Datasets_DatasetId_str |
| str |
|
Datasets_DatasetName_str | Datasets_DatasetName_str |
| str |
|
ImplicitShare | ImplicitShare |
| str |
|
ImportDisplayName | ImportDisplayName |
| str |
|
ItemType | ItemType |
| str |
|
WorkSpaceName | WorkSpaceName |
| str |
|
DestFolder_Path | DestFolder_Path |
| str |
|
DestFolder_Id | DestFolder_Id |
| str |
|
UniqueSharingId | UniqueSharingId |
| str |
|
TargetUserOrGroupName | TargetUserOrGroupName |
| str |
|
FlowConnectorNames | FlowConnectorNames |
| str |
|
FileSyncBytesCommitted | FileSyncBytesCommitted |
| str |
|
CorrelationId | CorrelationId |
| str |
|
Members_DisplayName_str | Members_DisplayName_str |
| str |
|
Members_UPN_str | Members_UPN_str |
| str |
|
Members_Role_str | Members_Role_str |
| str |
|
AddOnGuid | AddOnGuid |
| str |
|
DashboardName | DashboardName |
| str |
|
IsSuccess | IsSuccess |
| bool |
|
AlertId | AlertId |
| str |
|
ListTitle | ListTitle |
| str |
|
ReportType | ReportType |
| str |
|
AffectedWorkloadNames | AffectedWorkloadNames |
| str |
|
FlowDetailsUrl | FlowDetailsUrl |
| str |
|
TargetYammerUserId | TargetYammerUserId |
| int8 |
|
ImpactDescription | ImpactDescription |
| str |
|
BrowserName | BrowserName |
| str |
|
OperationProperties_Value_str | OperationProperties_Value_str |
| str |
|
OperationProperties_Name_str | OperationProperties_Name_str |
| str |
|
ReportId | ReportId |
| str |
|
DestMailboxOwnerSid | DestMailboxOwnerSid |
| str |
|
DestMailboxOwnerMasterAccountSid | DestMailboxOwnerMasterAccountSid |
| str |
|
AffectedUserCount | AffectedUserCount |
| int4 |
|
Category | Category |
| str |
|
MachineDomainInfo | MachineDomainInfo |
| str |
|
ListBaseType | ListBaseType |
| str |
|
DestMailboxId | DestMailboxId |
| str |
|
TabType | TabType |
| str |
|
Activity | Activity |
| str |
|
DestinationFileExtension | DestinationFileExtension |
| str |
|
UserUPN | UserUPN |
| str |
|
ListId | ListId |
| str |
|
SourceRelativeUrl | SourceRelativeUrl |
| str |
|
UserTypeInitiated | UserTypeInitiated |
| int4 |
|
EndTime | EndTime |
| str |
|
SendAsUserMailboxGuid | SendAsUserMailboxGuid |
| str |
|
ActionType | ActionType |
| str |
|
SourceFileExtension | SourceFileExtension |
| str |
|
DashboardId | DashboardId |
| str |
|
ClientApplicationId | ClientApplicationId |
| str |
|
DestMailboxOwnerUPN | DestMailboxOwnerUPN |
| str |
|
MailboxOwnerMasterAccountSid | MailboxOwnerMasterAccountSid |
| str |
|
SensitiveInfoDetectionIsIncluded | SensitiveInfoDetectionIsIncluded |
| bool |
|
Schedules_RefreshFrequency | Schedules_RefreshFrequency |
| str |
|
Schedules_Days_str | Schedules_Days_str |
| str |
|
Schedules_Time_str | Schedules_Time_str |
| str |
|
Schedules_TimeZone | Schedules_TimeZone |
| str |
|
TeamName | TeamName |
| str |
|
WorkspaceId | WorkspaceId |
| str |
|
DataflowType | DataflowType |
| str |
|
SourceFileName | SourceFileName |
| str |
|
FeatureDisplayName | FeatureDisplayName |
| str |
|
EntityPath | EntityPath |
| str |
|
TeamGuid | TeamGuid |
| str |
|
ResourceTitle | ResourceTitle |
| str |
|
Classification | Classification |
| str |
|
ListBaseTemplateType | ListBaseTemplateType |
| str |
|
DestinationFileName | DestinationFileName |
| str |
|
AffectedTenantCount | AffectedTenantCount |
| int8 |
|
DatasetName | DatasetName |
| str |
|
LicenseDisplayName | LicenseDisplayName |
| str |
|
Feature | Feature |
| str |
|
StartTime | StartTime |
| str |
|
TargetUserOrGroupType | TargetUserOrGroupType |
| str |
|
DataConnectivityMode | DataConnectivityMode |
| str |
|
LastUpdatedTime | LastUpdatedTime |
| str |
|
ReportName | ReportName |
| str |
|
EntityType | EntityType |
| str |
|
OperationDetails | OperationDetails |
| str |
|
UserAgent | UserAgent |
| str |
|
AlertType | AlertType |
| str |
|
Name | Name |
| str |
|
CmdletVersion | CmdletVersion |
| str |
|
ImportSource | ImportSource |
| str |
|
SkypeForBusinessEventType | SkypeForBusinessEventType |
| int4 |
|
AddOnType | AddOnType |
| int4 |
|
DoNotDistributeEvent | DoNotDistributeEvent |
| bool |
|
ChannelName | ChannelName |
| str |
|
ListItemUniqueId | ListItemUniqueId |
| str |
|
ObjectId | ObjectId |
| str |
|
AttachmentData | AttachmentData |
| json |
|
DeliveryAction | DeliveryAction |
| str |
|
DetectionMethod | DetectionMethod |
| str |
|
DetectionType | DetectionType |
| str |
|
Directionality | Directionality |
| str |
|
EventDeepLink | EventDeepLink |
| str |
|
InternetMessageId | InternetMessageId |
| str |
|
LatestDeliveryLocation | LatestDeliveryLocation |
| str |
|
MessageTime | MessageTime |
| str |
|
NetworkMessageId | NetworkMessageId |
| str |
|
OriginalDeliveryLocation | OriginalDeliveryLocation |
| str |
|
P1Sender | P1Sender |
| str |
|
P2Sender | P2Sender |
| str |
|
Policy | Policy |
| str |
|
PolicyAction | PolicyAction |
| str |
|
Recipients | Recipients |
| str |
|
SenderIp | SenderIp |
| str |
|
Subject | Subject |
| str |
|
ThreatsAndDetectionTech | ThreatsAndDetectionTech |
| str |
|
Verdict | Verdict |
| str |
|
SourceLocationType | SourceLocationType |
| int4 |
|
Platform | Platform |
| int4 |
|
Application | Application |
| str |
|
FileExtension | FileExtension |
| str |
|
DeviceName | DeviceName |
| str |
|
MDATPDeviceId | MDATPDeviceId |
| str |
|
FileSize | FileSize |
| int4 |
|
FileType | FileType |
| str |
|
Hidden | Hidden |
| bool |
|
Actions | Actions |
| json |
|
AlertLinks | AlertLinks |
| json |
|
Data | Data |
| json |
|
DeepLinkUrl | DeepLinkUrl |
| str |
|
EndTimeUtc | EndTimeUtc |
| timestamp |
|
InvestigationId | InvestigationId |
| str |
|
InvestigationName | InvestigationName |
| str |
|
InvestigationType | InvestigationType |
| str |
|
LastUpdateTimeUtc | LastUpdateTimeUtc |
| timestamp |
|
StartTimeUtc | StartTimeUtc |
| timestamp |
|
Source | Source |
| str |
|
message | message |
| str |
|
hostchain | hostchain |
| str | ✓ |
tag | tag |
| str | ✓ |
rawSource | rawSource |
| str | ✓ |
rawTagged | rawTagged |
| str |
|
rawMessage | rawMessage |
| str |
|
cloud.office365.management.powerbi
Field in | Field in source table | Field transformation | Data type | Extra Field |
|---|---|---|---|---|
eventdate | eventdate |
| timestamp |
|
hostname | hostname |
| str |
|
type | - | "powerbi" | str |
|
Id | Id |
| str |
|
Workload | Workload |
| str |
|
StatusTime | StatusTime |
| str |
|
FeatureStatus | FeatureStatus |
| str |
|
Status | Status |
| str |
|
StatusDisplayName | StatusDisplayName |
| str |
|
IncidentIds | IncidentIds |
| str |
|
WorkloadDisplayName | WorkloadDisplayName |
| str |
|
UserType | UserType |
| int4 |
|
timestamp | timestamp |
| timestamp |
|
Operation | Operation |
| str |
|
Version | Version |
| int4 |
|
LogonType | LogonType |
| int4 |
|
MailboxOwnerSid | MailboxOwnerSid |
| str |
|
ExternalAccess | ExternalAccess |
| bool |
|
OrganizationName | OrganizationName |
| str |
|
SessionId | SessionId |
| str |
|
ClientAddress | ClientAddress |
| str |
|
ClientIPAddress | ClientIPAddress |
| str |
|
ClientProcessName | ClientProcessName |
| str |
|
ResultStatus | ResultStatus |
| str |
|
UserId | UserId |
| str |
|
LogonUserSid | LogonUserSid |
| str |
|
InternalLogonType | InternalLogonType |
| int4 |
|
OriginatingServer | OriginatingServer |
| str |
|
UserKey | UserKey |
| str |
|
MailboxGuid | MailboxGuid |
| str |
|
OrganizationId | OrganizationId |
| str |
|
RecordType | RecordType |
| int4 |
|
ClientInfoString | ClientInfoString |
| str |
|
MailboxOwnerUPN | MailboxOwnerUPN |
| str |
|
CrossMailboxOperation | CrossMailboxOperation |
| bool |
|
AffectedItems | AffectedItems |
| str |
|
Folder_Id | Folder_Id |
| str |
|
Folder_Path | Folder_Path |
| str |
|
FoldersItemsStr | FoldersItemsStr |
| str |
|
ForwardTo | ForwardTo |
| str |
|
Parameters_Raw | Parameters_Raw |
| str |
|
Item_Subject | Item_Subject |
| str |
|
Item_Attachments | Item_Attachments |
| str |
|
Item_ParentFolder_Id | Item_ParentFolder_Id |
| str |
|
Item_ParentFolder_Path | Item_ParentFolder_Path |
| str |
|
ModifiedProperties | ModifiedProperties |
| str |
|
SendOnBehalfOfUserSmtp | SendOnBehalfOfUserSmtp |
| str |
|
SendAsUserSmtp | SendAsUserSmtp |
| str |
|
PolicyDetails | PolicyDetails |
| str |
|
PolicyDetails_PolicyName_str | PolicyDetails_PolicyName_str |
| str |
|
PolicyDetails_PolicyId_str | PolicyDetails_PolicyId_str |
| str |
|
PolicyDetails_location_str | PolicyDetails_location_str |
| str |
|
PolicyDetails_RuleMode_str | PolicyDetails_RuleMode_str |
| str |
|
PolicyDetails_RuleName_str | PolicyDetails_RuleName_str |
| str |
|
PolicyDetails_RuleId_str | PolicyDetails_RuleId_str |
| str |
|
PolicyDetails_Severity_str | PolicyDetails_Severity_str |
| str |
|
PolicyDetails_ManagementRuleId_str | PolicyDetails_ManagementRuleId_str |
| str |
|
Unique_PolicyDetails_location_str | Unique_PolicyDetails_location_str |
| str |
|
PolicyDetails_confidence_str | PolicyDetails_confidence_str |
| str |
|
PolicyDetails_count_str | PolicyDetails_count_str |
| str |
|
PolicyDetails_sensitiveType_str | PolicyDetails_sensitiveType_str |
| str |
|
PolicyDetails_uniqueCount_str | PolicyDetails_uniqueCount_str |
| str |
|
PolicyDetails_ConditionsMatched_Name_str | PolicyDetails_ConditionsMatched_Name_str |
| str |
|
PolicyDetails_ConditionsMatched_Value_str | PolicyDetails_ConditionsMatched_Value_str |
| str |
|
PolicyDetails_ConditionMatchedInNewScheme_str | PolicyDetails_ConditionMatchedInNewScheme_str |
| str |
|
ExchangeMetaData_BCC | ExchangeMetaData_BCC |
| str |
|
ExchangeMetaData_MessageID | ExchangeMetaData_MessageID |
| str |
|
ExchangeMetaData_From | ExchangeMetaData_From |
| str |
|
ExchangeMetaData_CC | ExchangeMetaData_CC |
| str |
|
ExchangeMetaData_Sent | ExchangeMetaData_Sent |
| str |
|
ExchangeMetaData_Subject | ExchangeMetaData_Subject |
| str |
|
ExchangeMetaData_RecipientCount | ExchangeMetaData_RecipientCount |
| int4 |
|
ExchangeMetaData_To | ExchangeMetaData_To |
| str |
|
InterSystemsId | InterSystemsId |
| str |
|
TargetUserId | TargetUserId |
| str |
|
Actor_ID_str | Actor_ID_str |
| str |
|
Actor_Type_str | Actor_Type_str |
| str |
|
ActorContextId | ActorContextId |
| str |
|
YammerNetworkId | YammerNetworkId |
| int4 |
|
ActorUserId | ActorUserId |
| str |
|
ActorIpAddress | ActorIpAddress |
| str |
|
Client | Client |
| str |
|
ClientIP | ClientIP |
| str |
|
LogonError | LogonError |
| str |
|
ApplicationId | ApplicationId |
| str |
|
Target_ID_str | Target_ID_str |
| str |
|
Target_Type_str | Target_Type_str |
| str |
|
IntraSystemId | IntraSystemId |
| str |
|
ExtendedProperties_Name_str | ExtendedProperties_Name_str |
| str |
|
ExtendedProperties_Value_str | ExtendedProperties_Value_str |
| str |
|
ActorYammerUserId | ActorYammerUserId |
| int8 |
|
FileName | FileName |
| str |
|
TargetContextId | TargetContextId |
| str |
|
AzureActiveDirectoryEventType | AzureActiveDirectoryEventType |
| int4 |
|
VersionId | VersionId |
| int8 |
|
FileId | FileId |
| int8 |
|
PostIncidentDocumentUrl | PostIncidentDocumentUrl |
| str |
|
Severity | Severity |
| str |
|
Title | Title |
| str |
|
Comments | Comments |
| str |
|
AffectedWorkloadDisplayNames | AffectedWorkloadDisplayNames |
| str |
|
AlertEntityId | AlertEntityId |
| str |
|
Messages_MessageText_str | Messages_MessageText_str |
| str |
|
Messages_PublishedTime_str | Messages_PublishedTime_str |
| str |
|
ChannelGuid | ChannelGuid |
| str |
|
LogonUserDisplayName | LogonUserDisplayName |
| str |
|
RecipientUPN | RecipientUPN |
| str |
|
ApplicationDisplayName | ApplicationDisplayName |
| str |
|
MessageType | MessageType |
| str |
|
EventSource | EventSource |
| str |
|
DestinationRelativeUrl | DestinationRelativeUrl |
| str |
|
MachineId | MachineId |
| str |
|
WebId | WebId |
| str |
|
SendOnBehalfOfUserMailboxGuid | SendOnBehalfOfUserMailboxGuid |
| str |
|
ExtraProperties_Key_str | ExtraProperties_Key_str |
| str |
|
ExtraProperties_Value_str | ExtraProperties_Value_str |
| str |
|
SharingPermission | SharingPermission |
| int4 |
|
ObjectName | ObjectName |
| str |
|
SharingType | SharingType |
| str |
|
DataflowRefreshScheduleType | DataflowRefreshScheduleType |
| str |
|
TenantName | TenantName |
| str |
|
CustomUniqueId | CustomUniqueId |
| bool |
|
DatasetId | DatasetId |
| str |
|
SiteUrl | SiteUrl |
| str |
|
Parameters_Name_str | Parameters_Name_str |
| str |
|
Parameters_Value_str | Parameters_Value_str |
| str |
|
ImportType | ImportType |
| str |
|
ImportId | ImportId |
| str |
|
PolicyId | PolicyId |
| str |
|
ItemName | ItemName |
| str |
|
Datasets_DatasetId_str | Datasets_DatasetId_str |
| str |
|
Datasets_DatasetName_str | Datasets_DatasetName_str |
| str |
|
ImplicitShare | ImplicitShare |
| str |
|
ImportDisplayName | ImportDisplayName |
| str |
|
ItemType | ItemType |
| str |
|
WorkSpaceName | WorkSpaceName |
| str |
|
DestFolder_Path | DestFolder_Path |
| str |
|
DestFolder_Id | DestFolder_Id |
| str |
|
UniqueSharingId | UniqueSharingId |
| str |
|
TargetUserOrGroupName | TargetUserOrGroupName |
| str |
|
FlowConnectorNames | FlowConnectorNames |
| str |
|
FileSyncBytesCommitted | FileSyncBytesCommitted |
| str |
|
CorrelationId | CorrelationId |
| str |
|
Members_DisplayName_str | Members_DisplayName_str |
| str |
|
Members_UPN_str | Members_UPN_str |
| str |
|
Members_Role_str | Members_Role_str |
| str |
|
AddOnGuid | AddOnGuid |
| str |
|
DashboardName | DashboardName |
| str |
|
IsSuccess | IsSuccess |
| bool |
|
AlertId | AlertId |
| str |
|
ListTitle | ListTitle |
| str |
|
ReportType | ReportType |
| str |
|
AffectedWorkloadNames | AffectedWorkloadNames |
| str |
|
FlowDetailsUrl | FlowDetailsUrl |
| str |
|
TargetYammerUserId | TargetYammerUserId |
| int8 |
|
ImpactDescription | ImpactDescription |
| str |
|
BrowserName | BrowserName |
| str |
|
OperationProperties_Value_str | OperationProperties_Value_str |
| str |
|
OperationProperties_Name_str | OperationProperties_Name_str |
| str |
|
ReportId | ReportId |
| str |
|
DestMailboxOwnerSid | DestMailboxOwnerSid |
| str |
|
DestMailboxOwnerMasterAccountSid | DestMailboxOwnerMasterAccountSid |
| str |
|
AffectedUserCount | AffectedUserCount |
| int4 |
|
Category | Category |
| str |
|
MachineDomainInfo | MachineDomainInfo |
| str |
|
ListBaseType | ListBaseType |
| str |
|
DestMailboxId | DestMailboxId |
| str |
|
TabType | TabType |
| str |
|
Activity | Activity |
| str |
|
DestinationFileExtension | DestinationFileExtension |
| str |
|
UserUPN | UserUPN |
| str |
|
ListId | ListId |
| str |
|
SourceRelativeUrl | SourceRelativeUrl |
| str |
|
UserTypeInitiated | UserTypeInitiated |
| int4 |
|
EndTime | EndTime |
| str |
|
SendAsUserMailboxGuid | SendAsUserMailboxGuid |
| str |
|
ActionType | ActionType |
| str |
|
SourceFileExtension | SourceFileExtension |
| str |
|
DashboardId | DashboardId |
| str |
|
ClientApplicationId | ClientApplicationId |
| str |
|
DestMailboxOwnerUPN | DestMailboxOwnerUPN |
| str |
|
MailboxOwnerMasterAccountSid | MailboxOwnerMasterAccountSid |
| str |
|
SensitiveInfoDetectionIsIncluded | SensitiveInfoDetectionIsIncluded |
| bool |
|
Schedules_RefreshFrequency | Schedules_RefreshFrequency |
| str |
|
Schedules_Days_str | Schedules_Days_str |
| str |
|
Schedules_Time_str | Schedules_Time_str |
| str |
|
Schedules_TimeZone | Schedules_TimeZone |
| str |
|
TeamName | TeamName |
| str |
|
WorkspaceId | WorkspaceId |
| str |
|
DataflowType | DataflowType |
| str |
|
SourceFileName | SourceFileName |
| str |
|
FeatureDisplayName | FeatureDisplayName |
| str |
|
EntityPath | EntityPath |
| str |
|
TeamGuid | TeamGuid |
| str |
|
ResourceTitle | ResourceTitle |
| str |
|
Classification | Classification |
| str |
|
ListBaseTemplateType | ListBaseTemplateType |
| str |
|
DestinationFileName | DestinationFileName |
| str |
|
AffectedTenantCount | AffectedTenantCount |
| int8 |
|
DatasetName | DatasetName |
| str |
|
LicenseDisplayName | LicenseDisplayName |
| str |
|
Feature | Feature |
| str |
|
StartTime | StartTime |
| str |
|
TargetUserOrGroupType | TargetUserOrGroupType |
| str |
|
DataConnectivityMode | DataConnectivityMode |
| str |
|
LastUpdatedTime | LastUpdatedTime |
| str |
|
ReportName | ReportName |
| str |
|
EntityType | EntityType |
| str |
|
OperationDetails | OperationDetails |
| str |
|
UserAgent | UserAgent |
| str |
|
AlertType | AlertType |
| str |
|
Name | Name |
| str |
|
CmdletVersion | CmdletVersion |
| str |
|
ImportSource | ImportSource |
| str |
|
SkypeForBusinessEventType | SkypeForBusinessEventType |
| int4 |
|
AddOnType | AddOnType |
| int4 |
|
DoNotDistributeEvent | DoNotDistributeEvent |
| bool |
|
ChannelName | ChannelName |
| str |
|
ListItemUniqueId | ListItemUniqueId |
| str |
|
ObjectId | ObjectId |
| str |
|
AttachmentData | AttachmentData |
| json |
|
DeliveryAction | DeliveryAction |
| str |
|
DetectionMethod | DetectionMethod |
| str |
|
DetectionType | DetectionType |
| str |
|
Directionality | Directionality |
| str |
|
EventDeepLink | EventDeepLink |
| str |
|
InternetMessageId | InternetMessageId |
| str |
|
LatestDeliveryLocation | LatestDeliveryLocation |
| str |
|
MessageTime | MessageTime |
| str |
|
NetworkMessageId | NetworkMessageId |
| str |
|
OriginalDeliveryLocation | OriginalDeliveryLocation |
| str |
|
P1Sender | P1Sender |
| str |
|
P2Sender | P2Sender |
| str |
|
Policy | Policy |
| str |
|
PolicyAction | PolicyAction |
| str |
|
Recipients | Recipients |
| str |
|
SenderIp | SenderIp |
| str |
|
Subject | Subject |
| str |
|
ThreatsAndDetectionTech | ThreatsAndDetectionTech |
| str |
|
Verdict | Verdict |
| str |
|
SourceLocationType | SourceLocationType |
| int4 |
|
Platform | Platform |
| int4 |
|
Application | Application |
| str |
|
FileExtension | FileExtension |
| str |
|
DeviceName | DeviceName |
| str |
|
MDATPDeviceId | MDATPDeviceId |
| str |
|
FileSize | FileSize |
| int4 |
|
FileType | FileType |
| str |
|
Hidden | Hidden |
| bool |
|
Actions | Actions |
| json |
|
AlertLinks | AlertLinks |
| json |
|
Data | Data |
| json |
|
DeepLinkUrl | DeepLinkUrl |
| str |
|
EndTimeUtc | EndTimeUtc |
| timestamp |
|
InvestigationId | InvestigationId |
| str |
|
InvestigationName | InvestigationName |
| str |
|
InvestigationType | InvestigationType |
| str |
|
LastUpdateTimeUtc | LastUpdateTimeUtc |
| timestamp |
|
StartTimeUtc | StartTimeUtc |
| timestamp |
|
Source | Source |
| str |
|
message | message |
| str |
|
hostchain | hostchain |
| str | ✓ |
tag | tag |
| str | ✓ |
rawSource | rawSource |
| str | ✓ |
rawTagged | rawTagged |
| str |
|
rawMessage | rawMessage |
| str |
|
cloud.office365.management.securitycompliancecenter
Field in | Field in source table | Field transformation | Data type | Extra Field |
|---|---|---|---|---|
eventdate | eventdate |
| timestamp |
|
hostname | hostname |
| str |
|
type | - | "securitycompliancecenter" | str |
|
Id | Id |
| str |
|
Workload | Workload |
| str |
|
StatusTime | StatusTime |
| str |
|
FeatureStatus | FeatureStatus |
| str |
|
Status | Status |
| str |
|
StatusDisplayName | StatusDisplayName |
| str |
|
IncidentIds | IncidentIds |
| str |
|
WorkloadDisplayName | WorkloadDisplayName |
| str |
|
UserType | UserType |
| int4 |
|
timestamp | timestamp |
| timestamp |
|
Operation | Operation |
| str |
|
Version | Version |
| int4 |
|
LogonType | LogonType |
| int4 |
|
MailboxOwnerSid | MailboxOwnerSid |
| str |
|
ExternalAccess | ExternalAccess |
| bool |
|
OrganizationName | OrganizationName |
| str |
|
SessionId | SessionId |
| str |
|
ClientAddress | ClientAddress |
| str |
|
ClientIPAddress | ClientIPAddress |
| str |
|
ClientProcessName | ClientProcessName |
| str |
|
ResultStatus | ResultStatus |
| str |
|
UserId | UserId |
| str |
|
LogonUserSid | LogonUserSid |
| str |
|
InternalLogonType | InternalLogonType |
| int4 |
|
OriginatingServer | OriginatingServer |
| str |
|
UserKey | UserKey |
| str |
|
MailboxGuid | MailboxGuid |
| str |
|
OrganizationId | OrganizationId |
| str |
|
RecordType | RecordType |
| int4 |
|
ClientInfoString | ClientInfoString |
| str |
|
MailboxOwnerUPN | MailboxOwnerUPN |
| str |
|
CrossMailboxOperation | CrossMailboxOperation |
| bool |
|
AffectedItems | AffectedItems |
| str |
|
Folder_Id | Folder_Id |
| str |
|
Folder_Path | Folder_Path |
| str |
|
FoldersItemsStr | FoldersItemsStr |
| str |
|
ForwardTo | ForwardTo |
| str |
|
Parameters_Raw | Parameters_Raw |
| str |
|
Item_Subject | Item_Subject |
| str |
|
Item_Attachments | Item_Attachments |
| str |
|
Item_ParentFolder_Id | Item_ParentFolder_Id |
| str |
|
Item_ParentFolder_Path | Item_ParentFolder_Path |
| str |
|
ModifiedProperties | ModifiedProperties |
| str |
|
SendOnBehalfOfUserSmtp | SendOnBehalfOfUserSmtp |
| str |
|
SendAsUserSmtp | SendAsUserSmtp |
| str |
|
PolicyDetails | PolicyDetails |
| str |
|
PolicyDetails_PolicyName_str | PolicyDetails_PolicyName_str |
| str |
|
PolicyDetails_PolicyId_str | PolicyDetails_PolicyId_str |
| str |
|
PolicyDetails_location_str | PolicyDetails_location_str |
| str |
|
PolicyDetails_RuleMode_str | PolicyDetails_RuleMode_str |
| str |
|
PolicyDetails_RuleName_str | PolicyDetails_RuleName_str |
| str |
|
PolicyDetails_RuleId_str | PolicyDetails_RuleId_str |
| str |
|
PolicyDetails_Severity_str | PolicyDetails_Severity_str |
| str |
|
PolicyDetails_ManagementRuleId_str | PolicyDetails_ManagementRuleId_str |
| str |
|
Unique_PolicyDetails_location_str | Unique_PolicyDetails_location_str |
| str |
|
PolicyDetails_confidence_str | PolicyDetails_confidence_str |
| str |
|
PolicyDetails_count_str | PolicyDetails_count_str |
| str |
|
PolicyDetails_sensitiveType_str | PolicyDetails_sensitiveType_str |
| str |
|
PolicyDetails_uniqueCount_str | PolicyDetails_uniqueCount_str |
| str |
|
PolicyDetails_ConditionsMatched_Name_str | PolicyDetails_ConditionsMatched_Name_str |
| str |
|
PolicyDetails_ConditionsMatched_Value_str | PolicyDetails_ConditionsMatched_Value_str |
| str |
|
PolicyDetails_ConditionMatchedInNewScheme_str | PolicyDetails_ConditionMatchedInNewScheme_str |
| str |
|
ExchangeMetaData_BCC | ExchangeMetaData_BCC |
| str |
|
ExchangeMetaData_MessageID | ExchangeMetaData_MessageID |
| str |
|
ExchangeMetaData_From | ExchangeMetaData_From |
| str |
|
ExchangeMetaData_CC | ExchangeMetaData_CC |
| str |
|
ExchangeMetaData_Sent | ExchangeMetaData_Sent |
| str |
|
ExchangeMetaData_Subject | ExchangeMetaData_Subject |
| str |
|
ExchangeMetaData_RecipientCount | ExchangeMetaData_RecipientCount |
| int4 |
|
ExchangeMetaData_To | ExchangeMetaData_To |
| str |
|
InterSystemsId | InterSystemsId |
| str |
|
TargetUserId | TargetUserId |
| str |
|
Actor_ID_str | Actor_ID_str |
| str |
|
Actor_Type_str | Actor_Type_str |
| str |
|
ActorContextId | ActorContextId |
| str |
|
YammerNetworkId | YammerNetworkId |
| int4 |
|
ActorUserId | ActorUserId |
| str |
|
ActorIpAddress | ActorIpAddress |
| str |
|
Client | Client |
| str |
|
ClientIP | ClientIP |
| str |
|
LogonError | LogonError |
| str |
|
ApplicationId | ApplicationId |
| str |
|
Target_ID_str | Target_ID_str |
| str |
|
Target_Type_str | Target_Type_str |
| str |
|
IntraSystemId | IntraSystemId |
| str |
|
ExtendedProperties_Name_str | ExtendedProperties_Name_str |
| str |
|
ExtendedProperties_Value_str | ExtendedProperties_Value_str |
| str |
|
ActorYammerUserId | ActorYammerUserId |
| int8 |
|
FileName | FileName |
| str |
|
TargetContextId | TargetContextId |
| str |
|
AzureActiveDirectoryEventType | AzureActiveDirectoryEventType |
| int4 |
|
VersionId | VersionId |
| int8 |
|
FileId | FileId |
| int8 |
|
PostIncidentDocumentUrl | PostIncidentDocumentUrl |
| str |
|
Severity | Severity |
| str |
|
Title | Title |
| str |
|
Comments | Comments |
| str |
|
AffectedWorkloadDisplayNames | AffectedWorkloadDisplayNames |
| str |
|
AlertEntityId | AlertEntityId |
| str |
|
Messages_MessageText_str | Messages_MessageText_str |
| str |
|
Messages_PublishedTime_str | Messages_PublishedTime_str |
| str |
|
ChannelGuid | ChannelGuid |
| str |
|
LogonUserDisplayName | LogonUserDisplayName |
| str |
|
RecipientUPN | RecipientUPN |
| str |
|
ApplicationDisplayName | ApplicationDisplayName |
| str |
|
MessageType | MessageType |
| str |
|
EventSource | EventSource |
| str |
|
DestinationRelativeUrl | DestinationRelativeUrl |
| str |
|
MachineId | MachineId |
| str |
|
WebId | WebId |
| str |
|
SendOnBehalfOfUserMailboxGuid | SendOnBehalfOfUserMailboxGuid |
| str |
|
ExtraProperties_Key_str | ExtraProperties_Key_str |
| str |
|
ExtraProperties_Value_str | ExtraProperties_Value_str |
| str |
|
SharingPermission | SharingPermission |
| int4 |
|
ObjectName | ObjectName |
| str |
|
SharingType | SharingType |
| str |
|
DataflowRefreshScheduleType | DataflowRefreshScheduleType |
| str |
|
TenantName | TenantName |
| str |
|
CustomUniqueId | CustomUniqueId |
| bool |
|
DatasetId | DatasetId |
| str |
|
SiteUrl | SiteUrl |
| str |
|
Parameters_Name_str | Parameters_Name_str |
| str |
|
Parameters_Value_str | Parameters_Value_str |
| str |
|
ImportType | ImportType |
| str |
|
ImportId | ImportId |
| str |
|
PolicyId | PolicyId |
| str |
|
ItemName | ItemName |
| str |
|
Datasets_DatasetId_str | Datasets_DatasetId_str |
| str |
|
Datasets_DatasetName_str | Datasets_DatasetName_str |
| str |
|
ImplicitShare | ImplicitShare |
| str |
|
ImportDisplayName | ImportDisplayName |
| str |
|
ItemType | ItemType |
| str |
|
WorkSpaceName | WorkSpaceName |
| str |
|
DestFolder_Path | DestFolder_Path |
| str |
|
DestFolder_Id | DestFolder_Id |
| str |
|
UniqueSharingId | UniqueSharingId |
| str |
|
TargetUserOrGroupName | TargetUserOrGroupName |
| str |
|
FlowConnectorNames | FlowConnectorNames |
| str |
|
FileSyncBytesCommitted | FileSyncBytesCommitted |
| str |
|
CorrelationId | CorrelationId |
| str |
|
Members_DisplayName_str | Members_DisplayName_str |
| str |
|
Members_UPN_str | Members_UPN_str |
| str |
|
Members_Role_str | Members_Role_str |
| str |
|
AddOnGuid | AddOnGuid |
| str |
|
DashboardName | DashboardName |
| str |
|
IsSuccess | IsSuccess |
| bool |
|
AlertId | AlertId |
| str |
|
ListTitle | ListTitle |
| str |
|
ReportType | ReportType |
| str |
|
AffectedWorkloadNames | AffectedWorkloadNames |
| str |
|
FlowDetailsUrl | FlowDetailsUrl |
| str |
|
TargetYammerUserId | TargetYammerUserId |
| int8 |
|
ImpactDescription | ImpactDescription |
| str |
|
BrowserName | BrowserName |
| str |
|
OperationProperties_Value_str | OperationProperties_Value_str |
| str |
|
OperationProperties_Name_str | OperationProperties_Name_str |
| str |
|
ReportId | ReportId |
| str |
|
DestMailboxOwnerSid | DestMailboxOwnerSid |
| str |
|
DestMailboxOwnerMasterAccountSid | DestMailboxOwnerMasterAccountSid |
| str |
|
AffectedUserCount | AffectedUserCount |
| int4 |
|
Category | Category |
| str |
|
MachineDomainInfo | MachineDomainInfo |
| str |
|
ListBaseType | ListBaseType |
| str |
|
DestMailboxId | DestMailboxId |
| str |
|
TabType | TabType |
| str |
|
Activity | Activity |
| str |
|
DestinationFileExtension | DestinationFileExtension |
| str |
|
UserUPN | UserUPN |
| str |
|
ListId | ListId |
| str |
|
SourceRelativeUrl | SourceRelativeUrl |
| str |
|
UserTypeInitiated | UserTypeInitiated |
| int4 |
|
EndTime | EndTime |
| str |
|
SendAsUserMailboxGuid | SendAsUserMailboxGuid |
| str |
|
ActionType | ActionType |
| str |
|
SourceFileExtension | SourceFileExtension |
| str |
|
DashboardId | DashboardId |
| str |
|
ClientApplicationId | ClientApplicationId |
| str |
|
DestMailboxOwnerUPN | DestMailboxOwnerUPN |
| str |
|
MailboxOwnerMasterAccountSid | MailboxOwnerMasterAccountSid |
| str |
|
SensitiveInfoDetectionIsIncluded | SensitiveInfoDetectionIsIncluded |
| bool |
|
Schedules_RefreshFrequency | Schedules_RefreshFrequency |
| str |
|
Schedules_Days_str | Schedules_Days_str |
| str |
|
Schedules_Time_str | Schedules_Time_str |
| str |
|
Schedules_TimeZone | Schedules_TimeZone |
| str |
|
TeamName | TeamName |
| str |
|
WorkspaceId | WorkspaceId |
| str |
|
DataflowType | DataflowType |
| str |
|
SourceFileName | SourceFileName |
| str |
|
FeatureDisplayName | FeatureDisplayName |
| str |
|
EntityPath | EntityPath |
| str |
|
TeamGuid | TeamGuid |
| str |
|
ResourceTitle | ResourceTitle |
| str |
|
Classification | Classification |
| str |
|
ListBaseTemplateType | ListBaseTemplateType |
| str |
|
DestinationFileName | DestinationFileName |
| str |
|
AffectedTenantCount | AffectedTenantCount |
| int8 |
|
DatasetName | DatasetName |
| str |
|
LicenseDisplayName | LicenseDisplayName |
| str |
|
Feature | Feature |
| str |
|
StartTime | StartTime |
| str |
|
TargetUserOrGroupType | TargetUserOrGroupType |
| str |
|
DataConnectivityMode | DataConnectivityMode |
| str |
|
LastUpdatedTime | LastUpdatedTime |
| str |
|
ReportName | ReportName |
| str |
|
EntityType | EntityType |
| str |
|
OperationDetails | OperationDetails |
| str |
|
UserAgent | UserAgent |
| str |
|
AlertType | AlertType |
| str |
|
Name | Name |
| str |
|
CmdletVersion | CmdletVersion |
| str |
|
ImportSource | ImportSource |
| str |
|
SkypeForBusinessEventType | SkypeForBusinessEventType |
| int4 |
|
AddOnType | AddOnType |
| int4 |
|
DoNotDistributeEvent | DoNotDistributeEvent |
| bool |
|
ChannelName | ChannelName |
| str |
|
ListItemUniqueId | ListItemUniqueId |
| str |
|
ObjectId | ObjectId |
| str |
|
AttachmentData | AttachmentData |
| json |
|
DeliveryAction | DeliveryAction |
| str |
|
DetectionMethod | DetectionMethod |
| str |
|
DetectionType | DetectionType |
| str |
|
Directionality | Directionality |
| str |
|
EventDeepLink | EventDeepLink |
| str |
|
InternetMessageId | InternetMessageId |
| str |
|
LatestDeliveryLocation | LatestDeliveryLocation |
| str |
|
MessageTime | MessageTime |
| str |
|
NetworkMessageId | NetworkMessageId |
| str |
|
OriginalDeliveryLocation | OriginalDeliveryLocation |
| str |
|
P1Sender | P1Sender |
| str |
|
P2Sender | P2Sender |
| str |
|
Policy | Policy |
| str |
|
PolicyAction | PolicyAction |
| str |
|
Recipients | Recipients |
| str |
|
SenderIp | SenderIp |
| str |
|
Subject | Subject |
| str |
|
ThreatsAndDetectionTech | ThreatsAndDetectionTech |
| str |
|
Verdict | Verdict |
| str |
|
SourceLocationType | SourceLocationType |
| int4 |
|
Platform | Platform |
| int4 |
|
Application | Application |
| str |
|
FileExtension | FileExtension |
| str |
|
DeviceName | DeviceName |
| str |
|
MDATPDeviceId | MDATPDeviceId |
| str |
|
FileSize | FileSize |
| int4 |
|
FileType | FileType |
| str |
|
Hidden | Hidden |
| bool |
|
Actions | Actions |
| json |
|
AlertLinks | AlertLinks |
| json |
|
Data | Data |
| json |
|
DeepLinkUrl | DeepLinkUrl |
| str |
|
EndTimeUtc | EndTimeUtc |
| timestamp |
|
InvestigationId | InvestigationId |
| str |
|
InvestigationName | InvestigationName |
| str |
|
InvestigationType | InvestigationType |
| str |
|
LastUpdateTimeUtc | LastUpdateTimeUtc |
| timestamp |
|
StartTimeUtc | StartTimeUtc |
| timestamp |
|
Source | Source |
| str |
|
message | message |
| str |
|
hostchain | hostchain |
| str | ✓ |
tag | tag |
| str | ✓ |
rawSource | rawSource |
| str | ✓ |
rawTagged | rawTagged |
| str |
|
rawMessage | rawMessage |
| str |
|
cloud.office365.management.sharepoint
Field in | Field in source table | Field transformation | Data type | Extra Field |
|---|---|---|---|---|
eventdate | eventdate |
| timestamp |
|
hostname | hostname |
| str |
|
type | - | str |
| |
Id | Id |
| str |
|
Workload | Workload |
| str |
|
StatusTime | StatusTime |
| str |
|
FeatureStatus | FeatureStatus |
| str |
|
Status | Status |
| str |
|
StatusDisplayName | StatusDisplayName |
| str |
|
IncidentIds | IncidentIds |
| str |
|
WorkloadDisplayName | WorkloadDisplayName |
| str |
|
UserType | UserType |
| int4 |
|
timestamp | timestamp |
| timestamp |
|
Operation | Operation |
| str |
|
Version | Version |
| int4 |
|
LogonType | LogonType |
| int4 |
|
MailboxOwnerSid | MailboxOwnerSid |
| str |
|
ExternalAccess | ExternalAccess |
| bool |
|
OrganizationName | OrganizationName |
| str |
|
SessionId | SessionId |
| str |
|
ClientAddress | ClientAddress |
| str |
|
ClientIPAddress | ClientIPAddress |
| str |
|
ClientProcessName | ClientProcessName |
| str |
|
ResultStatus | ResultStatus |
| str |
|
UserId | UserId |
| str |
|
LogonUserSid | LogonUserSid |
| str |
|
InternalLogonType | InternalLogonType |
| int4 |
|
OriginatingServer | OriginatingServer |
| str |
|
UserKey | UserKey |
| str |
|
MailboxGuid | MailboxGuid |
| str |
|
OrganizationId | OrganizationId |
| str |
|
RecordType | RecordType |
| int4 |
|
ClientInfoString | ClientInfoString |
| str |
|
MailboxOwnerUPN | MailboxOwnerUPN |
| str |
|
CrossMailboxOperation | CrossMailboxOperation |
| bool |
|
AffectedItems | AffectedItems |
| str |
|
Folder_Id | Folder_Id |
| str |
|
Folder_Path | Folder_Path |
| str |
|
FoldersItemsStr | FoldersItemsStr |
| str |
|
ForwardTo | ForwardTo |
| str |
|
Parameters_Raw | Parameters_Raw |
| str |
|
Item_Subject | Item_Subject |
| str |
|
Item_Attachments | Item_Attachments |
| str |
|
Item_ParentFolder_Id | Item_ParentFolder_Id |
| str |
|
Item_ParentFolder_Path | Item_ParentFolder_Path |
| str |
|
ModifiedProperties | ModifiedProperties |
| str |
|
SendOnBehalfOfUserSmtp | SendOnBehalfOfUserSmtp |
| str |
|
SendAsUserSmtp | SendAsUserSmtp |
| str |
|
PolicyDetails | PolicyDetails |
| str |
|
PolicyDetails_PolicyName_str | PolicyDetails_PolicyName_str |
| str |
|
PolicyDetails_PolicyId_str | PolicyDetails_PolicyId_str |
| str |
|
PolicyDetails_location_str | PolicyDetails_location_str |
| str |
|
PolicyDetails_RuleMode_str | PolicyDetails_RuleMode_str |
| str |
|
PolicyDetails_RuleName_str | PolicyDetails_RuleName_str |
| str |
|
PolicyDetails_RuleId_str | PolicyDetails_RuleId_str |
| str |
|
PolicyDetails_Severity_str | PolicyDetails_Severity_str |
| str |
|
PolicyDetails_ManagementRuleId_str | PolicyDetails_ManagementRuleId_str |
| str |
|
Unique_PolicyDetails_location_str | Unique_PolicyDetails_location_str |
| str |
|
PolicyDetails_confidence_str | PolicyDetails_confidence_str |
| str |
|
PolicyDetails_count_str | PolicyDetails_count_str |
| str |
|
PolicyDetails_sensitiveType_str | PolicyDetails_sensitiveType_str |
| str |
|
PolicyDetails_uniqueCount_str | PolicyDetails_uniqueCount_str |
| str |
|
PolicyDetails_ConditionsMatched_Name_str | PolicyDetails_ConditionsMatched_Name_str |
| str |
|
PolicyDetails_ConditionsMatched_Value_str | PolicyDetails_ConditionsMatched_Value_str |
| str |
|
PolicyDetails_ConditionMatchedInNewScheme_str | PolicyDetails_ConditionMatchedInNewScheme_str |
| str |
|
ExchangeMetaData_BCC | ExchangeMetaData_BCC |
| str |
|
ExchangeMetaData_MessageID | ExchangeMetaData_MessageID |
| str |
|
ExchangeMetaData_From | ExchangeMetaData_From |
| str |
|
ExchangeMetaData_CC | ExchangeMetaData_CC |
| str |
|
ExchangeMetaData_Sent | ExchangeMetaData_Sent |
| str |
|
ExchangeMetaData_Subject | ExchangeMetaData_Subject |
| str |
|
ExchangeMetaData_RecipientCount | ExchangeMetaData_RecipientCount |
| int4 |
|
ExchangeMetaData_To | ExchangeMetaData_To |
| str |
|
InterSystemsId | InterSystemsId |
| str |
|
TargetUserId | TargetUserId |
| str |
|
Actor_ID_str | Actor_ID_str |
| str |
|
Actor_Type_str | Actor_Type_str |
| str |
|
ActorContextId | ActorContextId |
| str |
|
YammerNetworkId | YammerNetworkId |
| int4 |
|
ActorUserId | ActorUserId |
| str |
|
ActorIpAddress | ActorIpAddress |
| str |
|
Client | Client |
| str |
|
ClientIP | ClientIP |
| str |
|
LogonError | LogonError |
| str |
|
ApplicationId | ApplicationId |
| str |
|
Target_ID_str | Target_ID_str |
| str |
|
Target_Type_str | Target_Type_str |
| str |
|
IntraSystemId | IntraSystemId |
| str |
|
ExtendedProperties_Name_str | ExtendedProperties_Name_str |
| str |
|
ExtendedProperties_Value_str | ExtendedProperties_Value_str |
| str |
|
ActorYammerUserId | ActorYammerUserId |
| int8 |
|
FileName | FileName |
| str |
|
TargetContextId | TargetContextId |
| str |
|
AzureActiveDirectoryEventType | AzureActiveDirectoryEventType |
| int4 |
|
VersionId | VersionId |
| int8 |
|
FileId | FileId |
| int8 |
|
PostIncidentDocumentUrl | PostIncidentDocumentUrl |
| str |
|
Severity | Severity |
| str |
|
Title | Title |
| str |
|
Comments | Comments |
| str |
|
AffectedWorkloadDisplayNames | AffectedWorkloadDisplayNames |
| str |
|
AlertEntityId | AlertEntityId |
| str |
|
Messages_MessageText_str | Messages_MessageText_str |
| str |
|
Messages_PublishedTime_str | Messages_PublishedTime_str |
| str |
|
ChannelGuid | ChannelGuid |
| str |
|
LogonUserDisplayName | LogonUserDisplayName |
| str |
|
RecipientUPN | RecipientUPN |
| str |
|
ApplicationDisplayName | ApplicationDisplayName |
| str |
|
MessageType | MessageType |
| str |
|
EventSource | EventSource |
| str |
|
DestinationRelativeUrl | DestinationRelativeUrl |
| str |
|
MachineId | MachineId |
| str |
|
WebId | WebId |
| str |
|
SendOnBehalfOfUserMailboxGuid | SendOnBehalfOfUserMailboxGuid |
| str |
|
ExtraProperties_Key_str | ExtraProperties_Key_str |
| str |
|
ExtraProperties_Value_str | ExtraProperties_Value_str |
| str |
|
SharingPermission | SharingPermission |
| int4 |
|
ObjectName | ObjectName |
| str |
|
SharingType | SharingType |
| str |
|
DataflowRefreshScheduleType | DataflowRefreshScheduleType |
| str |
|
TenantName | TenantName |
| str |
|
CustomUniqueId | CustomUniqueId |
| bool |
|
DatasetId | DatasetId |
| str |
|
SiteUrl | SiteUrl |
| str |
|
Parameters_Name_str | Parameters_Name_str |
| str |
|
Parameters_Value_str | Parameters_Value_str |
| str |
|
ImportType | ImportType |
| str |
|
ImportId | ImportId |
| str |
|
PolicyId | PolicyId |
| str |
|
ItemName | ItemName |
| str |
|
Datasets_DatasetId_str | Datasets_DatasetId_str |
| str |
|
Datasets_DatasetName_str | Datasets_DatasetName_str |
| str |
|
ImplicitShare | ImplicitShare |
| str |
|
ImportDisplayName | ImportDisplayName |
| str |
|
ItemType | ItemType |
| str |
|
WorkSpaceName | WorkSpaceName |
| str |
|
DestFolder_Path | DestFolder_Path |
| str |
|
DestFolder_Id | DestFolder_Id |
| str |
|
UniqueSharingId | UniqueSharingId |
| str |
|
TargetUserOrGroupName | TargetUserOrGroupName |
| str |
|
FlowConnectorNames | FlowConnectorNames |
| str |
|
FileSyncBytesCommitted | FileSyncBytesCommitted |
| str |
|
CorrelationId | CorrelationId |
| str |
|
Members_DisplayName_str | Members_DisplayName_str |
| str |
|
Members_UPN_str | Members_UPN_str |
| str |
|
Members_Role_str | Members_Role_str |
| str |
|
AddOnGuid | AddOnGuid |
| str |
|
DashboardName | DashboardName |
| str |
|
IsSuccess | IsSuccess |
| bool |
|
AlertId | AlertId |
| str |
|
ListTitle | ListTitle |
| str |
|
ReportType | ReportType |
| str |
|
AffectedWorkloadNames | AffectedWorkloadNames |
| str |
|
FlowDetailsUrl | FlowDetailsUrl |
| str |
|
TargetYammerUserId | TargetYammerUserId |
| int8 |
|
ImpactDescription | ImpactDescription |
| str |
|
BrowserName | BrowserName |
| str |
|
OperationProperties_Value_str | OperationProperties_Value_str |
| str |
|
OperationProperties_Name_str | OperationProperties_Name_str |
| str |
|
ReportId | ReportId |
| str |
|
DestMailboxOwnerSid | DestMailboxOwnerSid |
| str |
|
DestMailboxOwnerMasterAccountSid | DestMailboxOwnerMasterAccountSid |
| str |
|
AffectedUserCount | AffectedUserCount |
| int4 |
|
Category | Category |
| str |
|
MachineDomainInfo | MachineDomainInfo |
| str |
|
ListBaseType | ListBaseType |
| str |
|
DestMailboxId | DestMailboxId |
| str |
|
TabType | TabType |
| str |
|
Activity | Activity |
| str |
|
DestinationFileExtension | DestinationFileExtension |
| str |
|
UserUPN | UserUPN |
| str |
|
ListId | ListId |
| str |
|
SourceRelativeUrl | SourceRelativeUrl |
| str |
|
UserTypeInitiated | UserTypeInitiated |
| int4 |
|
EndTime | EndTime |
| str |
|
SendAsUserMailboxGuid | SendAsUserMailboxGuid |
| str |
|
ActionType | ActionType |
| str |
|
SourceFileExtension | SourceFileExtension |
| str |
|
DashboardId | DashboardId |
| str |
|
ClientApplicationId | ClientApplicationId |
| str |
|
DestMailboxOwnerUPN | DestMailboxOwnerUPN |
| str |
|
MailboxOwnerMasterAccountSid | MailboxOwnerMasterAccountSid |
| str |
|
SensitiveInfoDetectionIsIncluded | SensitiveInfoDetectionIsIncluded |
| bool |
|
Schedules_RefreshFrequency | Schedules_RefreshFrequency |
| str |
|
Schedules_Days_str | Schedules_Days_str |
| str |
|
Schedules_Time_str | Schedules_Time_str |
| str |
|
Schedules_TimeZone | Schedules_TimeZone |
| str |
|
TeamName | TeamName |
| str |
|
WorkspaceId | WorkspaceId |
| str |
|
DataflowType | DataflowType |
| str |
|
SourceFileName | SourceFileName |
| str |
|
FeatureDisplayName | FeatureDisplayName |
| str |
|
EntityPath | EntityPath |
| str |
|
TeamGuid | TeamGuid |
| str |
|
ResourceTitle | ResourceTitle |
| str |
|
Classification | Classification |
| str |
|
ListBaseTemplateType | ListBaseTemplateType |
| str |
|
DestinationFileName | DestinationFileName |
| str |
|
AffectedTenantCount | AffectedTenantCount |
| int8 |
|
DatasetName | DatasetName |
| str |
|
LicenseDisplayName | LicenseDisplayName |
| str |
|
Feature | Feature |
| str |
|
StartTime | StartTime |
| str |
|
TargetUserOrGroupType | TargetUserOrGroupType |
| str |
|
DataConnectivityMode | DataConnectivityMode |
| str |
|
LastUpdatedTime | LastUpdatedTime |
| str |
|
ReportName | ReportName |
| str |
|
EntityType | EntityType |
| str |
|
OperationDetails | OperationDetails |
| str |
|
UserAgent | UserAgent |
| str |
|
AlertType | AlertType |
| str |
|
Name | Name |
| str |
|
CmdletVersion | CmdletVersion |
| str |
|
ImportSource | ImportSource |
| str |
|
SkypeForBusinessEventType | SkypeForBusinessEventType |
| int4 |
|
AddOnType | AddOnType |
| int4 |
|
DoNotDistributeEvent | DoNotDistributeEvent |
| bool |
|
ChannelName | ChannelName |
| str |
|
ListItemUniqueId | ListItemUniqueId |
| str |
|
ObjectId | ObjectId |
| str |
|
AttachmentData | AttachmentData |
| json |
|
DeliveryAction | DeliveryAction |
| str |
|
DetectionMethod | DetectionMethod |
| str |
|
DetectionType | DetectionType |
| str |
|
Directionality | Directionality |
| str |
|
EventDeepLink | EventDeepLink |
| str |
|
InternetMessageId | InternetMessageId |
| str |
|
LatestDeliveryLocation | LatestDeliveryLocation |
| str |
|
MessageTime | MessageTime |
| str |
|
NetworkMessageId | NetworkMessageId |
| str |
|
OriginalDeliveryLocation | OriginalDeliveryLocation |
| str |
|
P1Sender | P1Sender |
| str |
|
P2Sender | P2Sender |
| str |
|
Policy | Policy |
| str |
|
PolicyAction | PolicyAction |
| str |
|
Recipients | Recipients |
| str |
|
SenderIp | SenderIp |
| str |
|
Subject | Subject |
| str |
|
ThreatsAndDetectionTech | ThreatsAndDetectionTech |
| str |
|
Verdict | Verdict |
| str |
|
SourceLocationType | SourceLocationType |
| int4 |
|
Platform | Platform |
| int4 |
|
Application | Application |
| str |
|
FileExtension | FileExtension |
| str |
|
DeviceName | DeviceName |
| str |
|
MDATPDeviceId | MDATPDeviceId |
| str |
|
FileSize | FileSize |
| int4 |
|
FileType | FileType |
| str |
|
Hidden | Hidden |
| bool |
|
Actions | Actions |
| json |
|
AlertLinks | AlertLinks |
| json |
|
Data | Data |
| json |
|
DeepLinkUrl | DeepLinkUrl |
| str |
|
EndTimeUtc | EndTimeUtc |
| timestamp |
|
InvestigationId | InvestigationId |
| str |
|
InvestigationName | InvestigationName |
| str |
|
InvestigationType | InvestigationType |
| str |
|
LastUpdateTimeUtc | LastUpdateTimeUtc |
| timestamp |
|
StartTimeUtc | StartTimeUtc |
| timestamp |
|
Source | Source |
| str |
|
message | message |
| str |
|
hostchain | hostchain |
| str | ✓ |
tag | tag |
| str | ✓ |
rawSource | rawSource |
| str | ✓ |
rawTagged | rawTagged |
| str |
|
rawMessage | rawMessage |
| str |
|
cloud.office365.management.sharepoint
Field in | Field in source table | Field transformation | Data type | Extra Field |
|---|---|---|---|---|
eventdate | eventdate |
| timestamp |
|
hostname | hostname |
| str |
|
type | - | str |
| |
Id | Id |
| str |
|
Workload | Workload |
| str |
|
StatusTime | StatusTime |
| str |
|
FeatureStatus | FeatureStatus |
| str |
|
Status | Status |
| str |
|
StatusDisplayName | StatusDisplayName |
| str |
|
IncidentIds | IncidentIds |
| str |
|
WorkloadDisplayName | WorkloadDisplayName |
| str |
|
UserType | UserType |
| int4 |
|
timestamp | timestamp |
| timestamp |
|
Operation | Operation |
| str |
|
Version | Version |
| int4 |
|
LogonType | LogonType |
| int4 |
|
MailboxOwnerSid | MailboxOwnerSid |
| str |
|
ExternalAccess | ExternalAccess |
| bool |
|
OrganizationName | OrganizationName |
| str |
|
SessionId | SessionId |
| str |
|
ClientAddress | ClientAddress |
| str |
|
ClientIPAddress | ClientIPAddress |
| str |
|
ClientProcessName | ClientProcessName |
| str |
|
ResultStatus | ResultStatus |
| str |
|
UserId | UserId |
| str |
|
LogonUserSid | LogonUserSid |
| str |
|
InternalLogonType | InternalLogonType |
| int4 |
|
OriginatingServer | OriginatingServer |
| str |
|
UserKey | UserKey |
| str |
|
MailboxGuid | MailboxGuid |
| str |
|
OrganizationId | OrganizationId |
| str |
|
RecordType | RecordType |
| int4 |
|
ClientInfoString | ClientInfoString |
| str |
|
MailboxOwnerUPN | MailboxOwnerUPN |
| str |
|
CrossMailboxOperation | CrossMailboxOperation |
| bool |
|
AffectedItems | AffectedItems |
| str |
|
Folder_Id | Folder_Id |
| str |
|
Folder_Path | Folder_Path |
| str |
|
FoldersItemsStr | FoldersItemsStr |
| str |
|
ForwardTo | ForwardTo |
| str |
|
Parameters_Raw | Parameters_Raw |
| str |
|
Item_Subject | Item_Subject |
| str |
|
Item_Attachments | Item_Attachments |
| str |
|
Item_ParentFolder_Id | Item_ParentFolder_Id |
| str |
|
Item_ParentFolder_Path | Item_ParentFolder_Path |
| str |
|
ModifiedProperties | ModifiedProperties |
| str |
|
SendOnBehalfOfUserSmtp | SendOnBehalfOfUserSmtp |
| str |
|
SendAsUserSmtp | SendAsUserSmtp |
| str |
|
PolicyDetails | PolicyDetails |
| str |
|
PolicyDetails_PolicyName_str | PolicyDetails_PolicyName_str |
| str |
|
PolicyDetails_PolicyId_str | PolicyDetails_PolicyId_str |
| str |
|
PolicyDetails_location_str | PolicyDetails_location_str |
| str |
|
PolicyDetails_RuleMode_str | PolicyDetails_RuleMode_str |
| str |
|
PolicyDetails_RuleName_str | PolicyDetails_RuleName_str |
| str |
|
PolicyDetails_RuleId_str | PolicyDetails_RuleId_str |
| str |
|
PolicyDetails_Severity_str | PolicyDetails_Severity_str |
| str |
|
PolicyDetails_ManagementRuleId_str | PolicyDetails_ManagementRuleId_str |
| str |
|
Unique_PolicyDetails_location_str | Unique_PolicyDetails_location_str |
| str |
|
PolicyDetails_confidence_str | PolicyDetails_confidence_str |
| str |
|
PolicyDetails_count_str | PolicyDetails_count_str |
| str |
|
PolicyDetails_sensitiveType_str | PolicyDetails_sensitiveType_str |
| str |
|
PolicyDetails_uniqueCount_str | PolicyDetails_uniqueCount_str |
| str |
|
PolicyDetails_ConditionsMatched_Name_str | PolicyDetails_ConditionsMatched_Name_str |
| str |
|
PolicyDetails_ConditionsMatched_Value_str | PolicyDetails_ConditionsMatched_Value_str |
| str |
|
PolicyDetails_ConditionMatchedInNewScheme_str | PolicyDetails_ConditionMatchedInNewScheme_str |
| str |
|
ExchangeMetaData_BCC | ExchangeMetaData_BCC |
| str |
|
ExchangeMetaData_MessageID | ExchangeMetaData_MessageID |
| str |
|
ExchangeMetaData_From | ExchangeMetaData_From |
| str |
|
ExchangeMetaData_CC | ExchangeMetaData_CC |
| str |
|
ExchangeMetaData_Sent | ExchangeMetaData_Sent |
| str |
|
ExchangeMetaData_Subject | ExchangeMetaData_Subject |
| str |
|
ExchangeMetaData_RecipientCount | ExchangeMetaData_RecipientCount |
| int4 |
|
ExchangeMetaData_To | ExchangeMetaData_To |
| str |
|
InterSystemsId | InterSystemsId |
| str |
|
TargetUserId | TargetUserId |
| str |
|
Actor_ID_str | Actor_ID_str |
| str |
|
Actor_Type_str | Actor_Type_str |
| str |
|
ActorContextId | ActorContextId |
| str |
|
YammerNetworkId | YammerNetworkId |
| int4 |
|
ActorUserId | ActorUserId |
| str |
|
ActorIpAddress | ActorIpAddress |
| str |
|
Client | Client |
| str |
|
ClientIP | ClientIP |
| str |
|
LogonError | LogonError |
| str |
|
ApplicationId | ApplicationId |
| str |
|
Target_ID_str | Target_ID_str |
| str |
|
Target_Type_str | Target_Type_str |
| str |
|
IntraSystemId | IntraSystemId |
| str |
|
ExtendedProperties_Name_str | ExtendedProperties_Name_str |
| str |
|
ExtendedProperties_Value_str | ExtendedProperties_Value_str |
| str |
|
ActorYammerUserId | ActorYammerUserId |
| int8 |
|
FileName | FileName |
| str |
|
TargetContextId | TargetContextId |
| str |
|
AzureActiveDirectoryEventType | AzureActiveDirectoryEventType |
| int4 |
|
VersionId | VersionId |
| int8 |
|
FileId | FileId |
| int8 |
|
PostIncidentDocumentUrl | PostIncidentDocumentUrl |
| str |
|
Severity | Severity |
| str |
|
Title | Title |
| str |
|
Comments | Comments |
| str |
|
AffectedWorkloadDisplayNames | AffectedWorkloadDisplayNames |
| str |
|
AlertEntityId | AlertEntityId |
| str |
|
Messages_MessageText_str | Messages_MessageText_str |
| str |
|
Messages_PublishedTime_str | Messages_PublishedTime_str |
| str |
|
ChannelGuid | ChannelGuid |
| str |
|
LogonUserDisplayName | LogonUserDisplayName |
| str |
|
RecipientUPN | RecipientUPN |
| str |
|
ApplicationDisplayName | ApplicationDisplayName |
| str |
|
MessageType | MessageType |
| str |
|
EventSource | EventSource |
| str |
|
DestinationRelativeUrl | DestinationRelativeUrl |
| str |
|
MachineId | MachineId |
| str |
|
WebId | WebId |
| str |
|
SendOnBehalfOfUserMailboxGuid | SendOnBehalfOfUserMailboxGuid |
| str |
|
ExtraProperties_Key_str | ExtraProperties_Key_str |
| str |
|
ExtraProperties_Value_str | ExtraProperties_Value_str |
| str |
|
SharingPermission | SharingPermission |
| int4 |
|
ObjectName | ObjectName |
| str |
|
SharingType | SharingType |
| str |
|
DataflowRefreshScheduleType | DataflowRefreshScheduleType |
| str |
|
TenantName | TenantName |
| str |
|
CustomUniqueId | CustomUniqueId |
| bool |
|
DatasetId | DatasetId |
| str |
|
SiteUrl | SiteUrl |
| str |
|
Parameters_Name_str | Parameters_Name_str |
| str |
|
Parameters_Value_str | Parameters_Value_str |
| str |
|
ImportType | ImportType |
| str |
|
ImportId | ImportId |
| str |
|
PolicyId | PolicyId |
| str |
|
ItemName | ItemName |
| str |
|
Datasets_DatasetId_str | Datasets_DatasetId_str |
| str |
|
Datasets_DatasetName_str | Datasets_DatasetName_str |
| str |
|
ImplicitShare | ImplicitShare |
| str |
|
ImportDisplayName | ImportDisplayName |
| str |
|
ItemType | ItemType |
| str |
|
WorkSpaceName | WorkSpaceName |
| str |
|
DestFolder_Path | DestFolder_Path |
| str |
|
DestFolder_Id | DestFolder_Id |
| str |
|
UniqueSharingId | UniqueSharingId |
| str |
|
TargetUserOrGroupName | TargetUserOrGroupName |
| str |
|
FlowConnectorNames | FlowConnectorNames |
| str |
|
FileSyncBytesCommitted | FileSyncBytesCommitted |
| str |
|
CorrelationId | CorrelationId |
| str |
|
Members_DisplayName_str | Members_DisplayName_str |
| str |
|
Members_UPN_str | Members_UPN_str |
| str |
|
Members_Role_str | Members_Role_str |
| str |
|
AddOnGuid | AddOnGuid |
| str |
|
DashboardName | DashboardName |
| str |
|
IsSuccess | IsSuccess |
| bool |
|
AlertId | AlertId |
| str |
|
ListTitle | ListTitle |
| str |
|
ReportType | ReportType |
| str |
|
AffectedWorkloadNames | AffectedWorkloadNames |
| str |
|
FlowDetailsUrl | FlowDetailsUrl |
| str |
|
TargetYammerUserId | TargetYammerUserId |
| int8 |
|
ImpactDescription | ImpactDescription |
| str |
|
BrowserName | BrowserName |
| str |
|
OperationProperties_Value_str | OperationProperties_Value_str |
| str |
|
OperationProperties_Name_str | OperationProperties_Name_str |
| str |
|
ReportId | ReportId |
| str |
|
DestMailboxOwnerSid | DestMailboxOwnerSid |
| str |
|
DestMailboxOwnerMasterAccountSid | DestMailboxOwnerMasterAccountSid |
| str |
|
AffectedUserCount | AffectedUserCount |
| int4 |
|
Category | Category |
| str |
|
MachineDomainInfo | MachineDomainInfo |
| str |
|
ListBaseType | ListBaseType |
| str |
|
DestMailboxId | DestMailboxId |
| str |
|
TabType | TabType |
| str |
|
Activity | Activity |
| str |
|
DestinationFileExtension | DestinationFileExtension |
| str |
|
UserUPN | UserUPN |
| str |
|
ListId | ListId |
| str |
|
SourceRelativeUrl | SourceRelativeUrl |
| str |
|
UserTypeInitiated | UserTypeInitiated |
| int4 |
|
EndTime | EndTime |
| str |
|
SendAsUserMailboxGuid | SendAsUserMailboxGuid |
| str |
|
ActionType | ActionType |
| str |
|
SourceFileExtension | SourceFileExtension |
| str |
|
DashboardId | DashboardId |
| str |
|
ClientApplicationId | ClientApplicationId |
| str |
|
DestMailboxOwnerUPN | DestMailboxOwnerUPN |
| str |
|
MailboxOwnerMasterAccountSid | MailboxOwnerMasterAccountSid |
| str |
|
SensitiveInfoDetectionIsIncluded | SensitiveInfoDetectionIsIncluded |
| bool |
|
Schedules_RefreshFrequency | Schedules_RefreshFrequency |
| str |
|
Schedules_Days_str | Schedules_Days_str |
| str |
|
Schedules_Time_str | Schedules_Time_str |
| str |
|
Schedules_TimeZone | Schedules_TimeZone |
| str |
|
TeamName | TeamName |
| str |
|
WorkspaceId | WorkspaceId |
| str |
|
DataflowType | DataflowType |
| str |
|
SourceFileName | SourceFileName |
| str |
|
FeatureDisplayName | FeatureDisplayName |
| str |
|
EntityPath | EntityPath |
| str |
|
TeamGuid | TeamGuid |
| str |
|
ResourceTitle | ResourceTitle |
| str |
|
Classification | Classification |
| str |
|
ListBaseTemplateType | ListBaseTemplateType |
| str |
|
DestinationFileName | DestinationFileName |
| str |
|
AffectedTenantCount | AffectedTenantCount |
| int8 |
|
DatasetName | DatasetName |
| str |
|
LicenseDisplayName | LicenseDisplayName |
| str |
|
Feature | Feature |
| str |
|
StartTime | StartTime |
| str |
|
TargetUserOrGroupType | TargetUserOrGroupType |
| str |
|
DataConnectivityMode | DataConnectivityMode |
| str |
|
LastUpdatedTime | LastUpdatedTime |
| str |
|
ReportName | ReportName |
| str |
|
EntityType | EntityType |
| str |
|
OperationDetails | OperationDetails |
| str |
|
UserAgent | UserAgent |
| str |
|
AlertType | AlertType |
| str |
|
Name | Name |
| str |
|
CmdletVersion | CmdletVersion |
| str |
|
ImportSource | ImportSource |
| str |
|
SkypeForBusinessEventType | SkypeForBusinessEventType |
| int4 |
|
AddOnType | AddOnType |
| int4 |
|
DoNotDistributeEvent | DoNotDistributeEvent |
| bool |
|
ChannelName | ChannelName |
| str |
|
ListItemUniqueId | ListItemUniqueId |
| str |
|
ObjectId | ObjectId |
| str |
|
AttachmentData | AttachmentData |
| json |
|
DeliveryAction | DeliveryAction |
| str |
|
DetectionMethod | DetectionMethod |
| str |
|
DetectionType | DetectionType |
| str |
|
Directionality | Directionality |
| str |
|
EventDeepLink | EventDeepLink |
| str |
|
InternetMessageId | InternetMessageId |
| str |
|
LatestDeliveryLocation | LatestDeliveryLocation |
| str |
|
MessageTime | MessageTime |
| str |
|
NetworkMessageId | NetworkMessageId |
| str |
|
OriginalDeliveryLocation | OriginalDeliveryLocation |
| str |
|
P1Sender | P1Sender |
| str |
|
P2Sender | P2Sender |
| str |
|
Policy | Policy |
| str |
|
PolicyAction | PolicyAction |
| str |
|
Recipients | Recipients |
| str |
|
SenderIp | SenderIp |
| str |
|
Subject | Subject |
| str |
|
ThreatsAndDetectionTech | ThreatsAndDetectionTech |
| str |
|
Verdict | Verdict |
| str |
|
SourceLocationType | SourceLocationType |
| int4 |
|
Platform | Platform |
| int4 |
|
Application | Application |
| str |
|
FileExtension | FileExtension |
| str |
|
DeviceName | DeviceName |
| str |
|
MDATPDeviceId | MDATPDeviceId |
| str |
|
FileSize | FileSize |
| int4 |
|
FileType | FileType |
| str |
|
Hidden | Hidden |
| bool |
|
Actions | Actions |
| json |
|
AlertLinks | AlertLinks |
| json |
|
Data | Data |
| json |
|
DeepLinkUrl | DeepLinkUrl |
| str |
|
EndTimeUtc | EndTimeUtc |
| timestamp |
|
InvestigationId | InvestigationId |
| str |
|
InvestigationName | InvestigationName |
| str |
|
InvestigationType | InvestigationType |
| str |
|
LastUpdateTimeUtc | LastUpdateTimeUtc |
| timestamp |
|
StartTimeUtc | StartTimeUtc |
| timestamp |
|
Source | Source |
| str |
|
message | message |
| str |
|
hostchain | hostchain |
| str | ✓ |
tag | tag |
| str | ✓ |
rawSource | rawSource |
| str | ✓ |
rawTagged | rawTagged |
| str |
|
rawMessage | rawMessage |
| str |
|