SecurityDetection
Table attributes
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Security |
| Solutions | Security |
| Basic log | No |
| Ingestion-time transformation | Yes |
| Sample Queries | - |
Columns
| Column | Type | Description |
|---|---|---|
| AccountsSeen | int | |
| AlertSeverity | string | |
| AlertTitle | string | |
| AssociatedResource | string | |
| _BilledSize | real | The record size in bytes |
| ChildProcess | string | |
| CommandLine | string | |
| Computer | string | |
| Description | string | |
| DetectionID | string | |
| Duration | string | |
| ExtendedProperties | string | |
| FailedAttempts | int | |
| FullPath | string | |
| InvalidAccountsSeen | int | |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| IsFirstParty | bool | |
| LogChannel | string | |
| OccuringDatacenter | string | |
| OriginalSeverity | string | |
| ParentProcess | string | |
| ProcessName | string | |
| Provider | string | |
| RemediationSteps | string | |
| ReportingSystem | string | |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| ServiceId | string | |
| SubjectDomainName | string | |
| SubjectUserName | string | |
| SubscriptionId | string | |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| SuccessfulLogins | int | |
| SuspiciousProcess | string | |
| TimeGenerated | datetime | |
| Type | string | The name of the table |
| ValidAccountsSeen | int |