| AACAudit |
|
| AACHttpRequest |
|
| AADDomainServicesAccountLogon |
|
| AADDomainServicesAccountManagement |
|
| AADDomainServicesDirectoryServiceAccess |
|
| AADDomainServicesLogonLogoff |
|
| AADDomainServicesPolicyChange |
|
| AADDomainServicesPrivilegeUse |
|
| AADManagedIdentitySignInLogs |
|
| AADNonInteractiveUserSignInLogs |
|
| AADProvisioningLogs |
|
| AADRiskyUsers |
|
| AADServicePrincipalSignInLogs |
|
| AADUserRiskEvents |
|
| ABAPAuditLog |
|
| ABSBotRequests |
|
| ACSAuthIncomingOperations |
|
| ACSBillingUsage |
|
| ACSChatIncomingOperations |
|
| ACSSMSIncomingOperations |
|
| ADAssessmentRecommendation |
|
| AddonAzureBackupAlerts |
|
| AddonAzureBackupJobs |
|
| AddonAzureBackupPolicy |
|
| AddonAzureBackupProtectedInstance |
|
| AddonAzureBackupStorage |
|
| ADFActivityRun |
|
| ADFAirflowSchedulerLogs |
|
| ADFAirflowTaskLogs |
|
| ADFAirflowWebLogs |
|
| ADFAirflowWorkerLogs |
|
| ADFPipelineRun |
|
| ADFSandboxActivityRun |
|
| ADFSandboxPipelineRun |
|
| ADFSSignInLogs |
|
| ADFSSISIntegrationRuntimeLogs |
|
| ADFSSISPackageEventMessageContext |
|
| ADFSSISPackageEventMessages |
|
| ADFSSISPackageExecutableStatistics |
|
| ADFSSISPackageExecutionComponentPhases |
|
| ADFSSISPackageExecutionDataStatistics |
|
| ADFTriggerRun |
|
| ADPAudit |
|
| ADPDiagnostics |
|
| ADPRequests |
|
| ADReplicationResult |
|
| ADSecurityAssessmentRecommendation |
|
| ADTDigitalTwinsOperation |
|
| ADTModelsOperation |
|
| ADTQueryOperation |
|
| ADXCommand |
|
| ADXJournal |
|
| ADXQuery |
|
| ADXTableDetails |
|
| ADXTableUsageStatistics |
|
| AegDeliveryFailureLogs |
|
| AegPublishFailureLogs |
|
| AirflowDagProcessingLogs |
|
| Alert |
|
| AlertEvidence |
|
| AlertInfo |
|
| AmlComputeClusterEvent |
|
| AmlComputeCpuGpuUtilization |
|
| AmlComputeInstanceEvent |
|
| AmlComputeJobEvent |
|
| AmlDataLabelEvent |
|
| AmlDataSetEvent |
|
| AmlDataStoreEvent |
|
| AmlDeploymentEvent |
|
| AmlEnvironmentEvent |
|
| AmlInferencingEvent |
|
| AmlModelsEvent |
|
| AmlOnlineEndpointConsoleLog |
|
| AmlPipelineEvent |
|
| AmlRunEvent |
|
| AmlRunStatusChangedEvent |
|
| Anomalies |
|
| ApiManagementGatewayLogs |
|
| AppAvailabilityResults |
|
| AppBrowserTimings |
|
| AppCenterError |
|
| AppDependencies |
|
| AppEvents |
|
| AppExceptions |
|
| AppMetrics |
|
| AppPageViews |
|
| AppPerformanceCounters |
|
| AppPlatformIngressLogs |
|
| AppPlatformLogsforSpring |
|
| AppPlatformSystemLogs |
|
| AppRequests |
|
| AppServiceAntivirusScanAuditLogs |
|
| AppServiceAppLogs |
|
| AppServiceAuditLogs |
|
| AppServiceConsoleLogs |
|
| AppServiceEnvironmentPlatformLogs |
|
| AppServiceFileAuditLogs |
|
| AppServiceHTTPLogs |
|
| AppServiceIPSecAuditLogs |
|
| AppServicePlatformLogs |
|
| AppSystemEvents |
|
| AppTraces |
|
| ASimAuditEventLogs |
|
| ASimAuthenticationEventLogs |
|
| ASimDhcpEventLogs |
|
| ASimDnsActivityLogs |
|
| ASimDnsAuditLogs |
|
| ASimFileEventLogs |
|
| ASimNetworkSessionLogs |
|
| ASimProcessEventLogs |
|
| ASimRegistryEventLogs |
|
| ASimUserManagementActivityLogs |
|
| ASimWebSessionLogs |
|
| AuditLogs |
|
| AutoscaleEvaluationsLog |
|
| AutoscaleScaleActionsLog |
|
| AWSCloudTrail |
|
| AWSCloudWatch |
|
| AWSGuardDuty |
|
| AWSVPCFlow |
|
| AzureAssessmentRecommendation |
|
| AzureDevOpsAuditing |
|
| BehaviorAnalytics |
|
| BlockchainApplicationLog |
|
| BlockchainProxyLog |
|
| CDBCassandraRequests |
|
| CDBControlPlaneRequests |
|
| CDBDataPlaneRequests |
|
| CDBGremlinRequests |
|
| CDBMongoRequests |
|
| CDBPartitionKeyRUConsumption |
|
| CDBPartitionKeyStatistics |
|
| CDBQueryRuntimeStatistics |
|
| CloudAppEvents |
|
| CommonSecurityLog |
|
| ComputerGroup |
|
| ConfigurationChange |
|
| ConfigurationData |
Partial support – some of the data is ingested through internal services that aren't supported. |
| ContainerImageInventory |
|
| ContainerInventory |
|
| ContainerLog |
|
| ContainerLogV2 |
|
| ContainerNodeInventory |
|
| ContainerRegistryLoginEvents |
|
| ContainerRegistryRepositoryEvents |
|
| ContainerServiceLog |
|
| CoreAzureBackup |
|
| DatabricksAccounts |
|
| DatabricksClusters |
|
| DatabricksDBFS |
|
| DatabricksFeatureStore |
|
| DatabricksGenie |
|
| DatabricksGlobalInitScripts |
|
| DatabricksInstancePools |
|
| DatabricksJobs |
|
| DatabricksMLflowAcledArtifact |
|
| DatabricksMLflowExperiment |
|
| DatabricksNotebook |
|
| DatabricksRemoteHistoryService |
|
| DatabricksSecrets |
|
| DatabricksSQLPermissions |
|
| DatabricksSSH |
|
| DatabricksWorkspace |
|
| DataverseActivity |
|
| DefenderForSqlAlerts |
|
| DefenderForSqlTelemetry |
|
| DeviceEvents |
|
| DeviceFileCertificateInfo |
|
| DeviceFileEvents |
|
| DeviceImageLoadEvents |
|
| DeviceInfo |
|
| DeviceLogonEvents |
|
| DeviceNetworkEvents |
|
| DeviceNetworkInfo |
|
| DeviceProcessEvents |
|
| DeviceRegistryEvents |
|
| DeviceTvmSecureConfigurationAssessment |
|
| DeviceTvmSecureConfigurationAssessmentKB |
|
| DeviceTvmSoftwareInventory |
|
| DeviceTvmSoftwareVulnerabilities |
|
| DeviceTvmSoftwareVulnerabilitiesKB |
|
| DnsEvents |
|
| DnsInventory |
|
| DummyHydrationFact |
|
| DynamicEventCollection |
|
| Dynamics365Activity |
|
| EmailAttachmentInfo |
|
| EmailEvents |
|
| EmailPostDeliveryEvents |
|
| EmailUrlInfo |
|
| Event |
Partial support . Data arriving from Log Analytics agent (MMA) or Azure Monitor Agent (AMA) is fully supported. Data arriving from Diagnostics Extension is collected through Azure storage. This path isn’t supported. |
| ExchangeAssessmentRecommendation |
|
| ExchangeOnlineAssessmentRecommendation |
|
| FailedIngestion |
|
| FunctionAppLogs |
|
| GCPAuditLogs |
|
| GoogleCloudSCC |
|
| HDInsightAmbariClusterAlerts |
|
| HDInsightAmbariSystemMetrics |
|
| HDInsightHadoopAndYarnLogs |
|
| HDInsightHadoopAndYarnMetrics |
|
| HDInsightHBaseLogs |
|
| HDInsightHBaseMetrics |
|
| HDInsightHiveAndLLAPLogs |
|
| HDInsightHiveAndLLAPMetrics |
|
| HDInsightHiveTezAppStats |
|
| HDInsightKafkaLogs |
|
| HDInsightKafkaMetrics |
|
| HDInsightOozieLogs |
|
| HDInsightSecurityLogs |
|
| HDInsightSparkApplicationEvents |
|
| HDInsightSparkBlockManagerEvents |
|
| HDInsightSparkEnvironmentEvents |
|
| HDInsightSparkExecutorEvents |
|
| HDInsightSparkJobEvents |
|
| HDInsightSparkLogs |
|
| HDInsightSparkSQLExecutionEvents |
|
| HDInsightSparkStageEvents |
|
| HDInsightSparkStageTaskAccumulables |
|
| HDInsightSparkTaskEvents |
|
| HealthStateChangeEvent |
|
| HuntingBookmark |
|
| IdentityDirectoryEvents |
|
| IdentityInfo |
|
| IdentityLogonEvents |
|
| IdentityQueryEvents |
|
| InsightsMetrics |
Partial support – some of the data is ingested through internal services that aren't supported. |
| IntuneAuditLogs |
|
| IntuneDevices |
|
| IntuneOperationalLogs |
|
| KubeEvents |
|
| KubeHealth |
|
| KubeMonAgentEvents |
|
| KubeNodeInventory |
|
| KubePodInventory |
|
| KubePVInventory |
|
| KubeServices |
|
| LAQueryLogs |
|
| LinuxAuditLog |
|
| McasShadowItReporting |
|
| MCCEventLogs |
|
| MicrosoftAzureBastionAuditLogs |
|
| MicrosoftDataShareReceivedSnapshotLog |
|
| MicrosoftDataShareSentSnapshotLog |
|
| MicrosoftGraphActivityLogs |
|
| MicrosoftHealthcareApisAuditLogs |
|
| MicrosoftPurviewInformationProtection |
|
| NetworkAccessTraffic |
|
| NetworkMonitoring |
|
| NTAIpDetails |
|
| NTANetAnalytics |
|
| NTATopologyDetails |
|
| NWConnectionMonitorPathResult |
|
| NWConnectionMonitorTestResult |
|
| OfficeActivity |
|
| Perf |
Partial support – only windows perf data is currently supported. |
| PowerAppsActivity |
|
| PowerAutomateActivity |
|
| PowerBIActivity |
|
| PowerBIDatasetsWorkspace |
|
| PowerPlatformAdminActivity |
|
| PowerPlatformConnectorActivity |
|
| PowerPlatformDlpActivity |
|
| ProcessInvestigator |
|
| ProjectActivity |
|
| ProtectionStatus |
|
| PurviewScanStatusLogs |
|
| RomeDetectionEvent |
|
| SCCMAssessmentRecommendation |
|
| SCOMAssessmentRecommendation |
|
| SecureScoreControls |
|
| SecureScores |
|
| SecurityAlert |
|
| SecurityBaseline |
|
| SecurityBaselineSummary |
|
| SecurityDetection |
|
| SecurityEvent |
Partial support – data arriving from Log Analytics agent (MMA) or Azure Monitor Agent (AMA) is fully supported. Data arriving via Diagnostics Extension agent is collected though storage while this path isn’t supported. |
| SecurityIncident |
|
| SecurityIoTRawEvent |
|
| SecurityNestedRecommendation |
|
| SecurityRecommendation |
|
| SecurityRegulatoryCompliance |
|
| SentinelHealth |
|
| ServiceMap |
|
| SfBAssessmentRecommendation |
|
| SfBOnlineAssessmentRecommendation |
|
| SharePointOnlineAssessmentRecommendation |
|
| SignalRServiceDiagnosticLogs |
|
| SigninLogs |
|
| SPAssessmentRecommendation |
|
| SQLAssessmentRecommendation |
|
| SqlAtpStatus |
|
| SQLSecurityAuditEvents |
|
| SqlThreatProtectionLoginAudits |
|
| SqlVulnerabilityAssessmentResult |
|
| SqlVulnerabilityAssessmentScanStatus |
|
| StorageBlobLogs |
|
| StorageFileLogs |
|
| StorageInsightsAccountPropertiesDaily |
|
| StorageInsightsDailyMetrics |
|
| StorageInsightsHourlyMetrics |
|
| StorageInsightsMonthlyMetrics |
|
| StorageInsightsWeeklyMetrics |
|
| StorageQueueLogs |
|
| StorageTableLogs |
|
| SucceededIngestion |
|
| SynapseBigDataPoolApplicationsEnded |
|
| SynapseBuiltinSqlPoolRequestsEnded |
|
| SynapseDXFailedIngestion |
|
| SynapseDXSucceededIngestion |
|
| SynapseGatewayApiRequests |
|
| SynapseIntegrationActivityRuns |
|
| SynapseIntegrationPipelineRuns |
|
| SynapseIntegrationTriggerRuns |
|
| SynapseRbacOperations |
|
| SynapseSqlPoolDmsWorkers |
|
| SynapseSqlPoolExecRequests |
|
| SynapseSqlPoolRequestSteps |
|
| SynapseSqlPoolSqlRequests |
|
| SynapseSqlPoolWaits |
|
| Syslog |
Partial support – data arriving from Log Analytics agent (MMA) or Azure Monitor Agent (AMA) is fully supported. Data arriving via Diagnostics Extension agent is collected though storage while this path isn’t supported. |
| ThreatIntelligenceIndicator |
|
| TSIIngress |
|
| UCClient |
|
| UCClientReadinessStatus |
|
| UCClientUpdateStatus |
|
| UCDeviceAlert |
|
| UCDOAggregatedStatus |
|
| UCDOStatus |
|
| UCServiceUpdateStatus |
|
| UCUpdateAlert |
|
| Update |
Partial support – some of the data is ingested through internal services that aren't supported. |
| UpdateRunProgress |
|
| UpdateSummary |
|
| UrlClickEvents |
|
| W3CIISLog |
Partial support – data arriving from Log Analytics agent (MMA) or Azure Monitor Agent (AMA) is fully supported. Data arriving via Diagnostics Extension agent is collected though storage while this path isn’t supported. |
| WaaSDeploymentStatus |
|
| WaaSInsiderStatus |
|
| WaaSUpdateStatus |
|
| Watchlist |
|
| WebPubSubConnectivity |
|
| WebPubSubHttpRequest |
|
| WebPubSubMessaging |
|
| WindowsClientAssessmentRecommendation |
|
| WindowsEvent |
|
| WindowsFirewall |
|
| WindowsServerAssessmentRecommendation |
|
| WireData |
Partial support – some of the data is ingested through internal services that aren't supported. |
| WorkloadDiagnosticLogs |
|
| WUDOAggregatedStatus |
|
| WUDOStatus |
|
| WVDAgentHealthStatus |
|
| WVDCheckpoints |
|
| WVDConnectionNetworkData |
|
| WVDConnections |
|
| WVDErrors |
|
| WVDFeeds |
|
| WVDHostRegistrations |
|
| WVDManagement |
|