Edit

Share via


AlertInfo

Alerts from Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Cloud App Security, and Microsoft Defender for Identity, including severity information and threat categorization.

Table attributes

Attribute Value
Resource types -
Categories Security
Solutions SecurityInsights
Basic log No
Ingestion-time transformation Yes
Sample Queries Yes

Columns

Column Type Description
AlertId string Unique identifier for the alert.
AttackTechniques string MITRE ATT&CK techniques associated with the activity that triggered the alert.
_BilledSize real The record size in bytes
Category string Type of threat indicator or breach activity identified by the alert.
DetectionSource string Detection technology or sensor that identified the notable component or activity.
_IsBillable string Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account
ServiceSource string Product or service that provided the alert information.
Severity string Indicates the potential impact (high, medium, or low) of the threat indicator or breach activity identified by the alert.
SourceSystem string The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics
TenantId string The Log Analytics workspace ID
TimeGenerated datetime Date and time (UTC) when the record was generated.
Title string Title of the alert.
Type string The name of the table