AccessType |
string |
Type of accessed application. Access type options: QuickAccess, PrivateAccess. |
Action |
string |
The action taken on the network session. Allowed, Denied. |
AgentVersion |
string |
The version of the agent connecting. |
AppId |
string |
Destination Application ID accessed in Azure AD during the transaction. |
AppSegmentId |
string |
Destination Application segment ID from Azure AD accessed during the transaction |
_BilledSize |
real |
The record size in bytes |
CloudAppCatalogId |
string |
The id of the application in the saas application catalog. |
CloudAppCategory |
string |
The category of the cloud application (i.e social media, search, generative AI). |
CloudAppComplianceScore |
int |
The compliance score of the application. |
CloudAppGeneralScore |
int |
The general score of the application. |
CloudAppLegalScore |
int |
The legal score of the application. |
CloudAppLoginUser |
string |
The username that was used to log into the application. |
CloudAppName |
string |
The name of the application (i.e chatGPT, SalesForce, Bing). |
CloudAppRiskScore |
int |
The risk score of the application. |
ConnectionId |
string |
Unique identifier representing the connection this traffic log was initiated from. |
ConnectionStatus |
string |
Status of a connection. Status options: Open, Active, Closed. |
ConnectorId |
string |
Private access connector ID. |
ConnectorIp |
string |
Private access connector IP. |
ConnectorName |
string |
Private access connector name. |
Description |
string |
Additional details describing the traffic. |
DestinationFqdn |
string |
The destination device hostname, including domain information when available. |
DestinationIp |
string |
The IP address of the connection or session destination. |
DestinationPort |
int |
The destination IP port. |
DestinationUrl |
string |
The Url link of the connection or session destination. |
DestinationWebCategories |
string |
The destination FQDN's Web Categories. |
DeviceCategory |
string |
Device type the transaction originated from. Client, Branch. |
DeviceId |
string |
The ID of the source device as reported in the record. |
DeviceOperatingSystem |
string |
The client connecting operating system type. |
DeviceOperatingSystemVersion |
string |
The client connecting operating system version. |
FilteringProfileId |
string |
The ID of the Filtering Profile associated with the action performed on traffic. |
FilteringProfileName |
string |
The name of the Filtering Profile associated with the action performed on traffic. |
HttpMethod |
string |
The http method used in the request. |
InitiatingProcessName |
string |
The process initiating the traffic transaction. |
_IsBillable |
string |
Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
NetworkProtocol |
string |
The network protocol, IPv6 or IPv4. |
OriginHeader |
string |
The origin header value. |
PolicyId |
string |
The ID of the policy for which the request was denied by its rule. |
PolicyName |
string |
The name of the filtering policy associated with the action performed on traffic. |
PolicyRuleId |
string |
The ID of the rule for which the request was denied by. |
ProcessingRegion |
string |
Region where the request was processed by the backend service. |
ReceivedBytes |
long |
The number of bytes received. |
ReferrerHeader |
string |
The Referer header value. |
RemoteNetworkId |
string |
The ID from which traffic was sent or received, providing visibility into the origin of the traffic. |
ResourceTenantId |
string |
Tenant ID that owns the resource. |
ResponseCode |
int |
The response code returned from the server. |
RuleName |
string |
The name of the rule associated with the action performed on traffic. |
SentBytes |
long |
The number of bytes sent. |
SessionId |
string |
Unique identifier representing the session. |
SourceIp |
string |
The IP address from which the connection or session originated. |
SourcePort |
int |
The IP port from which the connection originated. |
SourceSystem |
string |
The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
TenantId |
string |
The Log Analytics workspace ID |
ThreatType |
string |
The identified threat type associated with the traffic. |
TimeGenerated |
datetime |
The date and time (UTC) that the event was generated. |
TlsAction |
string |
The TLS action taken on the traffic. |
TlsPolicyId |
string |
The unique token identifier of the TLS policy applied to the traffic. |
TlsPolicyName |
string |
The name for the TLS policy applied to the traffic. |
TlsStatus |
string |
The status of the Tls option. |
Token3PExpiry |
datetime |
The expiry date of the access token used to access the private access application. |
Token3PIssuedAt |
datetime |
The issued date of the access token used to access the private access application. |
Token3PUniqueId |
string |
The unique token identifier of the access token used to access the private access application. |
Token3PValidFrom |
datetime |
The validity date of the access token used to access the private access application. |
TrafficType |
string |
The type of the target destination traffic. |
TransactionId |
string |
Unique identifier that representing a roundtrip of request response. |
TransportProtocol |
string |
The IP protocol used by the connection or session as listed in IANA protocol assignment. |
Type |
string |
The name of the table |
UniqueTokenId |
string |
The unique token identifier |
UserId |
string |
A machine-readable, alphanumeric, unique representation of the source user. |
UserPrincipalName |
string |
The source username, including domain information when available. |
VendorNames |
string |
The name of the vendors who detected the threat. |
XForwardedFor |
string |
X-Forwarded-For header of the HTTP request. |