SecurityAttackPathData

This tables contains attack paths that are being generated by Microsoft Defender for Cloud in order to detect potential breach paths of attackers to your cloud environment.

Table attributes

Attribute	Value
Resource types	microsoft.security/security
Categories	Security
Solutions	Security, SecurityCenter, SecurityCenterFree
Basic log	Yes
Ingestion-time transformation	No
Sample Queries	Yes

Columns

Column	Type	Description
AdditionalRemediationSteps	string	The manual remediation steps of the attack path.
Assessments	dynamic	The assessments mapped to the attack path.
AttackPathId	string	The ID of the attack path.
AttackStory	string	The attack story.
_BilledSize	real	The record size in bytes
Description	string	The description of the attack path.
DisplayName	string	The display name of the attack path.
EntrypointId	string	The ID of the attack path enry point.
_IsBillable	string	Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account
Mitre	string	MITRE mapping of the path.
Path	dynamic	The nodes, edges & insights that create the path.
PotentialImpact	string	The potenrial impact of the attack path.
_ResourceId	string	A unique identifier for the resource that the record is associated with
RiskFactors	dynamic	The risk factors of the attack path.
RiskLevel	string	The risk level of the attack path.
SourceSystem	string	The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics
_SubscriptionId	string	A unique identifier for the subscription that the record is associated with
TargetId	string	The ID of the attack path target.
TenantId	string	The Log Analytics workspace ID
TimeGenerated	datetime	The date and time the attack path was exported.
Type	string	The name of the table