Document toolboxDocument toolbox

Tables from 32 to 36

 

cloud.office365.management.quarantine

Field in

Field in source table

Field transformation

Data type

Extra Field

Field in

Field in source table

Field transformation

Data type

Extra Field

eventdate

eventdate

 

timestamp

 

hostname

hostname

 

str

 

type

-

"quarantine"

str

 

Id

Id

 

str

 

Workload

Workload

 

str

 

StatusTime

StatusTime

 

str

 

FeatureStatus

FeatureStatus

 

str

 

Status

Status

 

str

 

StatusDisplayName

StatusDisplayName

 

str

 

IncidentIds

IncidentIds

 

str

 

WorkloadDisplayName

WorkloadDisplayName

 

str

 

UserType

UserType

 

int4

 

timestamp

timestamp

 

timestamp

 

Operation

Operation

 

str

 

Version

Version

 

int4

 

LogonType

LogonType

 

int4

 

MailboxOwnerSid

MailboxOwnerSid

 

str

 

ExternalAccess

ExternalAccess

 

bool

 

OrganizationName

OrganizationName

 

str

 

SessionId

SessionId

 

str

 

ClientAddress

ClientAddress

 

str

 

ClientIPAddress

ClientIPAddress

 

str

 

ClientProcessName

ClientProcessName

 

str

 

ResultStatus

ResultStatus

 

str

 

UserId

UserId

 

str

 

LogonUserSid

LogonUserSid

 

str

 

InternalLogonType

InternalLogonType

 

int4

 

OriginatingServer

OriginatingServer

 

str

 

UserKey

UserKey

 

str

 

MailboxGuid

MailboxGuid

 

str

 

OrganizationId

OrganizationId

 

str

 

RecordType

RecordType

 

int4

 

ClientInfoString

ClientInfoString

 

str

 

MailboxOwnerUPN

MailboxOwnerUPN

 

str

 

CrossMailboxOperation

CrossMailboxOperation

 

bool

 

AffectedItems

AffectedItems

 

str

 

Folder_Id

Folder_Id

 

str

 

Folder_Path

Folder_Path

 

str

 

FoldersItemsStr

FoldersItemsStr

 

str

 

ForwardTo

ForwardTo

 

str

 

Parameters_Raw

Parameters_Raw

 

str

 

Item_Subject

Item_Subject

 

str

 

Item_Attachments

Item_Attachments

 

str

 

Item_ParentFolder_Id

Item_ParentFolder_Id

 

str

 

Item_ParentFolder_Path

Item_ParentFolder_Path

 

str

 

ModifiedProperties

ModifiedProperties

 

str

 

SendOnBehalfOfUserSmtp

SendOnBehalfOfUserSmtp

 

str

 

SendAsUserSmtp

SendAsUserSmtp

 

str

 

PolicyDetails

PolicyDetails

 

str

 

PolicyDetails_PolicyName_str

PolicyDetails_PolicyName_str

 

str

 

PolicyDetails_PolicyId_str

PolicyDetails_PolicyId_str

 

str

 

PolicyDetails_location_str

PolicyDetails_location_str

 

str

 

PolicyDetails_RuleMode_str

PolicyDetails_RuleMode_str

 

str

 

PolicyDetails_RuleName_str

PolicyDetails_RuleName_str

 

str

 

PolicyDetails_RuleId_str

PolicyDetails_RuleId_str

 

str

 

PolicyDetails_Severity_str

PolicyDetails_Severity_str

 

str

 

PolicyDetails_ManagementRuleId_str

PolicyDetails_ManagementRuleId_str

 

str

 

Unique_PolicyDetails_location_str

Unique_PolicyDetails_location_str

 

str

 

PolicyDetails_confidence_str

PolicyDetails_confidence_str

 

str

 

PolicyDetails_count_str

PolicyDetails_count_str

 

str

 

PolicyDetails_sensitiveType_str

PolicyDetails_sensitiveType_str

 

str

 

PolicyDetails_uniqueCount_str

PolicyDetails_uniqueCount_str

 

str

 

PolicyDetails_ConditionsMatched_Name_str

PolicyDetails_ConditionsMatched_Name_str

 

str

 

PolicyDetails_ConditionsMatched_Value_str

PolicyDetails_ConditionsMatched_Value_str

 

str

 

PolicyDetails_ConditionMatchedInNewScheme_str

PolicyDetails_ConditionMatchedInNewScheme_str

 

str

 

ExchangeMetaData_BCC

ExchangeMetaData_BCC

 

str

 

ExchangeMetaData_MessageID

ExchangeMetaData_MessageID

 

str

 

ExchangeMetaData_From

ExchangeMetaData_From

 

str

 

ExchangeMetaData_CC

ExchangeMetaData_CC

 

str

 

ExchangeMetaData_Sent

ExchangeMetaData_Sent

 

str

 

ExchangeMetaData_Subject

ExchangeMetaData_Subject

 

str

 

ExchangeMetaData_RecipientCount

ExchangeMetaData_RecipientCount

 

int4

 

ExchangeMetaData_To

ExchangeMetaData_To

 

str

 

InterSystemsId

InterSystemsId

 

str

 

TargetUserId

TargetUserId

 

str

 

Actor_ID_str

Actor_ID_str

 

str

 

Actor_Type_str

Actor_Type_str

 

str

 

ActorContextId

ActorContextId

 

str

 

YammerNetworkId

YammerNetworkId

 

int4

 

ActorUserId

ActorUserId

 

str

 

ActorIpAddress

ActorIpAddress

 

str

 

Client

Client

 

str

 

ClientIP

ClientIP

 

str

 

LogonError

LogonError

 

str

 

ApplicationId

ApplicationId

 

str

 

Target_ID_str

Target_ID_str

 

str

 

Target_Type_str

Target_Type_str

 

str

 

IntraSystemId

IntraSystemId

 

str

 

ExtendedProperties_Name_str

ExtendedProperties_Name_str

 

str

 

ExtendedProperties_Value_str

ExtendedProperties_Value_str

 

str

 

ActorYammerUserId

ActorYammerUserId

 

int8

 

FileName

FileName

 

str

 

TargetContextId

TargetContextId

 

str

 

AzureActiveDirectoryEventType

AzureActiveDirectoryEventType

 

int4

 

VersionId

VersionId

 

int8

 

FileId

FileId

 

int8

 

PostIncidentDocumentUrl

PostIncidentDocumentUrl

 

str

 

Severity

Severity

 

str

 

Title

Title

 

str

 

Comments

Comments

 

str

 

AffectedWorkloadDisplayNames

AffectedWorkloadDisplayNames

 

str

 

AlertEntityId

AlertEntityId

 

str

 

Messages_MessageText_str

Messages_MessageText_str

 

str

 

Messages_PublishedTime_str

Messages_PublishedTime_str

 

str

 

ChannelGuid

ChannelGuid

 

str

 

LogonUserDisplayName

LogonUserDisplayName

 

str

 

RecipientUPN

RecipientUPN

 

str

 

ApplicationDisplayName

ApplicationDisplayName

 

str

 

MessageType

MessageType

 

str

 

EventSource

EventSource

 

str

 

DestinationRelativeUrl

DestinationRelativeUrl

 

str

 

MachineId

MachineId

 

str

 

WebId

WebId

 

str

 

SendOnBehalfOfUserMailboxGuid

SendOnBehalfOfUserMailboxGuid

 

str

 

ExtraProperties_Key_str

ExtraProperties_Key_str

 

str

 

ExtraProperties_Value_str

ExtraProperties_Value_str

 

str

 

SharingPermission

SharingPermission

 

int4

 

ObjectName

ObjectName

 

str

 

SharingType

SharingType

 

str

 

DataflowRefreshScheduleType

DataflowRefreshScheduleType

 

str

 

TenantName

TenantName

 

str

 

CustomUniqueId

CustomUniqueId

 

bool

 

DatasetId

DatasetId

 

str

 

SiteUrl

SiteUrl

 

str

 

Parameters_Name_str

Parameters_Name_str

 

str

 

Parameters_Value_str

Parameters_Value_str

 

str

 

ImportType

ImportType

 

str

 

ImportId

ImportId

 

str

 

PolicyId

PolicyId

 

str

 

ItemName

ItemName

 

str

 

Datasets_DatasetId_str

Datasets_DatasetId_str

 

str

 

Datasets_DatasetName_str

Datasets_DatasetName_str

 

str

 

ImplicitShare

ImplicitShare

 

str

 

ImportDisplayName

ImportDisplayName

 

str

 

ItemType

ItemType

 

str

 

WorkSpaceName

WorkSpaceName

 

str

 

DestFolder_Path

DestFolder_Path

 

str

 

DestFolder_Id

DestFolder_Id

 

str

 

UniqueSharingId

UniqueSharingId

 

str

 

TargetUserOrGroupName

TargetUserOrGroupName

 

str

 

FlowConnectorNames

FlowConnectorNames

 

str

 

FileSyncBytesCommitted

FileSyncBytesCommitted

 

str

 

CorrelationId

CorrelationId

 

str

 

Members_DisplayName_str

Members_DisplayName_str

 

str

 

Members_UPN_str

Members_UPN_str

 

str

 

Members_Role_str

Members_Role_str

 

str

 

AddOnGuid

AddOnGuid

 

str

 

DashboardName

DashboardName

 

str

 

IsSuccess

IsSuccess

 

bool

 

AlertId

AlertId

 

str

 

ListTitle

ListTitle

 

str

 

ReportType

ReportType

 

str

 

AffectedWorkloadNames

AffectedWorkloadNames

 

str

 

FlowDetailsUrl

FlowDetailsUrl

 

str

 

TargetYammerUserId

TargetYammerUserId

 

int8

 

ImpactDescription

ImpactDescription

 

str

 

BrowserName

BrowserName

 

str

 

OperationProperties_Value_str

OperationProperties_Value_str

 

str

 

OperationProperties_Name_str

OperationProperties_Name_str

 

str

 

ReportId

ReportId

 

str

 

DestMailboxOwnerSid

DestMailboxOwnerSid

 

str

 

DestMailboxOwnerMasterAccountSid

DestMailboxOwnerMasterAccountSid

 

str

 

AffectedUserCount

AffectedUserCount

 

int4

 

Category

Category

 

str

 

MachineDomainInfo

MachineDomainInfo

 

str

 

ListBaseType

ListBaseType

 

str

 

DestMailboxId

DestMailboxId

 

str

 

TabType

TabType

 

str

 

Activity

Activity

 

str

 

DestinationFileExtension

DestinationFileExtension

 

str

 

UserUPN

UserUPN

 

str

 

ListId

ListId

 

str

 

SourceRelativeUrl

SourceRelativeUrl

 

str

 

UserTypeInitiated

UserTypeInitiated

 

int4

 

EndTime

EndTime

 

str

 

SendAsUserMailboxGuid

SendAsUserMailboxGuid

 

str

 

ActionType

ActionType

 

str

 

SourceFileExtension

SourceFileExtension

 

str

 

DashboardId

DashboardId

 

str

 

ClientApplicationId

ClientApplicationId

 

str

 

DestMailboxOwnerUPN

DestMailboxOwnerUPN

 

str

 

MailboxOwnerMasterAccountSid

MailboxOwnerMasterAccountSid

 

str

 

SensitiveInfoDetectionIsIncluded

SensitiveInfoDetectionIsIncluded

 

bool

 

Schedules_RefreshFrequency

Schedules_RefreshFrequency

 

str

 

Schedules_Days_str

Schedules_Days_str

 

str

 

Schedules_Time_str

Schedules_Time_str

 

str

 

Schedules_TimeZone

Schedules_TimeZone

 

str

 

TeamName

TeamName

 

str

 

WorkspaceId

WorkspaceId

 

str

 

DataflowType

DataflowType

 

str

 

SourceFileName

SourceFileName

 

str

 

FeatureDisplayName

FeatureDisplayName

 

str

 

EntityPath

EntityPath

 

str

 

TeamGuid

TeamGuid

 

str

 

ResourceTitle

ResourceTitle

 

str

 

Classification

Classification

 

str

 

ListBaseTemplateType

ListBaseTemplateType

 

str

 

DestinationFileName

DestinationFileName

 

str

 

AffectedTenantCount

AffectedTenantCount

 

int8

 

DatasetName

DatasetName

 

str

 

LicenseDisplayName

LicenseDisplayName

 

str

 

Feature

Feature

 

str

 

StartTime

StartTime

 

str

 

TargetUserOrGroupType

TargetUserOrGroupType

 

str

 

DataConnectivityMode

DataConnectivityMode

 

str

 

LastUpdatedTime

LastUpdatedTime

 

str

 

ReportName

ReportName

 

str

 

EntityType

EntityType

 

str

 

OperationDetails

OperationDetails

 

str

 

UserAgent

UserAgent

 

str

 

AlertType

AlertType

 

str

 

Name

Name

 

str

 

CmdletVersion

CmdletVersion

 

str

 

ImportSource

ImportSource

 

str

 

SkypeForBusinessEventType

SkypeForBusinessEventType

 

int4

 

AddOnType

AddOnType

 

int4

 

DoNotDistributeEvent

DoNotDistributeEvent

 

bool

 

ChannelName

ChannelName

 

str

 

ListItemUniqueId

ListItemUniqueId

 

str

 

ObjectId

ObjectId

 

str

 

AttachmentData

AttachmentData

 

json

 

DeliveryAction

DeliveryAction

 

str

 

DetectionMethod

DetectionMethod

 

str

 

DetectionType

DetectionType

 

str

 

Directionality

Directionality

 

str

 

EventDeepLink

EventDeepLink

 

str

 

InternetMessageId

InternetMessageId

 

str

 

LatestDeliveryLocation

LatestDeliveryLocation

 

str

 

MessageTime

MessageTime

 

str

 

NetworkMessageId

NetworkMessageId

 

str

 

OriginalDeliveryLocation

OriginalDeliveryLocation

 

str

 

P1Sender

P1Sender

 

str

 

P2Sender

P2Sender

 

str

 

Policy

Policy

 

str

 

PolicyAction

PolicyAction

 

str

 

Recipients

Recipients

 

str

 

SenderIp

SenderIp

 

str

 

Subject

Subject

 

str

 

ThreatsAndDetectionTech

ThreatsAndDetectionTech

 

str

 

Verdict

Verdict

 

str

 

SourceLocationType

SourceLocationType

 

int4

 

Platform

Platform

 

int4

 

Application

Application

 

str

 

FileExtension

FileExtension

 

str

 

DeviceName

DeviceName

 

str

 

MDATPDeviceId

MDATPDeviceId

 

str

 

FileSize

FileSize

 

int4

 

FileType

FileType

 

str

 

Hidden

Hidden

 

bool

 

Actions

Actions

 

json

 

AlertLinks

AlertLinks

 

json

 

Data

Data

 

json

 

DeepLinkUrl

DeepLinkUrl

 

str

 

EndTimeUtc

EndTimeUtc

 

timestamp

 

InvestigationId

InvestigationId

 

str

 

InvestigationName

InvestigationName

 

str

 

InvestigationType

InvestigationType

 

str

 

LastUpdateTimeUtc

LastUpdateTimeUtc

 

timestamp

 

StartTimeUtc

StartTimeUtc

 

timestamp

 

Source

Source

 

str

 

message

message

 

str

 

hostchain

hostchain

 

str

✓

tag

tag

 

str

✓

rawSource

rawSource

 

str

✓

rawTagged

rawTagged

 

str

 

rawMessage

rawMessage

 

str

 

cloud.office365.management.rdl

Field in

Field in source table

Field transformation

Data type

Extra Field

Field in

Field in source table

Field transformation

Data type

Extra Field

eventdate

eventdate

 

timestamp

 

hostname

hostname

 

str

 

type

-

"rdl"

str

 

Id

Id

 

str

 

Workload

Workload

 

str

 

StatusTime

StatusTime

 

str

 

FeatureStatus

FeatureStatus

 

str

 

Status

Status

 

str

 

StatusDisplayName

StatusDisplayName

 

str

 

IncidentIds

IncidentIds

 

str

 

WorkloadDisplayName

WorkloadDisplayName

 

str

 

UserType

UserType

 

int4

 

timestamp

timestamp

 

timestamp

 

Operation

Operation

 

str

 

Version

Version

 

int4

 

LogonType

LogonType

 

int4

 

MailboxOwnerSid

MailboxOwnerSid

 

str

 

ExternalAccess

ExternalAccess

 

bool

 

OrganizationName

OrganizationName

 

str

 

SessionId

SessionId

 

str

 

ClientAddress

ClientAddress

 

str

 

ClientIPAddress

ClientIPAddress

 

str

 

ClientProcessName

ClientProcessName

 

str

 

ResultStatus

ResultStatus

 

str

 

UserId

UserId

 

str

 

LogonUserSid

LogonUserSid

 

str

 

InternalLogonType

InternalLogonType

 

int4

 

OriginatingServer

OriginatingServer

 

str

 

UserKey

UserKey

 

str

 

MailboxGuid

MailboxGuid

 

str

 

OrganizationId

OrganizationId

 

str

 

RecordType

RecordType

 

int4

 

ClientInfoString

ClientInfoString

 

str

 

MailboxOwnerUPN

MailboxOwnerUPN

 

str

 

CrossMailboxOperation

CrossMailboxOperation

 

bool

 

AffectedItems

AffectedItems

 

str

 

Folder_Id

Folder_Id

 

str

 

Folder_Path

Folder_Path

 

str

 

FoldersItemsStr

FoldersItemsStr

 

str

 

ForwardTo

ForwardTo

 

str

 

Parameters_Raw

Parameters_Raw

 

str

 

Item_Subject

Item_Subject

 

str

 

Item_Attachments

Item_Attachments

 

str

 

Item_ParentFolder_Id

Item_ParentFolder_Id

 

str

 

Item_ParentFolder_Path

Item_ParentFolder_Path

 

str

 

ModifiedProperties

ModifiedProperties

 

str

 

SendOnBehalfOfUserSmtp

SendOnBehalfOfUserSmtp

 

str

 

SendAsUserSmtp

SendAsUserSmtp

 

str

 

PolicyDetails

PolicyDetails

 

str

 

PolicyDetails_PolicyName_str

PolicyDetails_PolicyName_str

 

str

 

PolicyDetails_PolicyId_str

PolicyDetails_PolicyId_str

 

str

 

PolicyDetails_location_str

PolicyDetails_location_str

 

str

 

PolicyDetails_RuleMode_str

PolicyDetails_RuleMode_str

 

str

 

PolicyDetails_RuleName_str

PolicyDetails_RuleName_str

 

str

 

PolicyDetails_RuleId_str

PolicyDetails_RuleId_str

 

str

 

PolicyDetails_Severity_str

PolicyDetails_Severity_str

 

str

 

PolicyDetails_ManagementRuleId_str

PolicyDetails_ManagementRuleId_str

 

str

 

Unique_PolicyDetails_location_str

Unique_PolicyDetails_location_str

 

str

 

PolicyDetails_confidence_str

PolicyDetails_confidence_str

 

str

 

PolicyDetails_count_str

PolicyDetails_count_str

 

str

 

PolicyDetails_sensitiveType_str

PolicyDetails_sensitiveType_str

 

str

 

PolicyDetails_uniqueCount_str

PolicyDetails_uniqueCount_str

 

str

 

PolicyDetails_ConditionsMatched_Name_str

PolicyDetails_ConditionsMatched_Name_str

 

str

 

PolicyDetails_ConditionsMatched_Value_str

PolicyDetails_ConditionsMatched_Value_str

 

str

 

PolicyDetails_ConditionMatchedInNewScheme_str

PolicyDetails_ConditionMatchedInNewScheme_str

 

str

 

ExchangeMetaData_BCC

ExchangeMetaData_BCC

 

str

 

ExchangeMetaData_MessageID

ExchangeMetaData_MessageID

 

str

 

ExchangeMetaData_From

ExchangeMetaData_From

 

str

 

ExchangeMetaData_CC

ExchangeMetaData_CC

 

str

 

ExchangeMetaData_Sent

ExchangeMetaData_Sent

 

str

 

ExchangeMetaData_Subject

ExchangeMetaData_Subject

 

str

 

ExchangeMetaData_RecipientCount

ExchangeMetaData_RecipientCount

 

int4

 

ExchangeMetaData_To

ExchangeMetaData_To

 

str

 

InterSystemsId

InterSystemsId

 

str

 

TargetUserId

TargetUserId

 

str

 

Actor_ID_str

Actor_ID_str

 

str

 

Actor_Type_str

Actor_Type_str

 

str

 

ActorContextId

ActorContextId

 

str

 

YammerNetworkId

YammerNetworkId

 

int4

 

ActorUserId

ActorUserId

 

str

 

ActorIpAddress

ActorIpAddress

 

str

 

Client

Client

 

str

 

ClientIP

ClientIP

 

str

 

LogonError

LogonError

 

str

 

ApplicationId

ApplicationId

 

str

 

Target_ID_str

Target_ID_str

 

str

 

Target_Type_str

Target_Type_str

 

str

 

IntraSystemId

IntraSystemId

 

str

 

ExtendedProperties_Name_str

ExtendedProperties_Name_str

 

str

 

ExtendedProperties_Value_str

ExtendedProperties_Value_str

 

str

 

ActorYammerUserId

ActorYammerUserId

 

int8

 

FileName

FileName

 

str

 

TargetContextId

TargetContextId

 

str

 

AzureActiveDirectoryEventType

AzureActiveDirectoryEventType

 

int4

 

VersionId

VersionId

 

int8

 

FileId

FileId

 

int8

 

PostIncidentDocumentUrl

PostIncidentDocumentUrl

 

str

 

Severity

Severity

 

str

 

Title

Title

 

str

 

Comments

Comments

 

str

 

AffectedWorkloadDisplayNames

AffectedWorkloadDisplayNames

 

str

 

AlertEntityId

AlertEntityId

 

str

 

Messages_MessageText_str

Messages_MessageText_str

 

str

 

Messages_PublishedTime_str

Messages_PublishedTime_str

 

str

 

ChannelGuid

ChannelGuid

 

str

 

LogonUserDisplayName

LogonUserDisplayName

 

str

 

RecipientUPN

RecipientUPN

 

str

 

ApplicationDisplayName

ApplicationDisplayName

 

str

 

MessageType

MessageType

 

str

 

EventSource

EventSource

 

str

 

DestinationRelativeUrl

DestinationRelativeUrl

 

str

 

MachineId

MachineId

 

str

 

WebId

WebId

 

str

 

SendOnBehalfOfUserMailboxGuid

SendOnBehalfOfUserMailboxGuid

 

str

 

ExtraProperties_Key_str

ExtraProperties_Key_str

 

str

 

ExtraProperties_Value_str

ExtraProperties_Value_str

 

str

 

SharingPermission

SharingPermission

 

int4

 

ObjectName

ObjectName

 

str

 

SharingType

SharingType

 

str

 

DataflowRefreshScheduleType

DataflowRefreshScheduleType

 

str

 

TenantName

TenantName

 

str

 

CustomUniqueId

CustomUniqueId

 

bool

 

DatasetId

DatasetId

 

str

 

SiteUrl

SiteUrl

 

str

 

Parameters_Name_str

Parameters_Name_str

 

str

 

Parameters_Value_str

Parameters_Value_str

 

str

 

ImportType

ImportType

 

str

 

ImportId

ImportId

 

str

 

PolicyId

PolicyId

 

str

 

ItemName

ItemName

 

str

 

Datasets_DatasetId_str

Datasets_DatasetId_str

 

str

 

Datasets_DatasetName_str

Datasets_DatasetName_str

 

str

 

ImplicitShare

ImplicitShare

 

str

 

ImportDisplayName

ImportDisplayName

 

str

 

ItemType

ItemType

 

str

 

WorkSpaceName

WorkSpaceName

 

str

 

DestFolder_Path

DestFolder_Path

 

str

 

DestFolder_Id

DestFolder_Id

 

str

 

UniqueSharingId

UniqueSharingId

 

str

 

TargetUserOrGroupName

TargetUserOrGroupName

 

str

 

FlowConnectorNames

FlowConnectorNames

 

str

 

FileSyncBytesCommitted

FileSyncBytesCommitted

 

str

 

CorrelationId

CorrelationId

 

str

 

Members_DisplayName_str

Members_DisplayName_str

 

str

 

Members_UPN_str

Members_UPN_str

 

str

 

Members_Role_str

Members_Role_str

 

str

 

AddOnGuid

AddOnGuid

 

str

 

DashboardName

DashboardName

 

str

 

IsSuccess

IsSuccess

 

bool

 

AlertId

AlertId

 

str

 

ListTitle

ListTitle

 

str

 

ReportType

ReportType

 

str

 

AffectedWorkloadNames

AffectedWorkloadNames

 

str

 

FlowDetailsUrl

FlowDetailsUrl

 

str

 

TargetYammerUserId

TargetYammerUserId

 

int8

 

ImpactDescription

ImpactDescription

 

str

 

BrowserName

BrowserName

 

str

 

OperationProperties_Value_str

OperationProperties_Value_str

 

str

 

OperationProperties_Name_str

OperationProperties_Name_str

 

str

 

ReportId

ReportId

 

str

 

DestMailboxOwnerSid

DestMailboxOwnerSid

 

str

 

DestMailboxOwnerMasterAccountSid

DestMailboxOwnerMasterAccountSid

 

str

 

AffectedUserCount

AffectedUserCount

 

int4

 

Category

Category

 

str

 

MachineDomainInfo

MachineDomainInfo

 

str

 

ListBaseType

ListBaseType

 

str

 

DestMailboxId

DestMailboxId

 

str

 

TabType

TabType

 

str

 

Activity

Activity

 

str

 

DestinationFileExtension

DestinationFileExtension

 

str

 

UserUPN

UserUPN

 

str

 

ListId

ListId

 

str

 

SourceRelativeUrl

SourceRelativeUrl

 

str

 

UserTypeInitiated

UserTypeInitiated

 

int4

 

EndTime

EndTime

 

str

 

SendAsUserMailboxGuid

SendAsUserMailboxGuid

 

str

 

ActionType

ActionType

 

str

 

SourceFileExtension

SourceFileExtension

 

str

 

DashboardId

DashboardId

 

str

 

ClientApplicationId

ClientApplicationId

 

str

 

DestMailboxOwnerUPN

DestMailboxOwnerUPN

 

str

 

MailboxOwnerMasterAccountSid

MailboxOwnerMasterAccountSid

 

str

 

SensitiveInfoDetectionIsIncluded

SensitiveInfoDetectionIsIncluded

 

bool

 

Schedules_RefreshFrequency

Schedules_RefreshFrequency

 

str

 

Schedules_Days_str

Schedules_Days_str

 

str

 

Schedules_Time_str

Schedules_Time_str

 

str

 

Schedules_TimeZone

Schedules_TimeZone

 

str

 

TeamName

TeamName

 

str

 

WorkspaceId

WorkspaceId

 

str

 

DataflowType

DataflowType

 

str

 

SourceFileName

SourceFileName

 

str

 

FeatureDisplayName

FeatureDisplayName

 

str

 

EntityPath

EntityPath

 

str

 

TeamGuid

TeamGuid

 

str

 

ResourceTitle

ResourceTitle

 

str

 

Classification

Classification

 

str

 

ListBaseTemplateType

ListBaseTemplateType

 

str

 

DestinationFileName

DestinationFileName

 

str

 

AffectedTenantCount

AffectedTenantCount

 

int8

 

DatasetName

DatasetName

 

str

 

LicenseDisplayName

LicenseDisplayName

 

str

 

Feature

Feature

 

str

 

StartTime

StartTime

 

str

 

TargetUserOrGroupType

TargetUserOrGroupType

 

str

 

DataConnectivityMode

DataConnectivityMode

 

str

 

LastUpdatedTime

LastUpdatedTime

 

str

 

ReportName

ReportName

 

str

 

EntityType

EntityType

 

str

 

OperationDetails

OperationDetails

 

str

 

UserAgent

UserAgent

 

str

 

AlertType

AlertType

 

str

 

Name

Name

 

str

 

CmdletVersion

CmdletVersion

 

str

 

ImportSource

ImportSource

 

str

 

SkypeForBusinessEventType

SkypeForBusinessEventType

 

int4

 

AddOnType

AddOnType

 

int4

 

DoNotDistributeEvent

DoNotDistributeEvent

 

bool

 

ChannelName

ChannelName

 

str

 

ListItemUniqueId

ListItemUniqueId

 

str

 

ObjectId

ObjectId

 

str

 

AttachmentData

AttachmentData

 

json

 

DeliveryAction

DeliveryAction

 

str

 

DetectionMethod

DetectionMethod

 

str

 

DetectionType

DetectionType

 

str

 

Directionality

Directionality

 

str

 

EventDeepLink

EventDeepLink

 

str

 

InternetMessageId

InternetMessageId

 

str

 

LatestDeliveryLocation

LatestDeliveryLocation

 

str

 

MessageTime

MessageTime

 

str

 

NetworkMessageId

NetworkMessageId

 

str

 

OriginalDeliveryLocation

OriginalDeliveryLocation

 

str

 

P1Sender

P1Sender

 

str

 

P2Sender

P2Sender

 

str

 

Policy

Policy

 

str

 

PolicyAction

PolicyAction

 

str

 

Recipients

Recipients

 

str

 

SenderIp

SenderIp

 

str

 

Subject

Subject

 

str

 

ThreatsAndDetectionTech

ThreatsAndDetectionTech

 

str

 

Verdict

Verdict

 

str

 

SourceLocationType

SourceLocationType

 

int4

 

Platform

Platform

 

int4

 

Application

Application

 

str

 

FileExtension

FileExtension

 

str

 

DeviceName

DeviceName

 

str

 

MDATPDeviceId

MDATPDeviceId

 

str

 

FileSize

FileSize

 

int4

 

FileType

FileType

 

str

 

Hidden

Hidden

 

bool

 

Actions

Actions

 

json

 

AlertLinks

AlertLinks

 

json

 

Data

Data

 

json

 

DeepLinkUrl

DeepLinkUrl

 

str

 

EndTimeUtc

EndTimeUtc

 

timestamp

 

InvestigationId

InvestigationId

 

str

 

InvestigationName

InvestigationName

 

str

 

InvestigationType

InvestigationType

 

str

 

LastUpdateTimeUtc

LastUpdateTimeUtc

 

timestamp

 

StartTimeUtc

StartTimeUtc

 

timestamp

 

Source

Source

 

str

 

message

message

 

str

 

hostchain

hostchain

 

str

✓

tag

tag

 

str

✓

rawSource

rawSource

 

str

✓

rawTagged

rawTagged

 

str

 

rawMessage

rawMessage

 

str

 

cloud.office365.management.se

Field in

Field in source table

Field transformation

Data type

Extra Field

Field in

Field in source table

Field transformation

Data type

Extra Field

eventdate

eventdate

 

timestamp

 

hostname

hostname

 

str

 

type

-

"se"

str

 

Id

Id

 

str

 

Workload

Workload

 

str

 

StatusTime

StatusTime

 

str

 

FeatureStatus

FeatureStatus

 

str

 

Status

Status

 

str

 

StatusDisplayName

StatusDisplayName

 

str

 

IncidentIds

IncidentIds

 

str

 

WorkloadDisplayName

WorkloadDisplayName

 

str

 

UserType

UserType

 

int4

 

timestamp

timestamp

 

timestamp

 

Operation

Operation

 

str

 

Version

Version

 

int4

 

LogonType

LogonType

 

int4

 

MailboxOwnerSid

MailboxOwnerSid

 

str

 

ExternalAccess

ExternalAccess

 

bool

 

OrganizationName

OrganizationName

 

str

 

SessionId

SessionId

 

str

 

ClientAddress

ClientAddress

 

str

 

ClientIPAddress

ClientIPAddress

 

str

 

ClientProcessName

ClientProcessName

 

str

 

ResultStatus

ResultStatus

 

str

 

UserId

UserId

 

str

 

LogonUserSid

LogonUserSid

 

str

 

InternalLogonType

InternalLogonType

 

int4

 

OriginatingServer

OriginatingServer

 

str

 

UserKey

UserKey

 

str

 

MailboxGuid

MailboxGuid

 

str

 

OrganizationId

OrganizationId

 

str

 

RecordType

RecordType

 

int4

 

ClientInfoString

ClientInfoString

 

str

 

MailboxOwnerUPN

MailboxOwnerUPN

 

str

 

CrossMailboxOperation

CrossMailboxOperation

 

bool

 

AffectedItems

AffectedItems

 

str

 

Folder_Id

Folder_Id

 

str

 

Folder_Path

Folder_Path

 

str

 

FoldersItemsStr

FoldersItemsStr

 

str

 

ForwardTo

ForwardTo

 

str

 

Parameters_Raw

Parameters_Raw

 

str

 

Item_Subject

Item_Subject

 

str

 

Item_Attachments

Item_Attachments

 

str

 

Item_ParentFolder_Id

Item_ParentFolder_Id

 

str

 

Item_ParentFolder_Path

Item_ParentFolder_Path

 

str

 

ModifiedProperties

ModifiedProperties

 

str

 

SendOnBehalfOfUserSmtp

SendOnBehalfOfUserSmtp

 

str

 

SendAsUserSmtp

SendAsUserSmtp

 

str

 

PolicyDetails

PolicyDetails

 

str

 

PolicyDetails_PolicyName_str

PolicyDetails_PolicyName_str

 

str

 

PolicyDetails_PolicyId_str

PolicyDetails_PolicyId_str

 

str

 

PolicyDetails_location_str

PolicyDetails_location_str

 

str

 

PolicyDetails_RuleMode_str

PolicyDetails_RuleMode_str

 

str

 

PolicyDetails_RuleName_str

PolicyDetails_RuleName_str

 

str

 

PolicyDetails_RuleId_str

PolicyDetails_RuleId_str

 

str

 

PolicyDetails_Severity_str

PolicyDetails_Severity_str

 

str

 

PolicyDetails_ManagementRuleId_str

PolicyDetails_ManagementRuleId_str

 

str

 

Unique_PolicyDetails_location_str

Unique_PolicyDetails_location_str

 

str

 

PolicyDetails_confidence_str

PolicyDetails_confidence_str

 

str

 

PolicyDetails_count_str

PolicyDetails_count_str

 

str

 

PolicyDetails_sensitiveType_str

PolicyDetails_sensitiveType_str

 

str

 

PolicyDetails_uniqueCount_str

PolicyDetails_uniqueCount_str

 

str

 

PolicyDetails_ConditionsMatched_Name_str

PolicyDetails_ConditionsMatched_Name_str

 

str

 

PolicyDetails_ConditionsMatched_Value_str

PolicyDetails_ConditionsMatched_Value_str

 

str

 

PolicyDetails_ConditionMatchedInNewScheme_str

PolicyDetails_ConditionMatchedInNewScheme_str

 

str

 

ExchangeMetaData_BCC

ExchangeMetaData_BCC

 

str

 

ExchangeMetaData_MessageID

ExchangeMetaData_MessageID

 

str

 

ExchangeMetaData_From

ExchangeMetaData_From

 

str

 

ExchangeMetaData_CC

ExchangeMetaData_CC

 

str

 

ExchangeMetaData_Sent

ExchangeMetaData_Sent

 

str

 

ExchangeMetaData_Subject

ExchangeMetaData_Subject

 

str

 

ExchangeMetaData_RecipientCount

ExchangeMetaData_RecipientCount

 

int4

 

ExchangeMetaData_To

ExchangeMetaData_To

 

str

 

InterSystemsId

InterSystemsId

 

str

 

TargetUserId

TargetUserId

 

str

 

Actor_ID_str

Actor_ID_str

 

str

 

Actor_Type_str

Actor_Type_str

 

str

 

ActorContextId

ActorContextId

 

str

 

YammerNetworkId

YammerNetworkId

 

int4

 

ActorUserId

ActorUserId

 

str

 

ActorIpAddress

ActorIpAddress

 

str

 

Client

Client

 

str

 

ClientIP

ClientIP

 

str

 

LogonError

LogonError

 

str

 

ApplicationId

ApplicationId

 

str

 

Target_ID_str

Target_ID_str

 

str

 

Target_Type_str

Target_Type_str

 

str

 

IntraSystemId

IntraSystemId

 

str

 

ExtendedProperties_Name_str

ExtendedProperties_Name_str

 

str

 

ExtendedProperties_Value_str

ExtendedProperties_Value_str

 

str

 

ActorYammerUserId

ActorYammerUserId

 

int8

 

FileName

FileName

 

str

 

TargetContextId

TargetContextId

 

str

 

AzureActiveDirectoryEventType

AzureActiveDirectoryEventType

 

int4

 

VersionId

VersionId

 

int8

 

FileId

FileId

 

int8

 

PostIncidentDocumentUrl

PostIncidentDocumentUrl

 

str

 

Severity

Severity

 

str

 

Title

Title

 

str

 

Comments

Comments

 

str

 

AffectedWorkloadDisplayNames

AffectedWorkloadDisplayNames

 

str

 

AlertEntityId

AlertEntityId

 

str

 

Messages_MessageText_str

Messages_MessageText_str

 

str

 

Messages_PublishedTime_str

Messages_PublishedTime_str

 

str

 

ChannelGuid

ChannelGuid

 

str

 

LogonUserDisplayName

LogonUserDisplayName

 

str

 

RecipientUPN

RecipientUPN

 

str

 

ApplicationDisplayName

ApplicationDisplayName

 

str

 

MessageType

MessageType

 

str

 

EventSource

EventSource

 

str

 

DestinationRelativeUrl

DestinationRelativeUrl

 

str

 

MachineId

MachineId

 

str

 

WebId

WebId

 

str

 

SendOnBehalfOfUserMailboxGuid

SendOnBehalfOfUserMailboxGuid

 

str

 

ExtraProperties_Key_str

ExtraProperties_Key_str

 

str

 

ExtraProperties_Value_str

ExtraProperties_Value_str

 

str

 

SharingPermission

SharingPermission

 

int4

 

ObjectName

ObjectName

 

str

 

SharingType

SharingType

 

str

 

DataflowRefreshScheduleType

DataflowRefreshScheduleType

 

str

 

TenantName

TenantName

 

str

 

CustomUniqueId

CustomUniqueId

 

bool

 

DatasetId

DatasetId

 

str

 

SiteUrl

SiteUrl

 

str

 

Parameters_Name_str

Parameters_Name_str

 

str

 

Parameters_Value_str

Parameters_Value_str

 

str

 

ImportType

ImportType

 

str

 

ImportId

ImportId

 

str

 

PolicyId

PolicyId

 

str

 

ItemName

ItemName

 

str

 

Datasets_DatasetId_str

Datasets_DatasetId_str

 

str

 

Datasets_DatasetName_str

Datasets_DatasetName_str

 

str

 

ImplicitShare

ImplicitShare

 

str

 

ImportDisplayName

ImportDisplayName

 

str

 

ItemType

ItemType

 

str

 

WorkSpaceName

WorkSpaceName

 

str

 

DestFolder_Path

DestFolder_Path

 

str

 

DestFolder_Id

DestFolder_Id

 

str

 

UniqueSharingId

UniqueSharingId

 

str

 

TargetUserOrGroupName

TargetUserOrGroupName

 

str

 

FlowConnectorNames

FlowConnectorNames

 

str

 

FileSyncBytesCommitted

FileSyncBytesCommitted

 

str

 

CorrelationId

CorrelationId

 

str

 

Members_DisplayName_str

Members_DisplayName_str

 

str

 

Members_UPN_str

Members_UPN_str

 

str

 

Members_Role_str

Members_Role_str

 

str

 

AddOnGuid

AddOnGuid

 

str

 

DashboardName

DashboardName

 

str

 

IsSuccess

IsSuccess

 

bool

 

AlertId

AlertId

 

str

 

ListTitle

ListTitle

 

str

 

ReportType

ReportType

 

str

 

AffectedWorkloadNames

AffectedWorkloadNames

 

str

 

FlowDetailsUrl

FlowDetailsUrl

 

str

 

TargetYammerUserId

TargetYammerUserId

 

int8

 

ImpactDescription

ImpactDescription

 

str

 

BrowserName

BrowserName

 

str

 

OperationProperties_Value_str

OperationProperties_Value_str

 

str

 

OperationProperties_Name_str

OperationProperties_Name_str

 

str

 

ReportId

ReportId

 

str

 

DestMailboxOwnerSid

DestMailboxOwnerSid

 

str

 

DestMailboxOwnerMasterAccountSid

DestMailboxOwnerMasterAccountSid

 

str

 

AffectedUserCount

AffectedUserCount

 

int4

 

Category

Category

 

str

 

MachineDomainInfo

MachineDomainInfo

 

str

 

ListBaseType

ListBaseType

 

str

 

DestMailboxId

DestMailboxId

 

str

 

TabType

TabType

 

str

 

Activity

Activity

 

str

 

DestinationFileExtension

DestinationFileExtension

 

str

 

UserUPN

UserUPN

 

str

 

ListId

ListId

 

str

 

SourceRelativeUrl

SourceRelativeUrl

 

str

 

UserTypeInitiated

UserTypeInitiated

 

int4

 

EndTime

EndTime

 

str

 

SendAsUserMailboxGuid

SendAsUserMailboxGuid

 

str

 

ActionType

ActionType

 

str

 

SourceFileExtension

SourceFileExtension

 

str

 

DashboardId

DashboardId

 

str

 

ClientApplicationId

ClientApplicationId

 

str

 

DestMailboxOwnerUPN

DestMailboxOwnerUPN

 

str

 

MailboxOwnerMasterAccountSid

MailboxOwnerMasterAccountSid

 

str

 

SensitiveInfoDetectionIsIncluded

SensitiveInfoDetectionIsIncluded

 

bool

 

Schedules_RefreshFrequency

Schedules_RefreshFrequency

 

str

 

Schedules_Days_str

Schedules_Days_str

 

str

 

Schedules_Time_str

Schedules_Time_str

 

str

 

Schedules_TimeZone

Schedules_TimeZone

 

str

 

TeamName

TeamName

 

str

 

WorkspaceId

WorkspaceId

 

str

 

DataflowType

DataflowType

 

str

 

SourceFileName

SourceFileName

 

str

 

FeatureDisplayName

FeatureDisplayName

 

str

 

EntityPath

EntityPath

 

str

 

TeamGuid

TeamGuid

 

str

 

ResourceTitle

ResourceTitle

 

str

 

Classification

Classification

 

str

 

ListBaseTemplateType

ListBaseTemplateType

 

str

 

DestinationFileName

DestinationFileName

 

str

 

AffectedTenantCount

AffectedTenantCount

 

int8

 

DatasetName

DatasetName

 

str

 

LicenseDisplayName

LicenseDisplayName

 

str

 

Feature

Feature

 

str

 

StartTime

StartTime

 

str

 

TargetUserOrGroupType

TargetUserOrGroupType

 

str

 

DataConnectivityMode

DataConnectivityMode

 

str

 

LastUpdatedTime

LastUpdatedTime

 

str

 

ReportName

ReportName

 

str

 

EntityType

EntityType

 

str

 

OperationDetails

OperationDetails

 

str

 

UserAgent

UserAgent

 

str

 

AlertType

AlertType

 

str

 

Name

Name

 

str

 

CmdletVersion

CmdletVersion

 

str

 

ImportSource

ImportSource

 

str

 

SkypeForBusinessEventType

SkypeForBusinessEventType

 

int4

 

AddOnType

AddOnType

 

int4

 

DoNotDistributeEvent

DoNotDistributeEvent

 

bool

 

ChannelName

ChannelName

 

str

 

ListItemUniqueId

ListItemUniqueId

 

str

 

ObjectId

ObjectId

 

str

 

AttachmentData

AttachmentData

 

json

 

DeliveryAction

DeliveryAction

 

str

 

DetectionMethod

DetectionMethod

 

str

 

DetectionType

DetectionType

 

str

 

Directionality

Directionality

 

str

 

EventDeepLink

EventDeepLink

 

str

 

InternetMessageId

InternetMessageId

 

str

 

LatestDeliveryLocation

LatestDeliveryLocation

 

str

 

MessageTime

MessageTime

 

str

 

NetworkMessageId

NetworkMessageId

 

str

 

OriginalDeliveryLocation

OriginalDeliveryLocation

 

str

 

P1Sender

P1Sender

 

str

 

P2Sender

P2Sender

 

str

 

Policy

Policy

 

str

 

PolicyAction

PolicyAction

 

str

 

Recipients

Recipients

 

str

 

SenderIp

SenderIp

 

str

 

Subject

Subject

 

str

 

ThreatsAndDetectionTech

ThreatsAndDetectionTech

 

str

 

Verdict

Verdict

 

str

 

SourceLocationType

SourceLocationType

 

int4

 

Platform

Platform

 

int4

 

Application

Application

 

str

 

FileExtension

FileExtension

 

str

 

DeviceName

DeviceName

 

str

 

MDATPDeviceId

MDATPDeviceId

 

str

 

FileSize

FileSize

 

int4

 

FileType

FileType

 

str

 

Hidden

Hidden

 

bool

 

Actions

Actions

 

json

 

AlertLinks

AlertLinks

 

json

 

Data

Data

 

json

 

DeepLinkUrl

DeepLinkUrl

 

str

 

EndTimeUtc

EndTimeUtc

 

timestamp

 

InvestigationId

InvestigationId

 

str

 

InvestigationName

InvestigationName

 

str

 

InvestigationType

InvestigationType

 

str

 

LastUpdateTimeUtc

LastUpdateTimeUtc

 

timestamp

 

StartTimeUtc

StartTimeUtc

 

timestamp

 

Source

Source

 

str

 

message

message

 

str

 

hostchain

hostchain

 

str

✓

tag

tag

 

str

✓

rawSource

rawSource

 

str

✓

rawTagged

rawTagged

 

str

 

rawMessage

rawMessage

 

str

 

cloud.office365.management.workplaceanalytics

Field in

Field in source table

Field transformation

Data type

Extra Field

Field in

Field in source table

Field transformation

Data type

Extra Field

eventdate

eventdate

 

timestamp

 

hostname

hostname

 

str

 

type

-

str

 

Id

Id

 

str

 

Workload

Workload

 

str

 

StatusTime

StatusTime

 

str

 

FeatureStatus

FeatureStatus

 

str

 

Status

Status

 

str

 

StatusDisplayName

StatusDisplayName

 

str

 

IncidentIds

IncidentIds

 

str

 

WorkloadDisplayName

WorkloadDisplayName

 

str

 

UserType

UserType

 

int4

 

timestamp

timestamp

 

timestamp

 

Operation

Operation

 

str

 

Version

Version

 

int4

 

LogonType

LogonType

 

int4

 

MailboxOwnerSid

MailboxOwnerSid

 

str

 

ExternalAccess

ExternalAccess

 

bool

 

OrganizationName

OrganizationName

 

str

 

SessionId

SessionId

 

str

 

ClientAddress

ClientAddress

 

str

 

ClientIPAddress

ClientIPAddress

 

str

 

ClientProcessName

ClientProcessName

 

str

 

ResultStatus

ResultStatus

 

str

 

UserId

UserId

 

str

 

LogonUserSid

LogonUserSid

 

str

 

InternalLogonType

InternalLogonType

 

int4

 

OriginatingServer

OriginatingServer

 

str

 

UserKey

UserKey

 

str

 

MailboxGuid

MailboxGuid

 

str

 

OrganizationId

OrganizationId

 

str

 

RecordType

RecordType

 

int4

 

ClientInfoString

ClientInfoString

 

str

 

MailboxOwnerUPN

MailboxOwnerUPN

 

str

 

CrossMailboxOperation

CrossMailboxOperation

 

bool

 

AffectedItems

AffectedItems

 

str

 

Folder_Id

Folder_Id

 

str

 

Folder_Path

Folder_Path

 

str

 

FoldersItemsStr

FoldersItemsStr

 

str

 

ForwardTo

ForwardTo

 

str

 

Parameters_Raw

Parameters_Raw

 

str

 

Item_Subject

Item_Subject

 

str

 

Item_Attachments

Item_Attachments

 

str

 

Item_ParentFolder_Id

Item_ParentFolder_Id

 

str

 

Item_ParentFolder_Path

Item_ParentFolder_Path

 

str

 

ModifiedProperties

ModifiedProperties

 

str

 

SendOnBehalfOfUserSmtp

SendOnBehalfOfUserSmtp

 

str

 

SendAsUserSmtp

SendAsUserSmtp

 

str

 

PolicyDetails

PolicyDetails

 

str

 

PolicyDetails_PolicyName_str

PolicyDetails_PolicyName_str

 

str

 

PolicyDetails_PolicyId_str

PolicyDetails_PolicyId_str

 

str

 

PolicyDetails_location_str

PolicyDetails_location_str

 

str

 

PolicyDetails_RuleMode_str

PolicyDetails_RuleMode_str

 

str

 

PolicyDetails_RuleName_str

PolicyDetails_RuleName_str

 

str

 

PolicyDetails_RuleId_str

PolicyDetails_RuleId_str

 

str

 

PolicyDetails_Severity_str

PolicyDetails_Severity_str

 

str

 

PolicyDetails_ManagementRuleId_str

PolicyDetails_ManagementRuleId_str

 

str

 

Unique_PolicyDetails_location_str

Unique_PolicyDetails_location_str

 

str

 

PolicyDetails_confidence_str

PolicyDetails_confidence_str

 

str

 

PolicyDetails_count_str

PolicyDetails_count_str

 

str

 

PolicyDetails_sensitiveType_str

PolicyDetails_sensitiveType_str

 

str

 

PolicyDetails_uniqueCount_str

PolicyDetails_uniqueCount_str

 

str

 

PolicyDetails_ConditionsMatched_Name_str

PolicyDetails_ConditionsMatched_Name_str

 

str

 

PolicyDetails_ConditionsMatched_Value_str

PolicyDetails_ConditionsMatched_Value_str

 

str

 

PolicyDetails_ConditionMatchedInNewScheme_str

PolicyDetails_ConditionMatchedInNewScheme_str

 

str

 

ExchangeMetaData_BCC

ExchangeMetaData_BCC

 

str

 

ExchangeMetaData_MessageID

ExchangeMetaData_MessageID

 

str

 

ExchangeMetaData_From

ExchangeMetaData_From

 

str

 

ExchangeMetaData_CC

ExchangeMetaData_CC

 

str

 

ExchangeMetaData_Sent

ExchangeMetaData_Sent

 

str

 

ExchangeMetaData_Subject

ExchangeMetaData_Subject

 

str

 

ExchangeMetaData_RecipientCount

ExchangeMetaData_RecipientCount

 

int4

 

ExchangeMetaData_To

ExchangeMetaData_To

 

str

 

InterSystemsId

InterSystemsId

 

str

 

TargetUserId

TargetUserId

 

str

 

Actor_ID_str

Actor_ID_str

 

str

 

Actor_Type_str

Actor_Type_str

 

str

 

ActorContextId

ActorContextId

 

str

 

YammerNetworkId

YammerNetworkId

 

int4

 

ActorUserId

ActorUserId

 

str

 

ActorIpAddress

ActorIpAddress

 

str

 

Client

Client

 

str

 

ClientIP

ClientIP

 

str

 

LogonError

LogonError

 

str

 

ApplicationId

ApplicationId

 

str

 

Target_ID_str

Target_ID_str

 

str

 

Target_Type_str

Target_Type_str

 

str

 

IntraSystemId

IntraSystemId

 

str

 

ExtendedProperties_Name_str

ExtendedProperties_Name_str

 

str

 

ExtendedProperties_Value_str

ExtendedProperties_Value_str

 

str

 

ActorYammerUserId

ActorYammerUserId

 

int8

 

FileName

FileName

 

str

 

TargetContextId

TargetContextId

 

str

 

AzureActiveDirectoryEventType

AzureActiveDirectoryEventType

 

int4

 

VersionId

VersionId

 

int8

 

FileId

FileId

 

int8

 

PostIncidentDocumentUrl

PostIncidentDocumentUrl

 

str

 

Severity

Severity

 

str

 

Title

Title

 

str

 

Comments

Comments

 

str

 

AffectedWorkloadDisplayNames

AffectedWorkloadDisplayNames

 

str

 

AlertEntityId

AlertEntityId

 

str

 

Messages_MessageText_str

Messages_MessageText_str

 

str

 

Messages_PublishedTime_str

Messages_PublishedTime_str

 

str

 

ChannelGuid

ChannelGuid

 

str

 

LogonUserDisplayName

LogonUserDisplayName

 

str

 

RecipientUPN

RecipientUPN

 

str

 

ApplicationDisplayName

ApplicationDisplayName

 

str

 

MessageType

MessageType

 

str

 

EventSource

EventSource

 

str

 

DestinationRelativeUrl

DestinationRelativeUrl

 

str

 

MachineId

MachineId

 

str

 

WebId

WebId

 

str

 

SendOnBehalfOfUserMailboxGuid

SendOnBehalfOfUserMailboxGuid

 

str

 

ExtraProperties_Key_str

ExtraProperties_Key_str

 

str

 

ExtraProperties_Value_str

ExtraProperties_Value_str

 

str

 

SharingPermission

SharingPermission

 

int4

 

ObjectName

ObjectName

 

str

 

SharingType

SharingType

 

str

 

DataflowRefreshScheduleType

DataflowRefreshScheduleType

 

str

 

TenantName

TenantName

 

str

 

CustomUniqueId

CustomUniqueId

 

bool

 

DatasetId

DatasetId

 

str

 

SiteUrl

SiteUrl

 

str

 

Parameters_Name_str

Parameters_Name_str

 

str

 

Parameters_Value_str

Parameters_Value_str

 

str

 

ImportType

ImportType

 

str

 

ImportId

ImportId

 

str

 

PolicyId

PolicyId

 

str

 

ItemName

ItemName

 

str

 

Datasets_DatasetId_str

Datasets_DatasetId_str

 

str

 

Datasets_DatasetName_str

Datasets_DatasetName_str

 

str

 

ImplicitShare

ImplicitShare

 

str

 

ImportDisplayName

ImportDisplayName

 

str

 

ItemType

ItemType

 

str

 

WorkSpaceName

WorkSpaceName

 

str

 

DestFolder_Path

DestFolder_Path

 

str

 

DestFolder_Id

DestFolder_Id

 

str

 

UniqueSharingId

UniqueSharingId

 

str

 

TargetUserOrGroupName

TargetUserOrGroupName

 

str

 

FlowConnectorNames

FlowConnectorNames

 

str

 

FileSyncBytesCommitted

FileSyncBytesCommitted

 

str

 

CorrelationId

CorrelationId

 

str

 

Members_DisplayName_str

Members_DisplayName_str

 

str

 

Members_UPN_str

Members_UPN_str

 

str

 

Members_Role_str

Members_Role_str

 

str

 

AddOnGuid

AddOnGuid

 

str

 

DashboardName

DashboardName

 

str

 

IsSuccess

IsSuccess

 

bool

 

AlertId

AlertId

 

str

 

ListTitle

ListTitle

 

str

 

ReportType

ReportType

 

str

 

AffectedWorkloadNames

AffectedWorkloadNames

 

str

 

FlowDetailsUrl

FlowDetailsUrl

 

str

 

TargetYammerUserId

TargetYammerUserId

 

int8

 

ImpactDescription

ImpactDescription

 

str

 

BrowserName

BrowserName

 

str

 

OperationProperties_Value_str

OperationProperties_Value_str

 

str

 

OperationProperties_Name_str

OperationProperties_Name_str

 

str

 

ReportId

ReportId

 

str

 

DestMailboxOwnerSid

DestMailboxOwnerSid

 

str

 

DestMailboxOwnerMasterAccountSid

DestMailboxOwnerMasterAccountSid

 

str

 

AffectedUserCount

AffectedUserCount

 

int4

 

Category

Category

 

str

 

MachineDomainInfo

MachineDomainInfo

 

str

 

ListBaseType

ListBaseType

 

str

 

DestMailboxId

DestMailboxId

 

str

 

TabType

TabType

 

str

 

Activity

Activity

 

str

 

DestinationFileExtension

DestinationFileExtension

 

str

 

UserUPN

UserUPN

 

str

 

ListId

ListId

 

str

 

SourceRelativeUrl

SourceRelativeUrl

 

str

 

UserTypeInitiated

UserTypeInitiated

 

int4

 

EndTime

EndTime

 

str

 

SendAsUserMailboxGuid

SendAsUserMailboxGuid

 

str

 

ActionType

ActionType

 

str

 

SourceFileExtension

SourceFileExtension

 

str

 

DashboardId

DashboardId

 

str

 

ClientApplicationId

ClientApplicationId

 

str

 

DestMailboxOwnerUPN

DestMailboxOwnerUPN

 

str

 

MailboxOwnerMasterAccountSid

MailboxOwnerMasterAccountSid

 

str

 

SensitiveInfoDetectionIsIncluded

SensitiveInfoDetectionIsIncluded

 

bool

 

Schedules_RefreshFrequency

Schedules_RefreshFrequency

 

str

 

Schedules_Days_str

Schedules_Days_str

 

str

 

Schedules_Time_str

Schedules_Time_str

 

str

 

Schedules_TimeZone

Schedules_TimeZone

 

str

 

TeamName

TeamName

 

str

 

WorkspaceId

WorkspaceId

 

str

 

DataflowType

DataflowType

 

str

 

SourceFileName

SourceFileName

 

str

 

FeatureDisplayName

FeatureDisplayName

 

str

 

EntityPath

EntityPath

 

str

 

TeamGuid

TeamGuid

 

str

 

ResourceTitle

ResourceTitle

 

str

 

Classification

Classification

 

str

 

ListBaseTemplateType

ListBaseTemplateType

 

str

 

DestinationFileName

DestinationFileName

 

str

 

AffectedTenantCount

AffectedTenantCount

 

int8

 

DatasetName

DatasetName

 

str

 

LicenseDisplayName

LicenseDisplayName

 

str

 

Feature

Feature

 

str

 

StartTime

StartTime

 

str

 

TargetUserOrGroupType

TargetUserOrGroupType

 

str

 

DataConnectivityMode

DataConnectivityMode

 

str

 

LastUpdatedTime

LastUpdatedTime

 

str

 

ReportName

ReportName

 

str

 

EntityType

EntityType

 

str

 

OperationDetails

OperationDetails

 

str

 

UserAgent

UserAgent

 

str

 

AlertType

AlertType

 

str

 

Name

Name

 

str

 

CmdletVersion

CmdletVersion

 

str

 

ImportSource

ImportSource

 

str

 

SkypeForBusinessEventType

SkypeForBusinessEventType

 

int4

 

AddOnType

AddOnType

 

int4

 

DoNotDistributeEvent

DoNotDistributeEvent

 

bool

 

ChannelName

ChannelName

 

str

 

ListItemUniqueId

ListItemUniqueId

 

str

 

ObjectId

ObjectId

 

str

 

AttachmentData

AttachmentData

 

json

 

DeliveryAction

DeliveryAction

 

str

 

DetectionMethod

DetectionMethod

 

str

 

DetectionType

DetectionType

 

str

 

Directionality

Directionality

 

str

 

EventDeepLink

EventDeepLink

 

str

 

InternetMessageId

InternetMessageId

 

str

 

LatestDeliveryLocation

LatestDeliveryLocation

 

str

 

MessageTime

MessageTime

 

str

 

NetworkMessageId

NetworkMessageId

 

str

 

OriginalDeliveryLocation

OriginalDeliveryLocation

 

str

 

P1Sender

P1Sender

 

str

 

P2Sender

P2Sender

 

str

 

Policy

Policy

 

str

 

PolicyAction

PolicyAction

 

str

 

Recipients

Recipients

 

str

 

SenderIp

SenderIp

 

str

 

Subject

Subject

 

str

 

ThreatsAndDetectionTech

ThreatsAndDetectionTech

 

str

 

Verdict

Verdict

 

str

 

SourceLocationType

SourceLocationType

 

int4

 

Platform

Platform

 

int4

 

Application

Application

 

str

 

FileExtension

FileExtension

 

str

 

DeviceName

DeviceName

 

str

 

MDATPDeviceId

MDATPDeviceId

 

str

 

FileSize

FileSize

 

int4

 

FileType

FileType

 

str

 

Hidden

Hidden

 

bool

 

Actions

Actions

 

json

 

AlertLinks

AlertLinks

 

json

 

Data

Data

 

json

 

DeepLinkUrl

DeepLinkUrl

 

str

 

EndTimeUtc

EndTimeUtc

 

timestamp

 

InvestigationId

InvestigationId

 

str

 

InvestigationName

InvestigationName

 

str

 

InvestigationType

InvestigationType

 

str

 

LastUpdateTimeUtc

LastUpdateTimeUtc

 

timestamp

 

StartTimeUtc

StartTimeUtc

 

timestamp

 

Source

Source

 

str

 

message

message

 

str

 

hostchain

hostchain

 

str

✓

tag

tag

 

str

✓

rawSource

rawSource

 

str

✓

rawTagged

rawTagged

 

str

 

rawMessage

rawMessage

 

str

 

Â