What's the exact definition of 'Timegenerated' in an Azure Resource Graph query output for Container Image Vulnerabilities?

Question

When we run a query to find vulnerabilities in Container Images, there's a 'timegenerated' column in the query output. I've tried to find this documented somewhere, but can't, I've only found a document for Azure Monitor. Does this mean it's the last time the image was scanned or the first time the vulnerability was discovered with a scan, or something completely different? Thank you!

Answer 1

@LaBombard, Lory

Thank you for posting your query on Microsoft Q&A, from above description w

The TimeGenerated column contains the date and time that the record was created by the data source. TimeGenerated provides a common column to use for filtering or summarizing by time. When you select a time range for a view or dashboard in the Azure portal, it uses TimeGenerated to filter the results.

• Does this mean it's the last time the image was scanned or the first time the vulnerability was discovered with a scan, or something completely different?

No this means the time when image scan or vulnerability discovery was recorded by defender for cloud into workspace. This time may be same as discovery time or may be different.

For sentinel we have a DCR/DCE which is responsible for ingesting the data into the pipeline to log analytics/Azure Monitor due to which there could a time difference between the time event was recorded and event actually happened.

Ingestion time might vary for different resources under different circumstances. For example, here are a few scenarios.

If you don't have any further queries and the suggested answer is as per your business need, please "Accept the answer", This will help us and others in the community as well.

Thanks,

Akshay Kaushik