SecurityEvent
Événements de sécurité collectés à partir de machines Windows par Azure Security Center ou Azure Sentinel.
Attributs de table
| Attribut | Valeur |
|---|---|
| Types de ressource | microsoft.securityinsights/securityinsights, microsoft.compute/virtualmachines, microsoft.conenctedvmwarevsphere/virtualmachines, microsoft.azurestackhci/virtualmachines, microsoft.scvmm/virtualmachines, microsoft.compute/virtualmachinescalesets |
| Catégories | Sécurité |
| Solutions | Sécurité, SecurityInsights |
| Journal de base | No |
| Transformation au moment de l’ingestion | Yes |
| Exemples de requêtes | Oui |
Colonnes
| Colonne | Type | Description |
|---|---|---|
| AccessMask | string | |
| Compte | string | |
| AccountDomain | string | |
| AccountExpires | string | |
| AccountName | string | |
| AccountSessionIdentifier | string | |
| AccountType | string | |
| Activité | string | |
| AdditionalInfo | string | |
| AdditionalInfo2 | string | |
| AllowedToDelegateTo | string | |
| Attributs | string | |
| AuditPolicyChanges | string | |
| AuditsDiscarded | int | |
| AuthenticationLevel | int | |
| AuthenticationPackageName | string | |
| AuthenticationProvider | string | |
| AuthenticationServer | string | |
| AuthenticationService | int | |
| AuthenticationType | string | |
| AzureDeploymentID | string | |
| _BilledSize | real | Taille de l’enregistrement en octets |
| CACertificateHash | string | |
| CalledStationID | string | |
| CallerProcessId | string | |
| CallerProcessName | string | |
| CallingStationID | string | |
| CAPublicKeyHash | string | |
| CategoryId | string | |
| CertificateDatabaseHash | string | |
| Canal | string | |
| Classid | string | |
| ClassName | string | |
| ClientAddress | string | |
| ClientIPAddress | string | |
| ClientName | string | |
| CommandLine | string | |
| CompatibleIds | string | |
| Computer | string | |
| DCDNSName | string | |
| DeviceDescription | string | |
| deviceId | string | |
| DisplayName | string | |
| Disposition | string | |
| DomainBehaviorVersion | string | |
| DomainName | string | |
| DomainPolicyChanged | string | |
| DomainSid | string | |
| EAPType | string | |
| ElevatedToken | string | |
| ErrorCode | int | |
| EventData | string | |
| EventID | int | |
| EventSourceName | string | |
| ExtendedQuarantineState | string | |
| FailureReason | string | |
| FileHash | string | |
| FilePath | string | |
| FilePathNoUser | string | |
| Filtrer | string | |
| ForceLogoff | string | |
| Fqbn | string | |
| FullyQualifiedSubjectMachineName | string | |
| FullyQualifiedSubjectUserName | string | |
| GroupMembership | string | |
| HandleId | string | |
| HardwareIds | string | |
| HomeDirectory | string | |
| HomePath | string | |
| InterfaceUuid | string | |
| IpAddress | string | |
| IpPort | string | |
| _IsBillable | string | Spécifie si l’ingestion des données est facturable. Quand _IsBillable est l’ingestion false n’est pas facturée à votre compte Azure |
| KeyLength | int | |
| Level | string | |
| LmPackageName | string | |
| LocationInformation | string | |
| LockoutDuration | string | |
| LockoutObservationWindow | string | |
| LockoutThreshold | string | |
| LoggingResult | string | |
| LogonGuid | string | |
| LogonHours | string | |
| LogonID | string | |
| LogonProcessName | string | |
| LogonType | int | |
| LogonTypeName | string | |
| MachineAccountQuota | string | |
| MachineInventory | string | |
| MachineLogon | string | |
| ManagementGroupName | string | |
| ObligatoireLabel | string | |
| MaxPasswordAge | string | |
| MemberName | string | |
| MemberSid | string | |
| MinPasswordAge | string | |
| MinPasswordLength | string | |
| MixedDomainMode | string | |
| NASIdentifier | string | |
| NASIPv4Address | string | |
| NASIPv6Address | string | |
| NASPort | string | |
| NASPortType | string | |
| NetworkPolicyName | string | |
| NewDate | string | |
| NewMaxUsers | string | |
| NewProcessId | string | |
| NewProcessName | string | |
| NewRemark | string | |
| NewShareFlags | string | |
| NewTime | string | |
| NewUacValue | string | |
| NewValue | string | |
| NewValueType | string | |
| ObjectName | string | |
| ObjectServer | string | |
| ObjectType | string | |
| ObjectValueName | string | |
| OemInformation | string | |
| OldMaxUsers | string | |
| OldRemark | string | |
| OldShareFlags | string | |
| OldUacValue | string | |
| OldValue | string | |
| OldValueType | string | |
| OperationType | string | |
| PackageName | string | |
| ParentProcessName | string | |
| PasswordHistoryLength | string | |
| PasswordLastSet | string | |
| PasswordProperties | string | |
| PreviousDate | string | |
| PreviousTime | string | |
| PrimaryGroupId | string | |
| PrivateKeyUsageCount | string | |
| PrivilegeList | string | |
| Processus | string | |
| ProcessId | string | |
| ProcessName | string | |
| ProfilePath | string | |
| Propriétés | string | |
| ProtocolSequence | string | |
| ProxyPolicyName | string | |
| QuarantineHelpURL | string | |
| QuarantineSessionID | string | |
| QuarantineSessionIdentifier | string | |
| QuarantineState | string | |
| QuarantineSystemHealthResult | string | |
| RelativeTargetName | string | |
| RemoteIpAddress | string | |
| RemotePort | string | |
| Demandeur | string | |
| RequestId | string | |
| _ResourceId | string | Un identificateur unique de la ressource à laquelle l’enregistrement est associé |
| RestrictedAdminMode | string | |
| Lignes Supprimées | string | |
| SamAccountName | string | |
| ScriptPath | string | |
| SecurityDescriptor | string | |
| ServiceAccount | string | |
| ServiceFileName | string | |
| NomService | string | |
| ServiceStartType | int | |
| ServiceType | string | |
| SessionName | string | |
| ShareLocalPath | string | |
| ShareName | string | |
| Sidhistory | string | |
| SourceComputerId | string | |
| SourceSystem | string | Type d’agent par lequel l’événement a été collecté. Par exemple, OpsManager pour l’agent Windows, la connexion directe ou Operations Manager, Linux pour tous les agents Linux ou Azure pour Diagnostics Azure |
| État | string | |
| StorageAccount | string | |
| Sous-catégorieGuid | string | |
| Sous-catégoriegoryId | string | |
| Objet | string | |
| SubjectAccount | string | |
| SubjectDomainName | string | |
| SubjectKeyIdentifier | string | |
| SubjectLogonId | string | |
| SubjectMachineName | string | |
| SubjectMachineSID | string | |
| SubjectUserName | string | |
| SubjectUserSid | string | |
| _SubscriptionId | string | Un identificateur unique de l’abonnement auquel l’enregistrement est associé |
| SubStatus | string | |
| TableId | string | |
| TargetAccount | string | |
| Targetdomainname | string | |
| TargetInfo | string | |
| TargetLinkedLogonId | string | |
| TargetLogonGuid | string | |
| TargetLogonId | string | |
| TargetOutboundDomainName | string | |
| TargetOutboundUserName | string | |
| TargetServerName | string | |
| TargetSid | string | |
| TargetUser | string | |
| TargetUserName | string | |
| TargetUserSid | string | |
| Tâche | int | |
| TemplateContent | string | |
| TemplateDSObjectFQDN | string | |
| TemplateInternalName | string | |
| TemplateOID | string | |
| TemplateSchemaVersion | string | |
| TemplateVersion | string | |
| TimeGenerated | DATETIME | |
| TokenElevationType | string | |
| TransmitServices | string | |
| Type | string | Le nom de la table |
| UserAccountControl | string | |
| UserParameters | string | |
| UserPrincipalName | string | |
| UserWorkstations | string | |
| VendorIds | string | |
| VirtualAccount | string | |
| Station de travail | string | |
| WorkstationName | string |
Commentaires
Bientôt disponible : Tout au long de 2024, nous allons supprimer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d’informations, consultez https://aka.ms/ContentUserFeedback.
Envoyer et afficher des commentaires pour