Audit logs for operations performed on Azure Sentinel resources, such as Data Connectors, Analytic Rules and more. These logs can be used to audit operations on your Sentinel resources.
Additional information based on the resource type.
_IsBillable
string
Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account
OperationName
string
The name of the operation that triggered the event.
SentinelResourceId
string
The Sentinel resource ID.
SentinelResourceKind
string
The resource kind, for example: connector kind (such as Office365, AmazonWebServicesCloudTrail), alert rule kind (scheduld).
SentinelResourceName
string
The Sentinel resource name.
SentinelResourceType
string
The resource type, for example: DataConnector, AlertRule, etc.
SourceSystem
string
The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics
Status
string
Status of the operation, for example: Success, Failure, Warning, Informational, Partial Success.
TenantId
string
The Log Analytics workspace ID
TimeGenerated
datetime
The timestamp (UTC) of when the event was generated.