Tables from 32 to 36
Â
cloud.office365.management.quarantine
Field in | Field in source table | Field transformation | Data type | Extra Field |
---|---|---|---|---|
eventdate | eventdate | Â | timestamp | Â |
hostname | hostname | Â | str | Â |
type | - | "quarantine" | str | Â |
Id | Id | Â | str | Â |
Workload | Workload | Â | str | Â |
StatusTime | StatusTime | Â | str | Â |
FeatureStatus | FeatureStatus | Â | str | Â |
Status | Status | Â | str | Â |
StatusDisplayName | StatusDisplayName | Â | str | Â |
IncidentIds | IncidentIds | Â | str | Â |
WorkloadDisplayName | WorkloadDisplayName | Â | str | Â |
UserType | UserType | Â | int4 | Â |
timestamp | timestamp | Â | timestamp | Â |
Operation | Operation | Â | str | Â |
Version | Version | Â | int4 | Â |
LogonType | LogonType | Â | int4 | Â |
MailboxOwnerSid | MailboxOwnerSid | Â | str | Â |
ExternalAccess | ExternalAccess | Â | bool | Â |
OrganizationName | OrganizationName | Â | str | Â |
SessionId | SessionId | Â | str | Â |
ClientAddress | ClientAddress | Â | str | Â |
ClientIPAddress | ClientIPAddress | Â | str | Â |
ClientProcessName | ClientProcessName | Â | str | Â |
ResultStatus | ResultStatus | Â | str | Â |
UserId | UserId | Â | str | Â |
LogonUserSid | LogonUserSid | Â | str | Â |
InternalLogonType | InternalLogonType | Â | int4 | Â |
OriginatingServer | OriginatingServer | Â | str | Â |
UserKey | UserKey | Â | str | Â |
MailboxGuid | MailboxGuid | Â | str | Â |
OrganizationId | OrganizationId | Â | str | Â |
RecordType | RecordType | Â | int4 | Â |
ClientInfoString | ClientInfoString | Â | str | Â |
MailboxOwnerUPN | MailboxOwnerUPN | Â | str | Â |
CrossMailboxOperation | CrossMailboxOperation | Â | bool | Â |
AffectedItems | AffectedItems | Â | str | Â |
Folder_Id | Folder_Id | Â | str | Â |
Folder_Path | Folder_Path | Â | str | Â |
FoldersItemsStr | FoldersItemsStr | Â | str | Â |
ForwardTo | ForwardTo | Â | str | Â |
Parameters_Raw | Parameters_Raw | Â | str | Â |
Item_Subject | Item_Subject | Â | str | Â |
Item_Attachments | Item_Attachments | Â | str | Â |
Item_ParentFolder_Id | Item_ParentFolder_Id | Â | str | Â |
Item_ParentFolder_Path | Item_ParentFolder_Path | Â | str | Â |
ModifiedProperties | ModifiedProperties | Â | str | Â |
SendOnBehalfOfUserSmtp | SendOnBehalfOfUserSmtp | Â | str | Â |
SendAsUserSmtp | SendAsUserSmtp | Â | str | Â |
PolicyDetails | PolicyDetails | Â | str | Â |
PolicyDetails_PolicyName_str | PolicyDetails_PolicyName_str | Â | str | Â |
PolicyDetails_PolicyId_str | PolicyDetails_PolicyId_str | Â | str | Â |
PolicyDetails_location_str | PolicyDetails_location_str | Â | str | Â |
PolicyDetails_RuleMode_str | PolicyDetails_RuleMode_str | Â | str | Â |
PolicyDetails_RuleName_str | PolicyDetails_RuleName_str | Â | str | Â |
PolicyDetails_RuleId_str | PolicyDetails_RuleId_str | Â | str | Â |
PolicyDetails_Severity_str | PolicyDetails_Severity_str | Â | str | Â |
PolicyDetails_ManagementRuleId_str | PolicyDetails_ManagementRuleId_str | Â | str | Â |
Unique_PolicyDetails_location_str | Unique_PolicyDetails_location_str | Â | str | Â |
PolicyDetails_confidence_str | PolicyDetails_confidence_str | Â | str | Â |
PolicyDetails_count_str | PolicyDetails_count_str | Â | str | Â |
PolicyDetails_sensitiveType_str | PolicyDetails_sensitiveType_str | Â | str | Â |
PolicyDetails_uniqueCount_str | PolicyDetails_uniqueCount_str | Â | str | Â |
PolicyDetails_ConditionsMatched_Name_str | PolicyDetails_ConditionsMatched_Name_str | Â | str | Â |
PolicyDetails_ConditionsMatched_Value_str | PolicyDetails_ConditionsMatched_Value_str | Â | str | Â |
PolicyDetails_ConditionMatchedInNewScheme_str | PolicyDetails_ConditionMatchedInNewScheme_str | Â | str | Â |
ExchangeMetaData_BCC | ExchangeMetaData_BCC | Â | str | Â |
ExchangeMetaData_MessageID | ExchangeMetaData_MessageID | Â | str | Â |
ExchangeMetaData_From | ExchangeMetaData_From | Â | str | Â |
ExchangeMetaData_CC | ExchangeMetaData_CC | Â | str | Â |
ExchangeMetaData_Sent | ExchangeMetaData_Sent | Â | str | Â |
ExchangeMetaData_Subject | ExchangeMetaData_Subject | Â | str | Â |
ExchangeMetaData_RecipientCount | ExchangeMetaData_RecipientCount | Â | int4 | Â |
ExchangeMetaData_To | ExchangeMetaData_To | Â | str | Â |
InterSystemsId | InterSystemsId | Â | str | Â |
TargetUserId | TargetUserId | Â | str | Â |
Actor_ID_str | Actor_ID_str | Â | str | Â |
Actor_Type_str | Actor_Type_str | Â | str | Â |
ActorContextId | ActorContextId | Â | str | Â |
YammerNetworkId | YammerNetworkId | Â | int4 | Â |
ActorUserId | ActorUserId | Â | str | Â |
ActorIpAddress | ActorIpAddress | Â | str | Â |
Client | Client | Â | str | Â |
ClientIP | ClientIP | Â | str | Â |
LogonError | LogonError | Â | str | Â |
ApplicationId | ApplicationId | Â | str | Â |
Target_ID_str | Target_ID_str | Â | str | Â |
Target_Type_str | Target_Type_str | Â | str | Â |
IntraSystemId | IntraSystemId | Â | str | Â |
ExtendedProperties_Name_str | ExtendedProperties_Name_str | Â | str | Â |
ExtendedProperties_Value_str | ExtendedProperties_Value_str | Â | str | Â |
ActorYammerUserId | ActorYammerUserId | Â | int8 | Â |
FileName | FileName | Â | str | Â |
TargetContextId | TargetContextId | Â | str | Â |
AzureActiveDirectoryEventType | AzureActiveDirectoryEventType | Â | int4 | Â |
VersionId | VersionId | Â | int8 | Â |
FileId | FileId | Â | int8 | Â |
PostIncidentDocumentUrl | PostIncidentDocumentUrl | Â | str | Â |
Severity | Severity | Â | str | Â |
Title | Title | Â | str | Â |
Comments | Comments | Â | str | Â |
AffectedWorkloadDisplayNames | AffectedWorkloadDisplayNames | Â | str | Â |
AlertEntityId | AlertEntityId | Â | str | Â |
Messages_MessageText_str | Messages_MessageText_str | Â | str | Â |
Messages_PublishedTime_str | Messages_PublishedTime_str | Â | str | Â |
ChannelGuid | ChannelGuid | Â | str | Â |
LogonUserDisplayName | LogonUserDisplayName | Â | str | Â |
RecipientUPN | RecipientUPN | Â | str | Â |
ApplicationDisplayName | ApplicationDisplayName | Â | str | Â |
MessageType | MessageType | Â | str | Â |
EventSource | EventSource | Â | str | Â |
DestinationRelativeUrl | DestinationRelativeUrl | Â | str | Â |
MachineId | MachineId | Â | str | Â |
WebId | WebId | Â | str | Â |
SendOnBehalfOfUserMailboxGuid | SendOnBehalfOfUserMailboxGuid | Â | str | Â |
ExtraProperties_Key_str | ExtraProperties_Key_str | Â | str | Â |
ExtraProperties_Value_str | ExtraProperties_Value_str | Â | str | Â |
SharingPermission | SharingPermission | Â | int4 | Â |
ObjectName | ObjectName | Â | str | Â |
SharingType | SharingType | Â | str | Â |
DataflowRefreshScheduleType | DataflowRefreshScheduleType | Â | str | Â |
TenantName | TenantName | Â | str | Â |
CustomUniqueId | CustomUniqueId | Â | bool | Â |
DatasetId | DatasetId | Â | str | Â |
SiteUrl | SiteUrl | Â | str | Â |
Parameters_Name_str | Parameters_Name_str | Â | str | Â |
Parameters_Value_str | Parameters_Value_str | Â | str | Â |
ImportType | ImportType | Â | str | Â |
ImportId | ImportId | Â | str | Â |
PolicyId | PolicyId | Â | str | Â |
ItemName | ItemName | Â | str | Â |
Datasets_DatasetId_str | Datasets_DatasetId_str | Â | str | Â |
Datasets_DatasetName_str | Datasets_DatasetName_str | Â | str | Â |
ImplicitShare | ImplicitShare | Â | str | Â |
ImportDisplayName | ImportDisplayName | Â | str | Â |
ItemType | ItemType | Â | str | Â |
WorkSpaceName | WorkSpaceName | Â | str | Â |
DestFolder_Path | DestFolder_Path | Â | str | Â |
DestFolder_Id | DestFolder_Id | Â | str | Â |
UniqueSharingId | UniqueSharingId | Â | str | Â |
TargetUserOrGroupName | TargetUserOrGroupName | Â | str | Â |
FlowConnectorNames | FlowConnectorNames | Â | str | Â |
FileSyncBytesCommitted | FileSyncBytesCommitted | Â | str | Â |
CorrelationId | CorrelationId | Â | str | Â |
Members_DisplayName_str | Members_DisplayName_str | Â | str | Â |
Members_UPN_str | Members_UPN_str | Â | str | Â |
Members_Role_str | Members_Role_str | Â | str | Â |
AddOnGuid | AddOnGuid | Â | str | Â |
DashboardName | DashboardName | Â | str | Â |
IsSuccess | IsSuccess | Â | bool | Â |
AlertId | AlertId | Â | str | Â |
ListTitle | ListTitle | Â | str | Â |
ReportType | ReportType | Â | str | Â |
AffectedWorkloadNames | AffectedWorkloadNames | Â | str | Â |
FlowDetailsUrl | FlowDetailsUrl | Â | str | Â |
TargetYammerUserId | TargetYammerUserId | Â | int8 | Â |
ImpactDescription | ImpactDescription | Â | str | Â |
BrowserName | BrowserName | Â | str | Â |
OperationProperties_Value_str | OperationProperties_Value_str | Â | str | Â |
OperationProperties_Name_str | OperationProperties_Name_str | Â | str | Â |
ReportId | ReportId | Â | str | Â |
DestMailboxOwnerSid | DestMailboxOwnerSid | Â | str | Â |
DestMailboxOwnerMasterAccountSid | DestMailboxOwnerMasterAccountSid | Â | str | Â |
AffectedUserCount | AffectedUserCount | Â | int4 | Â |
Category | Category | Â | str | Â |
MachineDomainInfo | MachineDomainInfo | Â | str | Â |
ListBaseType | ListBaseType | Â | str | Â |
DestMailboxId | DestMailboxId | Â | str | Â |
TabType | TabType | Â | str | Â |
Activity | Activity | Â | str | Â |
DestinationFileExtension | DestinationFileExtension | Â | str | Â |
UserUPN | UserUPN | Â | str | Â |
ListId | ListId | Â | str | Â |
SourceRelativeUrl | SourceRelativeUrl | Â | str | Â |
UserTypeInitiated | UserTypeInitiated | Â | int4 | Â |
EndTime | EndTime | Â | str | Â |
SendAsUserMailboxGuid | SendAsUserMailboxGuid | Â | str | Â |
ActionType | ActionType | Â | str | Â |
SourceFileExtension | SourceFileExtension | Â | str | Â |
DashboardId | DashboardId | Â | str | Â |
ClientApplicationId | ClientApplicationId | Â | str | Â |
DestMailboxOwnerUPN | DestMailboxOwnerUPN | Â | str | Â |
MailboxOwnerMasterAccountSid | MailboxOwnerMasterAccountSid | Â | str | Â |
SensitiveInfoDetectionIsIncluded | SensitiveInfoDetectionIsIncluded | Â | bool | Â |
Schedules_RefreshFrequency | Schedules_RefreshFrequency | Â | str | Â |
Schedules_Days_str | Schedules_Days_str | Â | str | Â |
Schedules_Time_str | Schedules_Time_str | Â | str | Â |
Schedules_TimeZone | Schedules_TimeZone | Â | str | Â |
TeamName | TeamName | Â | str | Â |
WorkspaceId | WorkspaceId | Â | str | Â |
DataflowType | DataflowType | Â | str | Â |
SourceFileName | SourceFileName | Â | str | Â |
FeatureDisplayName | FeatureDisplayName | Â | str | Â |
EntityPath | EntityPath | Â | str | Â |
TeamGuid | TeamGuid | Â | str | Â |
ResourceTitle | ResourceTitle | Â | str | Â |
Classification | Classification | Â | str | Â |
ListBaseTemplateType | ListBaseTemplateType | Â | str | Â |
DestinationFileName | DestinationFileName | Â | str | Â |
AffectedTenantCount | AffectedTenantCount | Â | int8 | Â |
DatasetName | DatasetName | Â | str | Â |
LicenseDisplayName | LicenseDisplayName | Â | str | Â |
Feature | Feature | Â | str | Â |
StartTime | StartTime | Â | str | Â |
TargetUserOrGroupType | TargetUserOrGroupType | Â | str | Â |
DataConnectivityMode | DataConnectivityMode | Â | str | Â |
LastUpdatedTime | LastUpdatedTime | Â | str | Â |
ReportName | ReportName | Â | str | Â |
EntityType | EntityType | Â | str | Â |
OperationDetails | OperationDetails | Â | str | Â |
UserAgent | UserAgent | Â | str | Â |
AlertType | AlertType | Â | str | Â |
Name | Name | Â | str | Â |
CmdletVersion | CmdletVersion | Â | str | Â |
ImportSource | ImportSource | Â | str | Â |
SkypeForBusinessEventType | SkypeForBusinessEventType | Â | int4 | Â |
AddOnType | AddOnType | Â | int4 | Â |
DoNotDistributeEvent | DoNotDistributeEvent | Â | bool | Â |
ChannelName | ChannelName | Â | str | Â |
ListItemUniqueId | ListItemUniqueId | Â | str | Â |
ObjectId | ObjectId | Â | str | Â |
AttachmentData | AttachmentData | Â | json | Â |
DeliveryAction | DeliveryAction | Â | str | Â |
DetectionMethod | DetectionMethod | Â | str | Â |
DetectionType | DetectionType | Â | str | Â |
Directionality | Directionality | Â | str | Â |
EventDeepLink | EventDeepLink | Â | str | Â |
InternetMessageId | InternetMessageId | Â | str | Â |
LatestDeliveryLocation | LatestDeliveryLocation | Â | str | Â |
MessageTime | MessageTime | Â | str | Â |
NetworkMessageId | NetworkMessageId | Â | str | Â |
OriginalDeliveryLocation | OriginalDeliveryLocation | Â | str | Â |
P1Sender | P1Sender | Â | str | Â |
P2Sender | P2Sender | Â | str | Â |
Policy | Policy | Â | str | Â |
PolicyAction | PolicyAction | Â | str | Â |
Recipients | Recipients | Â | str | Â |
SenderIp | SenderIp | Â | str | Â |
Subject | Subject | Â | str | Â |
ThreatsAndDetectionTech | ThreatsAndDetectionTech | Â | str | Â |
Verdict | Verdict | Â | str | Â |
SourceLocationType | SourceLocationType | Â | int4 | Â |
Platform | Platform | Â | int4 | Â |
Application | Application | Â | str | Â |
FileExtension | FileExtension | Â | str | Â |
DeviceName | DeviceName | Â | str | Â |
MDATPDeviceId | MDATPDeviceId | Â | str | Â |
FileSize | FileSize | Â | int4 | Â |
FileType | FileType | Â | str | Â |
Hidden | Hidden | Â | bool | Â |
Actions | Actions | Â | json | Â |
AlertLinks | AlertLinks | Â | json | Â |
Data | Data | Â | json | Â |
DeepLinkUrl | DeepLinkUrl | Â | str | Â |
EndTimeUtc | EndTimeUtc | Â | timestamp | Â |
InvestigationId | InvestigationId | Â | str | Â |
InvestigationName | InvestigationName | Â | str | Â |
InvestigationType | InvestigationType | Â | str | Â |
LastUpdateTimeUtc | LastUpdateTimeUtc | Â | timestamp | Â |
StartTimeUtc | StartTimeUtc | Â | timestamp | Â |
Source | Source | Â | str | Â |
message | message | Â | str | Â |
hostchain | hostchain |  | str | ✓ |
tag | tag |  | str | ✓ |
rawSource | rawSource |  | str | ✓ |
rawTagged | rawTagged | Â | str | Â |
rawMessage | rawMessage | Â | str | Â |
cloud.office365.management.rdl
Field in | Field in source table | Field transformation | Data type | Extra Field |
---|---|---|---|---|
eventdate | eventdate | Â | timestamp | Â |
hostname | hostname | Â | str | Â |
type | - | "rdl" | str | Â |
Id | Id | Â | str | Â |
Workload | Workload | Â | str | Â |
StatusTime | StatusTime | Â | str | Â |
FeatureStatus | FeatureStatus | Â | str | Â |
Status | Status | Â | str | Â |
StatusDisplayName | StatusDisplayName | Â | str | Â |
IncidentIds | IncidentIds | Â | str | Â |
WorkloadDisplayName | WorkloadDisplayName | Â | str | Â |
UserType | UserType | Â | int4 | Â |
timestamp | timestamp | Â | timestamp | Â |
Operation | Operation | Â | str | Â |
Version | Version | Â | int4 | Â |
LogonType | LogonType | Â | int4 | Â |
MailboxOwnerSid | MailboxOwnerSid | Â | str | Â |
ExternalAccess | ExternalAccess | Â | bool | Â |
OrganizationName | OrganizationName | Â | str | Â |
SessionId | SessionId | Â | str | Â |
ClientAddress | ClientAddress | Â | str | Â |
ClientIPAddress | ClientIPAddress | Â | str | Â |
ClientProcessName | ClientProcessName | Â | str | Â |
ResultStatus | ResultStatus | Â | str | Â |
UserId | UserId | Â | str | Â |
LogonUserSid | LogonUserSid | Â | str | Â |
InternalLogonType | InternalLogonType | Â | int4 | Â |
OriginatingServer | OriginatingServer | Â | str | Â |
UserKey | UserKey | Â | str | Â |
MailboxGuid | MailboxGuid | Â | str | Â |
OrganizationId | OrganizationId | Â | str | Â |
RecordType | RecordType | Â | int4 | Â |
ClientInfoString | ClientInfoString | Â | str | Â |
MailboxOwnerUPN | MailboxOwnerUPN | Â | str | Â |
CrossMailboxOperation | CrossMailboxOperation | Â | bool | Â |
AffectedItems | AffectedItems | Â | str | Â |
Folder_Id | Folder_Id | Â | str | Â |
Folder_Path | Folder_Path | Â | str | Â |
FoldersItemsStr | FoldersItemsStr | Â | str | Â |
ForwardTo | ForwardTo | Â | str | Â |
Parameters_Raw | Parameters_Raw | Â | str | Â |
Item_Subject | Item_Subject | Â | str | Â |
Item_Attachments | Item_Attachments | Â | str | Â |
Item_ParentFolder_Id | Item_ParentFolder_Id | Â | str | Â |
Item_ParentFolder_Path | Item_ParentFolder_Path | Â | str | Â |
ModifiedProperties | ModifiedProperties | Â | str | Â |
SendOnBehalfOfUserSmtp | SendOnBehalfOfUserSmtp | Â | str | Â |
SendAsUserSmtp | SendAsUserSmtp | Â | str | Â |
PolicyDetails | PolicyDetails | Â | str | Â |
PolicyDetails_PolicyName_str | PolicyDetails_PolicyName_str | Â | str | Â |
PolicyDetails_PolicyId_str | PolicyDetails_PolicyId_str | Â | str | Â |
PolicyDetails_location_str | PolicyDetails_location_str | Â | str | Â |
PolicyDetails_RuleMode_str | PolicyDetails_RuleMode_str | Â | str | Â |
PolicyDetails_RuleName_str | PolicyDetails_RuleName_str | Â | str | Â |
PolicyDetails_RuleId_str | PolicyDetails_RuleId_str | Â | str | Â |
PolicyDetails_Severity_str | PolicyDetails_Severity_str | Â | str | Â |
PolicyDetails_ManagementRuleId_str | PolicyDetails_ManagementRuleId_str | Â | str | Â |
Unique_PolicyDetails_location_str | Unique_PolicyDetails_location_str | Â | str | Â |
PolicyDetails_confidence_str | PolicyDetails_confidence_str | Â | str | Â |
PolicyDetails_count_str | PolicyDetails_count_str | Â | str | Â |
PolicyDetails_sensitiveType_str | PolicyDetails_sensitiveType_str | Â | str | Â |
PolicyDetails_uniqueCount_str | PolicyDetails_uniqueCount_str | Â | str | Â |
PolicyDetails_ConditionsMatched_Name_str | PolicyDetails_ConditionsMatched_Name_str | Â | str | Â |
PolicyDetails_ConditionsMatched_Value_str | PolicyDetails_ConditionsMatched_Value_str | Â | str | Â |
PolicyDetails_ConditionMatchedInNewScheme_str | PolicyDetails_ConditionMatchedInNewScheme_str | Â | str | Â |
ExchangeMetaData_BCC | ExchangeMetaData_BCC | Â | str | Â |
ExchangeMetaData_MessageID | ExchangeMetaData_MessageID | Â | str | Â |
ExchangeMetaData_From | ExchangeMetaData_From | Â | str | Â |
ExchangeMetaData_CC | ExchangeMetaData_CC | Â | str | Â |
ExchangeMetaData_Sent | ExchangeMetaData_Sent | Â | str | Â |
ExchangeMetaData_Subject | ExchangeMetaData_Subject | Â | str | Â |
ExchangeMetaData_RecipientCount | ExchangeMetaData_RecipientCount | Â | int4 | Â |
ExchangeMetaData_To | ExchangeMetaData_To | Â | str | Â |
InterSystemsId | InterSystemsId | Â | str | Â |
TargetUserId | TargetUserId | Â | str | Â |
Actor_ID_str | Actor_ID_str | Â | str | Â |
Actor_Type_str | Actor_Type_str | Â | str | Â |
ActorContextId | ActorContextId | Â | str | Â |
YammerNetworkId | YammerNetworkId | Â | int4 | Â |
ActorUserId | ActorUserId | Â | str | Â |
ActorIpAddress | ActorIpAddress | Â | str | Â |
Client | Client | Â | str | Â |
ClientIP | ClientIP | Â | str | Â |
LogonError | LogonError | Â | str | Â |
ApplicationId | ApplicationId | Â | str | Â |
Target_ID_str | Target_ID_str | Â | str | Â |
Target_Type_str | Target_Type_str | Â | str | Â |
IntraSystemId | IntraSystemId | Â | str | Â |
ExtendedProperties_Name_str | ExtendedProperties_Name_str | Â | str | Â |
ExtendedProperties_Value_str | ExtendedProperties_Value_str | Â | str | Â |
ActorYammerUserId | ActorYammerUserId | Â | int8 | Â |
FileName | FileName | Â | str | Â |
TargetContextId | TargetContextId | Â | str | Â |
AzureActiveDirectoryEventType | AzureActiveDirectoryEventType | Â | int4 | Â |
VersionId | VersionId | Â | int8 | Â |
FileId | FileId | Â | int8 | Â |
PostIncidentDocumentUrl | PostIncidentDocumentUrl | Â | str | Â |
Severity | Severity | Â | str | Â |
Title | Title | Â | str | Â |
Comments | Comments | Â | str | Â |
AffectedWorkloadDisplayNames | AffectedWorkloadDisplayNames | Â | str | Â |
AlertEntityId | AlertEntityId | Â | str | Â |
Messages_MessageText_str | Messages_MessageText_str | Â | str | Â |
Messages_PublishedTime_str | Messages_PublishedTime_str | Â | str | Â |
ChannelGuid | ChannelGuid | Â | str | Â |
LogonUserDisplayName | LogonUserDisplayName | Â | str | Â |
RecipientUPN | RecipientUPN | Â | str | Â |
ApplicationDisplayName | ApplicationDisplayName | Â | str | Â |
MessageType | MessageType | Â | str | Â |
EventSource | EventSource | Â | str | Â |
DestinationRelativeUrl | DestinationRelativeUrl | Â | str | Â |
MachineId | MachineId | Â | str | Â |
WebId | WebId | Â | str | Â |
SendOnBehalfOfUserMailboxGuid | SendOnBehalfOfUserMailboxGuid | Â | str | Â |
ExtraProperties_Key_str | ExtraProperties_Key_str | Â | str | Â |
ExtraProperties_Value_str | ExtraProperties_Value_str | Â | str | Â |
SharingPermission | SharingPermission | Â | int4 | Â |
ObjectName | ObjectName | Â | str | Â |
SharingType | SharingType | Â | str | Â |
DataflowRefreshScheduleType | DataflowRefreshScheduleType | Â | str | Â |
TenantName | TenantName | Â | str | Â |
CustomUniqueId | CustomUniqueId | Â | bool | Â |
DatasetId | DatasetId | Â | str | Â |
SiteUrl | SiteUrl | Â | str | Â |
Parameters_Name_str | Parameters_Name_str | Â | str | Â |
Parameters_Value_str | Parameters_Value_str | Â | str | Â |
ImportType | ImportType | Â | str | Â |
ImportId | ImportId | Â | str | Â |
PolicyId | PolicyId | Â | str | Â |
ItemName | ItemName | Â | str | Â |
Datasets_DatasetId_str | Datasets_DatasetId_str | Â | str | Â |
Datasets_DatasetName_str | Datasets_DatasetName_str | Â | str | Â |
ImplicitShare | ImplicitShare | Â | str | Â |
ImportDisplayName | ImportDisplayName | Â | str | Â |
ItemType | ItemType | Â | str | Â |
WorkSpaceName | WorkSpaceName | Â | str | Â |
DestFolder_Path | DestFolder_Path | Â | str | Â |
DestFolder_Id | DestFolder_Id | Â | str | Â |
UniqueSharingId | UniqueSharingId | Â | str | Â |
TargetUserOrGroupName | TargetUserOrGroupName | Â | str | Â |
FlowConnectorNames | FlowConnectorNames | Â | str | Â |
FileSyncBytesCommitted | FileSyncBytesCommitted | Â | str | Â |
CorrelationId | CorrelationId | Â | str | Â |
Members_DisplayName_str | Members_DisplayName_str | Â | str | Â |
Members_UPN_str | Members_UPN_str | Â | str | Â |
Members_Role_str | Members_Role_str | Â | str | Â |
AddOnGuid | AddOnGuid | Â | str | Â |
DashboardName | DashboardName | Â | str | Â |
IsSuccess | IsSuccess | Â | bool | Â |
AlertId | AlertId | Â | str | Â |
ListTitle | ListTitle | Â | str | Â |
ReportType | ReportType | Â | str | Â |
AffectedWorkloadNames | AffectedWorkloadNames | Â | str | Â |
FlowDetailsUrl | FlowDetailsUrl | Â | str | Â |
TargetYammerUserId | TargetYammerUserId | Â | int8 | Â |
ImpactDescription | ImpactDescription | Â | str | Â |
BrowserName | BrowserName | Â | str | Â |
OperationProperties_Value_str | OperationProperties_Value_str | Â | str | Â |
OperationProperties_Name_str | OperationProperties_Name_str | Â | str | Â |
ReportId | ReportId | Â | str | Â |
DestMailboxOwnerSid | DestMailboxOwnerSid | Â | str | Â |
DestMailboxOwnerMasterAccountSid | DestMailboxOwnerMasterAccountSid | Â | str | Â |
AffectedUserCount | AffectedUserCount | Â | int4 | Â |
Category | Category | Â | str | Â |
MachineDomainInfo | MachineDomainInfo | Â | str | Â |
ListBaseType | ListBaseType | Â | str | Â |
DestMailboxId | DestMailboxId | Â | str | Â |
TabType | TabType | Â | str | Â |
Activity | Activity | Â | str | Â |
DestinationFileExtension | DestinationFileExtension | Â | str | Â |
UserUPN | UserUPN | Â | str | Â |
ListId | ListId | Â | str | Â |
SourceRelativeUrl | SourceRelativeUrl | Â | str | Â |
UserTypeInitiated | UserTypeInitiated | Â | int4 | Â |
EndTime | EndTime | Â | str | Â |
SendAsUserMailboxGuid | SendAsUserMailboxGuid | Â | str | Â |
ActionType | ActionType | Â | str | Â |
SourceFileExtension | SourceFileExtension | Â | str | Â |
DashboardId | DashboardId | Â | str | Â |
ClientApplicationId | ClientApplicationId | Â | str | Â |
DestMailboxOwnerUPN | DestMailboxOwnerUPN | Â | str | Â |
MailboxOwnerMasterAccountSid | MailboxOwnerMasterAccountSid | Â | str | Â |
SensitiveInfoDetectionIsIncluded | SensitiveInfoDetectionIsIncluded | Â | bool | Â |
Schedules_RefreshFrequency | Schedules_RefreshFrequency | Â | str | Â |
Schedules_Days_str | Schedules_Days_str | Â | str | Â |
Schedules_Time_str | Schedules_Time_str | Â | str | Â |
Schedules_TimeZone | Schedules_TimeZone | Â | str | Â |
TeamName | TeamName | Â | str | Â |
WorkspaceId | WorkspaceId | Â | str | Â |
DataflowType | DataflowType | Â | str | Â |
SourceFileName | SourceFileName | Â | str | Â |
FeatureDisplayName | FeatureDisplayName | Â | str | Â |
EntityPath | EntityPath | Â | str | Â |
TeamGuid | TeamGuid | Â | str | Â |
ResourceTitle | ResourceTitle | Â | str | Â |
Classification | Classification | Â | str | Â |
ListBaseTemplateType | ListBaseTemplateType | Â | str | Â |
DestinationFileName | DestinationFileName | Â | str | Â |
AffectedTenantCount | AffectedTenantCount | Â | int8 | Â |
DatasetName | DatasetName | Â | str | Â |
LicenseDisplayName | LicenseDisplayName | Â | str | Â |
Feature | Feature | Â | str | Â |
StartTime | StartTime | Â | str | Â |
TargetUserOrGroupType | TargetUserOrGroupType | Â | str | Â |
DataConnectivityMode | DataConnectivityMode | Â | str | Â |
LastUpdatedTime | LastUpdatedTime | Â | str | Â |
ReportName | ReportName | Â | str | Â |
EntityType | EntityType | Â | str | Â |
OperationDetails | OperationDetails | Â | str | Â |
UserAgent | UserAgent | Â | str | Â |
AlertType | AlertType | Â | str | Â |
Name | Name | Â | str | Â |
CmdletVersion | CmdletVersion | Â | str | Â |
ImportSource | ImportSource | Â | str | Â |
SkypeForBusinessEventType | SkypeForBusinessEventType | Â | int4 | Â |
AddOnType | AddOnType | Â | int4 | Â |
DoNotDistributeEvent | DoNotDistributeEvent | Â | bool | Â |
ChannelName | ChannelName | Â | str | Â |
ListItemUniqueId | ListItemUniqueId | Â | str | Â |
ObjectId | ObjectId | Â | str | Â |
AttachmentData | AttachmentData | Â | json | Â |
DeliveryAction | DeliveryAction | Â | str | Â |
DetectionMethod | DetectionMethod | Â | str | Â |
DetectionType | DetectionType | Â | str | Â |
Directionality | Directionality | Â | str | Â |
EventDeepLink | EventDeepLink | Â | str | Â |
InternetMessageId | InternetMessageId | Â | str | Â |
LatestDeliveryLocation | LatestDeliveryLocation | Â | str | Â |
MessageTime | MessageTime | Â | str | Â |
NetworkMessageId | NetworkMessageId | Â | str | Â |
OriginalDeliveryLocation | OriginalDeliveryLocation | Â | str | Â |
P1Sender | P1Sender | Â | str | Â |
P2Sender | P2Sender | Â | str | Â |
Policy | Policy | Â | str | Â |
PolicyAction | PolicyAction | Â | str | Â |
Recipients | Recipients | Â | str | Â |
SenderIp | SenderIp | Â | str | Â |
Subject | Subject | Â | str | Â |
ThreatsAndDetectionTech | ThreatsAndDetectionTech | Â | str | Â |
Verdict | Verdict | Â | str | Â |
SourceLocationType | SourceLocationType | Â | int4 | Â |
Platform | Platform | Â | int4 | Â |
Application | Application | Â | str | Â |
FileExtension | FileExtension | Â | str | Â |
DeviceName | DeviceName | Â | str | Â |
MDATPDeviceId | MDATPDeviceId | Â | str | Â |
FileSize | FileSize | Â | int4 | Â |
FileType | FileType | Â | str | Â |
Hidden | Hidden | Â | bool | Â |
Actions | Actions | Â | json | Â |
AlertLinks | AlertLinks | Â | json | Â |
Data | Data | Â | json | Â |
DeepLinkUrl | DeepLinkUrl | Â | str | Â |
EndTimeUtc | EndTimeUtc | Â | timestamp | Â |
InvestigationId | InvestigationId | Â | str | Â |
InvestigationName | InvestigationName | Â | str | Â |
InvestigationType | InvestigationType | Â | str | Â |
LastUpdateTimeUtc | LastUpdateTimeUtc | Â | timestamp | Â |
StartTimeUtc | StartTimeUtc | Â | timestamp | Â |
Source | Source | Â | str | Â |
message | message | Â | str | Â |
hostchain | hostchain |  | str | ✓ |
tag | tag |  | str | ✓ |
rawSource | rawSource |  | str | ✓ |
rawTagged | rawTagged | Â | str | Â |
rawMessage | rawMessage | Â | str | Â |
cloud.office365.management.se
Field in | Field in source table | Field transformation | Data type | Extra Field |
---|---|---|---|---|
eventdate | eventdate | Â | timestamp | Â |
hostname | hostname | Â | str | Â |
type | - | "se" | str | Â |
Id | Id | Â | str | Â |
Workload | Workload | Â | str | Â |
StatusTime | StatusTime | Â | str | Â |
FeatureStatus | FeatureStatus | Â | str | Â |
Status | Status | Â | str | Â |
StatusDisplayName | StatusDisplayName | Â | str | Â |
IncidentIds | IncidentIds | Â | str | Â |
WorkloadDisplayName | WorkloadDisplayName | Â | str | Â |
UserType | UserType | Â | int4 | Â |
timestamp | timestamp | Â | timestamp | Â |
Operation | Operation | Â | str | Â |
Version | Version | Â | int4 | Â |
LogonType | LogonType | Â | int4 | Â |
MailboxOwnerSid | MailboxOwnerSid | Â | str | Â |
ExternalAccess | ExternalAccess | Â | bool | Â |
OrganizationName | OrganizationName | Â | str | Â |
SessionId | SessionId | Â | str | Â |
ClientAddress | ClientAddress | Â | str | Â |
ClientIPAddress | ClientIPAddress | Â | str | Â |
ClientProcessName | ClientProcessName | Â | str | Â |
ResultStatus | ResultStatus | Â | str | Â |
UserId | UserId | Â | str | Â |
LogonUserSid | LogonUserSid | Â | str | Â |
InternalLogonType | InternalLogonType | Â | int4 | Â |
OriginatingServer | OriginatingServer | Â | str | Â |
UserKey | UserKey | Â | str | Â |
MailboxGuid | MailboxGuid | Â | str | Â |
OrganizationId | OrganizationId | Â | str | Â |
RecordType | RecordType | Â | int4 | Â |
ClientInfoString | ClientInfoString | Â | str | Â |
MailboxOwnerUPN | MailboxOwnerUPN | Â | str | Â |
CrossMailboxOperation | CrossMailboxOperation | Â | bool | Â |
AffectedItems | AffectedItems | Â | str | Â |
Folder_Id | Folder_Id | Â | str | Â |
Folder_Path | Folder_Path | Â | str | Â |
FoldersItemsStr | FoldersItemsStr | Â | str | Â |
ForwardTo | ForwardTo | Â | str | Â |
Parameters_Raw | Parameters_Raw | Â | str | Â |
Item_Subject | Item_Subject | Â | str | Â |
Item_Attachments | Item_Attachments | Â | str | Â |
Item_ParentFolder_Id | Item_ParentFolder_Id | Â | str | Â |
Item_ParentFolder_Path | Item_ParentFolder_Path | Â | str | Â |
ModifiedProperties | ModifiedProperties | Â | str | Â |
SendOnBehalfOfUserSmtp | SendOnBehalfOfUserSmtp | Â | str | Â |
SendAsUserSmtp | SendAsUserSmtp | Â | str | Â |
PolicyDetails | PolicyDetails | Â | str | Â |
PolicyDetails_PolicyName_str | PolicyDetails_PolicyName_str | Â | str | Â |
PolicyDetails_PolicyId_str | PolicyDetails_PolicyId_str | Â | str | Â |
PolicyDetails_location_str | PolicyDetails_location_str | Â | str | Â |
PolicyDetails_RuleMode_str | PolicyDetails_RuleMode_str | Â | str | Â |
PolicyDetails_RuleName_str | PolicyDetails_RuleName_str | Â | str | Â |
PolicyDetails_RuleId_str | PolicyDetails_RuleId_str | Â | str | Â |
PolicyDetails_Severity_str | PolicyDetails_Severity_str | Â | str | Â |
PolicyDetails_ManagementRuleId_str | PolicyDetails_ManagementRuleId_str | Â | str | Â |
Unique_PolicyDetails_location_str | Unique_PolicyDetails_location_str | Â | str | Â |
PolicyDetails_confidence_str | PolicyDetails_confidence_str | Â | str | Â |
PolicyDetails_count_str | PolicyDetails_count_str | Â | str | Â |
PolicyDetails_sensitiveType_str | PolicyDetails_sensitiveType_str | Â | str | Â |
PolicyDetails_uniqueCount_str | PolicyDetails_uniqueCount_str | Â | str | Â |
PolicyDetails_ConditionsMatched_Name_str | PolicyDetails_ConditionsMatched_Name_str | Â | str | Â |
PolicyDetails_ConditionsMatched_Value_str | PolicyDetails_ConditionsMatched_Value_str | Â | str | Â |
PolicyDetails_ConditionMatchedInNewScheme_str | PolicyDetails_ConditionMatchedInNewScheme_str | Â | str | Â |
ExchangeMetaData_BCC | ExchangeMetaData_BCC | Â | str | Â |
ExchangeMetaData_MessageID | ExchangeMetaData_MessageID | Â | str | Â |
ExchangeMetaData_From | ExchangeMetaData_From | Â | str | Â |
ExchangeMetaData_CC | ExchangeMetaData_CC | Â | str | Â |
ExchangeMetaData_Sent | ExchangeMetaData_Sent | Â | str | Â |
ExchangeMetaData_Subject | ExchangeMetaData_Subject | Â | str | Â |
ExchangeMetaData_RecipientCount | ExchangeMetaData_RecipientCount | Â | int4 | Â |
ExchangeMetaData_To | ExchangeMetaData_To | Â | str | Â |
InterSystemsId | InterSystemsId | Â | str | Â |
TargetUserId | TargetUserId | Â | str | Â |
Actor_ID_str | Actor_ID_str | Â | str | Â |
Actor_Type_str | Actor_Type_str | Â | str | Â |
ActorContextId | ActorContextId | Â | str | Â |
YammerNetworkId | YammerNetworkId | Â | int4 | Â |
ActorUserId | ActorUserId | Â | str | Â |
ActorIpAddress | ActorIpAddress | Â | str | Â |
Client | Client | Â | str | Â |
ClientIP | ClientIP | Â | str | Â |
LogonError | LogonError | Â | str | Â |
ApplicationId | ApplicationId | Â | str | Â |
Target_ID_str | Target_ID_str | Â | str | Â |
Target_Type_str | Target_Type_str | Â | str | Â |
IntraSystemId | IntraSystemId | Â | str | Â |
ExtendedProperties_Name_str | ExtendedProperties_Name_str | Â | str | Â |
ExtendedProperties_Value_str | ExtendedProperties_Value_str | Â | str | Â |
ActorYammerUserId | ActorYammerUserId | Â | int8 | Â |
FileName | FileName | Â | str | Â |
TargetContextId | TargetContextId | Â | str | Â |
AzureActiveDirectoryEventType | AzureActiveDirectoryEventType | Â | int4 | Â |
VersionId | VersionId | Â | int8 | Â |
FileId | FileId | Â | int8 | Â |
PostIncidentDocumentUrl | PostIncidentDocumentUrl | Â | str | Â |
Severity | Severity | Â | str | Â |
Title | Title | Â | str | Â |
Comments | Comments | Â | str | Â |
AffectedWorkloadDisplayNames | AffectedWorkloadDisplayNames | Â | str | Â |
AlertEntityId | AlertEntityId | Â | str | Â |
Messages_MessageText_str | Messages_MessageText_str | Â | str | Â |
Messages_PublishedTime_str | Messages_PublishedTime_str | Â | str | Â |
ChannelGuid | ChannelGuid | Â | str | Â |
LogonUserDisplayName | LogonUserDisplayName | Â | str | Â |
RecipientUPN | RecipientUPN | Â | str | Â |
ApplicationDisplayName | ApplicationDisplayName | Â | str | Â |
MessageType | MessageType | Â | str | Â |
EventSource | EventSource | Â | str | Â |
DestinationRelativeUrl | DestinationRelativeUrl | Â | str | Â |
MachineId | MachineId | Â | str | Â |
WebId | WebId | Â | str | Â |
SendOnBehalfOfUserMailboxGuid | SendOnBehalfOfUserMailboxGuid | Â | str | Â |
ExtraProperties_Key_str | ExtraProperties_Key_str | Â | str | Â |
ExtraProperties_Value_str | ExtraProperties_Value_str | Â | str | Â |
SharingPermission | SharingPermission | Â | int4 | Â |
ObjectName | ObjectName | Â | str | Â |
SharingType | SharingType | Â | str | Â |
DataflowRefreshScheduleType | DataflowRefreshScheduleType | Â | str | Â |
TenantName | TenantName | Â | str | Â |
CustomUniqueId | CustomUniqueId | Â | bool | Â |
DatasetId | DatasetId | Â | str | Â |
SiteUrl | SiteUrl | Â | str | Â |
Parameters_Name_str | Parameters_Name_str | Â | str | Â |
Parameters_Value_str | Parameters_Value_str | Â | str | Â |
ImportType | ImportType | Â | str | Â |
ImportId | ImportId | Â | str | Â |
PolicyId | PolicyId | Â | str | Â |
ItemName | ItemName | Â | str | Â |
Datasets_DatasetId_str | Datasets_DatasetId_str | Â | str | Â |
Datasets_DatasetName_str | Datasets_DatasetName_str | Â | str | Â |
ImplicitShare | ImplicitShare | Â | str | Â |
ImportDisplayName | ImportDisplayName | Â | str | Â |
ItemType | ItemType | Â | str | Â |
WorkSpaceName | WorkSpaceName | Â | str | Â |
DestFolder_Path | DestFolder_Path | Â | str | Â |
DestFolder_Id | DestFolder_Id | Â | str | Â |
UniqueSharingId | UniqueSharingId | Â | str | Â |
TargetUserOrGroupName | TargetUserOrGroupName | Â | str | Â |
FlowConnectorNames | FlowConnectorNames | Â | str | Â |
FileSyncBytesCommitted | FileSyncBytesCommitted | Â | str | Â |
CorrelationId | CorrelationId | Â | str | Â |
Members_DisplayName_str | Members_DisplayName_str | Â | str | Â |
Members_UPN_str | Members_UPN_str | Â | str | Â |
Members_Role_str | Members_Role_str | Â | str | Â |
AddOnGuid | AddOnGuid | Â | str | Â |
DashboardName | DashboardName | Â | str | Â |
IsSuccess | IsSuccess | Â | bool | Â |
AlertId | AlertId | Â | str | Â |
ListTitle | ListTitle | Â | str | Â |
ReportType | ReportType | Â | str | Â |
AffectedWorkloadNames | AffectedWorkloadNames | Â | str | Â |
FlowDetailsUrl | FlowDetailsUrl | Â | str | Â |
TargetYammerUserId | TargetYammerUserId | Â | int8 | Â |
ImpactDescription | ImpactDescription | Â | str | Â |
BrowserName | BrowserName | Â | str | Â |
OperationProperties_Value_str | OperationProperties_Value_str | Â | str | Â |
OperationProperties_Name_str | OperationProperties_Name_str | Â | str | Â |
ReportId | ReportId | Â | str | Â |
DestMailboxOwnerSid | DestMailboxOwnerSid | Â | str | Â |
DestMailboxOwnerMasterAccountSid | DestMailboxOwnerMasterAccountSid | Â | str | Â |
AffectedUserCount | AffectedUserCount | Â | int4 | Â |
Category | Category | Â | str | Â |
MachineDomainInfo | MachineDomainInfo | Â | str | Â |
ListBaseType | ListBaseType | Â | str | Â |
DestMailboxId | DestMailboxId | Â | str | Â |
TabType | TabType | Â | str | Â |
Activity | Activity | Â | str | Â |
DestinationFileExtension | DestinationFileExtension | Â | str | Â |
UserUPN | UserUPN | Â | str | Â |
ListId | ListId | Â | str | Â |
SourceRelativeUrl | SourceRelativeUrl | Â | str | Â |
UserTypeInitiated | UserTypeInitiated | Â | int4 | Â |
EndTime | EndTime | Â | str | Â |
SendAsUserMailboxGuid | SendAsUserMailboxGuid | Â | str | Â |
ActionType | ActionType | Â | str | Â |
SourceFileExtension | SourceFileExtension | Â | str | Â |
DashboardId | DashboardId | Â | str | Â |
ClientApplicationId | ClientApplicationId | Â | str | Â |
DestMailboxOwnerUPN | DestMailboxOwnerUPN | Â | str | Â |
MailboxOwnerMasterAccountSid | MailboxOwnerMasterAccountSid | Â | str | Â |
SensitiveInfoDetectionIsIncluded | SensitiveInfoDetectionIsIncluded | Â | bool | Â |
Schedules_RefreshFrequency | Schedules_RefreshFrequency | Â | str | Â |
Schedules_Days_str | Schedules_Days_str | Â | str | Â |
Schedules_Time_str | Schedules_Time_str | Â | str | Â |
Schedules_TimeZone | Schedules_TimeZone | Â | str | Â |
TeamName | TeamName | Â | str | Â |
WorkspaceId | WorkspaceId | Â | str | Â |
DataflowType | DataflowType | Â | str | Â |
SourceFileName | SourceFileName | Â | str | Â |
FeatureDisplayName | FeatureDisplayName | Â | str | Â |
EntityPath | EntityPath | Â | str | Â |
TeamGuid | TeamGuid | Â | str | Â |
ResourceTitle | ResourceTitle | Â | str | Â |
Classification | Classification | Â | str | Â |
ListBaseTemplateType | ListBaseTemplateType | Â | str | Â |
DestinationFileName | DestinationFileName | Â | str | Â |
AffectedTenantCount | AffectedTenantCount | Â | int8 | Â |
DatasetName | DatasetName | Â | str | Â |
LicenseDisplayName | LicenseDisplayName | Â | str | Â |
Feature | Feature | Â | str | Â |
StartTime | StartTime | Â | str | Â |
TargetUserOrGroupType | TargetUserOrGroupType | Â | str | Â |
DataConnectivityMode | DataConnectivityMode | Â | str | Â |
LastUpdatedTime | LastUpdatedTime | Â | str | Â |
ReportName | ReportName | Â | str | Â |
EntityType | EntityType | Â | str | Â |
OperationDetails | OperationDetails | Â | str | Â |
UserAgent | UserAgent | Â | str | Â |
AlertType | AlertType | Â | str | Â |
Name | Name | Â | str | Â |
CmdletVersion | CmdletVersion | Â | str | Â |
ImportSource | ImportSource | Â | str | Â |
SkypeForBusinessEventType | SkypeForBusinessEventType | Â | int4 | Â |
AddOnType | AddOnType | Â | int4 | Â |
DoNotDistributeEvent | DoNotDistributeEvent | Â | bool | Â |
ChannelName | ChannelName | Â | str | Â |
ListItemUniqueId | ListItemUniqueId | Â | str | Â |
ObjectId | ObjectId | Â | str | Â |
AttachmentData | AttachmentData | Â | json | Â |
DeliveryAction | DeliveryAction | Â | str | Â |
DetectionMethod | DetectionMethod | Â | str | Â |
DetectionType | DetectionType | Â | str | Â |
Directionality | Directionality | Â | str | Â |
EventDeepLink | EventDeepLink | Â | str | Â |
InternetMessageId | InternetMessageId | Â | str | Â |
LatestDeliveryLocation | LatestDeliveryLocation | Â | str | Â |
MessageTime | MessageTime | Â | str | Â |
NetworkMessageId | NetworkMessageId | Â | str | Â |
OriginalDeliveryLocation | OriginalDeliveryLocation | Â | str | Â |
P1Sender | P1Sender | Â | str | Â |
P2Sender | P2Sender | Â | str | Â |
Policy | Policy | Â | str | Â |
PolicyAction | PolicyAction | Â | str | Â |
Recipients | Recipients | Â | str | Â |
SenderIp | SenderIp | Â | str | Â |
Subject | Subject | Â | str | Â |
ThreatsAndDetectionTech | ThreatsAndDetectionTech | Â | str | Â |
Verdict | Verdict | Â | str | Â |
SourceLocationType | SourceLocationType | Â | int4 | Â |
Platform | Platform | Â | int4 | Â |
Application | Application | Â | str | Â |
FileExtension | FileExtension | Â | str | Â |
DeviceName | DeviceName | Â | str | Â |
MDATPDeviceId | MDATPDeviceId | Â | str | Â |
FileSize | FileSize | Â | int4 | Â |
FileType | FileType | Â | str | Â |
Hidden | Hidden | Â | bool | Â |
Actions | Actions | Â | json | Â |
AlertLinks | AlertLinks | Â | json | Â |
Data | Data | Â | json | Â |
DeepLinkUrl | DeepLinkUrl | Â | str | Â |
EndTimeUtc | EndTimeUtc | Â | timestamp | Â |
InvestigationId | InvestigationId | Â | str | Â |
InvestigationName | InvestigationName | Â | str | Â |
InvestigationType | InvestigationType | Â | str | Â |
LastUpdateTimeUtc | LastUpdateTimeUtc | Â | timestamp | Â |
StartTimeUtc | StartTimeUtc | Â | timestamp | Â |
Source | Source | Â | str | Â |
message | message | Â | str | Â |
hostchain | hostchain |  | str | ✓ |
tag | tag |  | str | ✓ |
rawSource | rawSource |  | str | ✓ |
rawTagged | rawTagged | Â | str | Â |
rawMessage | rawMessage | Â | str | Â |
cloud.office365.management.workplaceanalytics
Field in | Field in source table | Field transformation | Data type | Extra Field |
---|---|---|---|---|
eventdate | eventdate | Â | timestamp | Â |
hostname | hostname | Â | str | Â |
type | - | str | Â | |
Id | Id | Â | str | Â |
Workload | Workload | Â | str | Â |
StatusTime | StatusTime | Â | str | Â |
FeatureStatus | FeatureStatus | Â | str | Â |
Status | Status | Â | str | Â |
StatusDisplayName | StatusDisplayName | Â | str | Â |
IncidentIds | IncidentIds | Â | str | Â |
WorkloadDisplayName | WorkloadDisplayName | Â | str | Â |
UserType | UserType | Â | int4 | Â |
timestamp | timestamp | Â | timestamp | Â |
Operation | Operation | Â | str | Â |
Version | Version | Â | int4 | Â |
LogonType | LogonType | Â | int4 | Â |
MailboxOwnerSid | MailboxOwnerSid | Â | str | Â |
ExternalAccess | ExternalAccess | Â | bool | Â |
OrganizationName | OrganizationName | Â | str | Â |
SessionId | SessionId | Â | str | Â |
ClientAddress | ClientAddress | Â | str | Â |
ClientIPAddress | ClientIPAddress | Â | str | Â |
ClientProcessName | ClientProcessName | Â | str | Â |
ResultStatus | ResultStatus | Â | str | Â |
UserId | UserId | Â | str | Â |
LogonUserSid | LogonUserSid | Â | str | Â |
InternalLogonType | InternalLogonType | Â | int4 | Â |
OriginatingServer | OriginatingServer | Â | str | Â |
UserKey | UserKey | Â | str | Â |
MailboxGuid | MailboxGuid | Â | str | Â |
OrganizationId | OrganizationId | Â | str | Â |
RecordType | RecordType | Â | int4 | Â |
ClientInfoString | ClientInfoString | Â | str | Â |
MailboxOwnerUPN | MailboxOwnerUPN | Â | str | Â |
CrossMailboxOperation | CrossMailboxOperation | Â | bool | Â |
AffectedItems | AffectedItems | Â | str | Â |
Folder_Id | Folder_Id | Â | str | Â |
Folder_Path | Folder_Path | Â | str | Â |
FoldersItemsStr | FoldersItemsStr | Â | str | Â |
ForwardTo | ForwardTo | Â | str | Â |
Parameters_Raw | Parameters_Raw | Â | str | Â |
Item_Subject | Item_Subject | Â | str | Â |
Item_Attachments | Item_Attachments | Â | str | Â |
Item_ParentFolder_Id | Item_ParentFolder_Id | Â | str | Â |
Item_ParentFolder_Path | Item_ParentFolder_Path | Â | str | Â |
ModifiedProperties | ModifiedProperties | Â | str | Â |
SendOnBehalfOfUserSmtp | SendOnBehalfOfUserSmtp | Â | str | Â |
SendAsUserSmtp | SendAsUserSmtp | Â | str | Â |
PolicyDetails | PolicyDetails | Â | str | Â |
PolicyDetails_PolicyName_str | PolicyDetails_PolicyName_str | Â | str | Â |
PolicyDetails_PolicyId_str | PolicyDetails_PolicyId_str | Â | str | Â |
PolicyDetails_location_str | PolicyDetails_location_str | Â | str | Â |
PolicyDetails_RuleMode_str | PolicyDetails_RuleMode_str | Â | str | Â |
PolicyDetails_RuleName_str | PolicyDetails_RuleName_str | Â | str | Â |
PolicyDetails_RuleId_str | PolicyDetails_RuleId_str | Â | str | Â |
PolicyDetails_Severity_str | PolicyDetails_Severity_str | Â | str | Â |
PolicyDetails_ManagementRuleId_str | PolicyDetails_ManagementRuleId_str | Â | str | Â |
Unique_PolicyDetails_location_str | Unique_PolicyDetails_location_str | Â | str | Â |
PolicyDetails_confidence_str | PolicyDetails_confidence_str | Â | str | Â |
PolicyDetails_count_str | PolicyDetails_count_str | Â | str | Â |
PolicyDetails_sensitiveType_str | PolicyDetails_sensitiveType_str | Â | str | Â |
PolicyDetails_uniqueCount_str | PolicyDetails_uniqueCount_str | Â | str | Â |
PolicyDetails_ConditionsMatched_Name_str | PolicyDetails_ConditionsMatched_Name_str | Â | str | Â |
PolicyDetails_ConditionsMatched_Value_str | PolicyDetails_ConditionsMatched_Value_str | Â | str | Â |
PolicyDetails_ConditionMatchedInNewScheme_str | PolicyDetails_ConditionMatchedInNewScheme_str | Â | str | Â |
ExchangeMetaData_BCC | ExchangeMetaData_BCC | Â | str | Â |
ExchangeMetaData_MessageID | ExchangeMetaData_MessageID | Â | str | Â |
ExchangeMetaData_From | ExchangeMetaData_From | Â | str | Â |
ExchangeMetaData_CC | ExchangeMetaData_CC | Â | str | Â |
ExchangeMetaData_Sent | ExchangeMetaData_Sent | Â | str | Â |
ExchangeMetaData_Subject | ExchangeMetaData_Subject | Â | str | Â |
ExchangeMetaData_RecipientCount | ExchangeMetaData_RecipientCount | Â | int4 | Â |
ExchangeMetaData_To | ExchangeMetaData_To | Â | str | Â |
InterSystemsId | InterSystemsId | Â | str | Â |
TargetUserId | TargetUserId | Â | str | Â |
Actor_ID_str | Actor_ID_str | Â | str | Â |
Actor_Type_str | Actor_Type_str | Â | str | Â |
ActorContextId | ActorContextId | Â | str | Â |
YammerNetworkId | YammerNetworkId | Â | int4 | Â |
ActorUserId | ActorUserId | Â | str | Â |
ActorIpAddress | ActorIpAddress | Â | str | Â |
Client | Client | Â | str | Â |
ClientIP | ClientIP | Â | str | Â |
LogonError | LogonError | Â | str | Â |
ApplicationId | ApplicationId | Â | str | Â |
Target_ID_str | Target_ID_str | Â | str | Â |
Target_Type_str | Target_Type_str | Â | str | Â |
IntraSystemId | IntraSystemId | Â | str | Â |
ExtendedProperties_Name_str | ExtendedProperties_Name_str | Â | str | Â |
ExtendedProperties_Value_str | ExtendedProperties_Value_str | Â | str | Â |
ActorYammerUserId | ActorYammerUserId | Â | int8 | Â |
FileName | FileName | Â | str | Â |
TargetContextId | TargetContextId | Â | str | Â |
AzureActiveDirectoryEventType | AzureActiveDirectoryEventType | Â | int4 | Â |
VersionId | VersionId | Â | int8 | Â |
FileId | FileId | Â | int8 | Â |
PostIncidentDocumentUrl | PostIncidentDocumentUrl | Â | str | Â |
Severity | Severity | Â | str | Â |
Title | Title | Â | str | Â |
Comments | Comments | Â | str | Â |
AffectedWorkloadDisplayNames | AffectedWorkloadDisplayNames | Â | str | Â |
AlertEntityId | AlertEntityId | Â | str | Â |
Messages_MessageText_str | Messages_MessageText_str | Â | str | Â |
Messages_PublishedTime_str | Messages_PublishedTime_str | Â | str | Â |
ChannelGuid | ChannelGuid | Â | str | Â |
LogonUserDisplayName | LogonUserDisplayName | Â | str | Â |
RecipientUPN | RecipientUPN | Â | str | Â |
ApplicationDisplayName | ApplicationDisplayName | Â | str | Â |
MessageType | MessageType | Â | str | Â |
EventSource | EventSource | Â | str | Â |
DestinationRelativeUrl | DestinationRelativeUrl | Â | str | Â |
MachineId | MachineId | Â | str | Â |
WebId | WebId | Â | str | Â |
SendOnBehalfOfUserMailboxGuid | SendOnBehalfOfUserMailboxGuid | Â | str | Â |
ExtraProperties_Key_str | ExtraProperties_Key_str | Â | str | Â |
ExtraProperties_Value_str | ExtraProperties_Value_str | Â | str | Â |
SharingPermission | SharingPermission | Â | int4 | Â |
ObjectName | ObjectName | Â | str | Â |
SharingType | SharingType | Â | str | Â |
DataflowRefreshScheduleType | DataflowRefreshScheduleType | Â | str | Â |
TenantName | TenantName | Â | str | Â |
CustomUniqueId | CustomUniqueId | Â | bool | Â |
DatasetId | DatasetId | Â | str | Â |
SiteUrl | SiteUrl | Â | str | Â |
Parameters_Name_str | Parameters_Name_str | Â | str | Â |
Parameters_Value_str | Parameters_Value_str | Â | str | Â |
ImportType | ImportType | Â | str | Â |
ImportId | ImportId | Â | str | Â |
PolicyId | PolicyId | Â | str | Â |
ItemName | ItemName | Â | str | Â |
Datasets_DatasetId_str | Datasets_DatasetId_str | Â | str | Â |
Datasets_DatasetName_str | Datasets_DatasetName_str | Â | str | Â |
ImplicitShare | ImplicitShare | Â | str | Â |
ImportDisplayName | ImportDisplayName | Â | str | Â |
ItemType | ItemType | Â | str | Â |
WorkSpaceName | WorkSpaceName | Â | str | Â |
DestFolder_Path | DestFolder_Path | Â | str | Â |
DestFolder_Id | DestFolder_Id | Â | str | Â |
UniqueSharingId | UniqueSharingId | Â | str | Â |
TargetUserOrGroupName | TargetUserOrGroupName | Â | str | Â |
FlowConnectorNames | FlowConnectorNames | Â | str | Â |
FileSyncBytesCommitted | FileSyncBytesCommitted | Â | str | Â |
CorrelationId | CorrelationId | Â | str | Â |
Members_DisplayName_str | Members_DisplayName_str | Â | str | Â |
Members_UPN_str | Members_UPN_str | Â | str | Â |
Members_Role_str | Members_Role_str | Â | str | Â |
AddOnGuid | AddOnGuid | Â | str | Â |
DashboardName | DashboardName | Â | str | Â |
IsSuccess | IsSuccess | Â | bool | Â |
AlertId | AlertId | Â | str | Â |
ListTitle | ListTitle | Â | str | Â |
ReportType | ReportType | Â | str | Â |
AffectedWorkloadNames | AffectedWorkloadNames | Â | str | Â |
FlowDetailsUrl | FlowDetailsUrl | Â | str | Â |
TargetYammerUserId | TargetYammerUserId | Â | int8 | Â |
ImpactDescription | ImpactDescription | Â | str | Â |
BrowserName | BrowserName | Â | str | Â |
OperationProperties_Value_str | OperationProperties_Value_str | Â | str | Â |
OperationProperties_Name_str | OperationProperties_Name_str | Â | str | Â |
ReportId | ReportId | Â | str | Â |
DestMailboxOwnerSid | DestMailboxOwnerSid | Â | str | Â |
DestMailboxOwnerMasterAccountSid | DestMailboxOwnerMasterAccountSid | Â | str | Â |
AffectedUserCount | AffectedUserCount | Â | int4 | Â |
Category | Category | Â | str | Â |
MachineDomainInfo | MachineDomainInfo | Â | str | Â |
ListBaseType | ListBaseType | Â | str | Â |
DestMailboxId | DestMailboxId | Â | str | Â |
TabType | TabType | Â | str | Â |
Activity | Activity | Â | str | Â |
DestinationFileExtension | DestinationFileExtension | Â | str | Â |
UserUPN | UserUPN | Â | str | Â |
ListId | ListId | Â | str | Â |
SourceRelativeUrl | SourceRelativeUrl | Â | str | Â |
UserTypeInitiated | UserTypeInitiated | Â | int4 | Â |
EndTime | EndTime | Â | str | Â |
SendAsUserMailboxGuid | SendAsUserMailboxGuid | Â | str | Â |
ActionType | ActionType | Â | str | Â |
SourceFileExtension | SourceFileExtension | Â | str | Â |
DashboardId | DashboardId | Â | str | Â |
ClientApplicationId | ClientApplicationId | Â | str | Â |
DestMailboxOwnerUPN | DestMailboxOwnerUPN | Â | str | Â |
MailboxOwnerMasterAccountSid | MailboxOwnerMasterAccountSid | Â | str | Â |
SensitiveInfoDetectionIsIncluded | SensitiveInfoDetectionIsIncluded | Â | bool | Â |
Schedules_RefreshFrequency | Schedules_RefreshFrequency | Â | str | Â |
Schedules_Days_str | Schedules_Days_str | Â | str | Â |
Schedules_Time_str | Schedules_Time_str | Â | str | Â |
Schedules_TimeZone | Schedules_TimeZone | Â | str | Â |
TeamName | TeamName | Â | str | Â |
WorkspaceId | WorkspaceId | Â | str | Â |
DataflowType | DataflowType | Â | str | Â |
SourceFileName | SourceFileName | Â | str | Â |
FeatureDisplayName | FeatureDisplayName | Â | str | Â |
EntityPath | EntityPath | Â | str | Â |
TeamGuid | TeamGuid | Â | str | Â |
ResourceTitle | ResourceTitle | Â | str | Â |
Classification | Classification | Â | str | Â |
ListBaseTemplateType | ListBaseTemplateType | Â | str | Â |
DestinationFileName | DestinationFileName | Â | str | Â |
AffectedTenantCount | AffectedTenantCount | Â | int8 | Â |
DatasetName | DatasetName | Â | str | Â |
LicenseDisplayName | LicenseDisplayName | Â | str | Â |
Feature | Feature | Â | str | Â |
StartTime | StartTime | Â | str | Â |
TargetUserOrGroupType | TargetUserOrGroupType | Â | str | Â |
DataConnectivityMode | DataConnectivityMode | Â | str | Â |
LastUpdatedTime | LastUpdatedTime | Â | str | Â |
ReportName | ReportName | Â | str | Â |
EntityType | EntityType | Â | str | Â |
OperationDetails | OperationDetails | Â | str | Â |
UserAgent | UserAgent | Â | str | Â |
AlertType | AlertType | Â | str | Â |
Name | Name | Â | str | Â |
CmdletVersion | CmdletVersion | Â | str | Â |
ImportSource | ImportSource | Â | str | Â |
SkypeForBusinessEventType | SkypeForBusinessEventType | Â | int4 | Â |
AddOnType | AddOnType | Â | int4 | Â |
DoNotDistributeEvent | DoNotDistributeEvent | Â | bool | Â |
ChannelName | ChannelName | Â | str | Â |
ListItemUniqueId | ListItemUniqueId | Â | str | Â |
ObjectId | ObjectId | Â | str | Â |
AttachmentData | AttachmentData | Â | json | Â |
DeliveryAction | DeliveryAction | Â | str | Â |
DetectionMethod | DetectionMethod | Â | str | Â |
DetectionType | DetectionType | Â | str | Â |
Directionality | Directionality | Â | str | Â |
EventDeepLink | EventDeepLink | Â | str | Â |
InternetMessageId | InternetMessageId | Â | str | Â |
LatestDeliveryLocation | LatestDeliveryLocation | Â | str | Â |
MessageTime | MessageTime | Â | str | Â |
NetworkMessageId | NetworkMessageId | Â | str | Â |
OriginalDeliveryLocation | OriginalDeliveryLocation | Â | str | Â |
P1Sender | P1Sender | Â | str | Â |
P2Sender | P2Sender | Â | str | Â |
Policy | Policy | Â | str | Â |
PolicyAction | PolicyAction | Â | str | Â |
Recipients | Recipients | Â | str | Â |
SenderIp | SenderIp | Â | str | Â |
Subject | Subject | Â | str | Â |
ThreatsAndDetectionTech | ThreatsAndDetectionTech | Â | str | Â |
Verdict | Verdict | Â | str | Â |
SourceLocationType | SourceLocationType | Â | int4 | Â |
Platform | Platform | Â | int4 | Â |
Application | Application | Â | str | Â |
FileExtension | FileExtension | Â | str | Â |
DeviceName | DeviceName | Â | str | Â |
MDATPDeviceId | MDATPDeviceId | Â | str | Â |
FileSize | FileSize | Â | int4 | Â |
FileType | FileType | Â | str | Â |
Hidden | Hidden | Â | bool | Â |
Actions | Actions | Â | json | Â |
AlertLinks | AlertLinks | Â | json | Â |
Data | Data | Â | json | Â |
DeepLinkUrl | DeepLinkUrl | Â | str | Â |
EndTimeUtc | EndTimeUtc | Â | timestamp | Â |
InvestigationId | InvestigationId | Â | str | Â |
InvestigationName | InvestigationName | Â | str | Â |
InvestigationType | InvestigationType | Â | str | Â |
LastUpdateTimeUtc | LastUpdateTimeUtc | Â | timestamp | Â |
StartTimeUtc | StartTimeUtc | Â | timestamp | Â |
Source | Source | Â | str | Â |
message | message | Â | str | Â |
hostchain | hostchain |  | str | ✓ |
tag | tag |  | str | ✓ |
rawSource | rawSource |  | str | ✓ |
rawTagged | rawTagged | Â | str | Â |
rawMessage | rawMessage | Â | str | Â |
Â