Events
Mar 17, 9 p.m. - Mar 21, 10 a.m.
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowSecurityNestedRecommendation
Nested recommendations can be thought of as 'sub' recommendations grouped into a 'parent' recommendation. To view nested recommendations, open the 'parent' from the recommendations page in Security Center. For example, if a vulnerability scan of your SQL databases returns 100 findings, each finding will be available as a nested recommendation within the parent recommendation 'Vulnerabilities on your SQL databases should be remediated'.
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | - |
| Solutions | Security, SecurityCenter, SecurityCenterFree |
| Basic log | No |
| Ingestion-time transformation | Yes |
| Sample Queries | - |
| Column | Type | Description |
|---|---|---|
| AdditionalData | dynamic | Additional details of the sub-assessment |
| AssessedResourceId | string | Id of the assessed resource |
| _BilledSize | real | The record size in bytes |
| Category | string | Category of the sub-assessment |
| Cause | string | Cause of the assessment status |
| Description | string | Description of the assessment status |
| Id | string | Id of the assessed recommendation |
| Impact | string | Description of the impact of this sub-assessment |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| IsSnapshot | bool | Indicates whether the data was exported as part of a snapshot when 'true', or streamed in real-time when 'false'. |
| NestedRecommendationId | string | Id of the nested-recommendation |
| ParentRecommendationId | string | Id of the parent recommendation |
| RecommendationLink | string | Recommendation link URL |
| RecommendationName | string | Display name of the sub-assessment |
| RecommendationSeverity | string | The sub-assessment severity level |
| RecommendationState | string | The sub-assessment state |
| RecommendationSubscriptionId | string | Recommendation's subscription Id |
| RemediationDescription | string | Information on how to remediate this sub-assessment |
| RemidiationDescription | string | Information on how to remediate this sub-assessment |
| ResourceDetails | dynamic | Details of the resource that was assessed |
| ResourceGroup | string | Resource group name |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| ResourceProviderType | string | Resource provider type of the assessed resource |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| SubAssessmentTimeGeneration | datetime | The date and time the sub-assessment was generated |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The date and time the sub-assessment was exported |
| Type | string | Resource type |
| VulnerabilityId | string | Vulnerability Id |
Additional resources
Training
Module
Abfragen von Protokollen in Microsoft Sentinel - Training
Abfragen von Protokollen in Microsoft Sentinel
Certification
Microsoft Certified: Security Operations Analyst Associate - Certifications
Untersuchen, Suchen und Mindern von Bedrohungen mit Microsoft Sentinel, Microsoft Defender for Cloud und Microsoft 365 Defender.