SecurityEvent
Peristiwa keamanan yang dikumpulkan dari komputer windows berdasarkan Azure Security Center atau Azure Sentinel.
Atribut tabel
Atribut | Nilai |
---|---|
Jenis sumber daya | microsoft.securityinsights/securityinsights, microsoft.compute/virtualmachines, microsoft.conenctedvmwarevsphere/virtualmachines, microsoft.azurestackhci/virtualmachines, microsoft.scvmm/virtualmachines, microsoft.compute/virtualmachinescalesets |
Kategori | Keamanan |
Solusi | Keamanan, SecurityInsights |
Log dasar | Tidak |
Transformasi waktu penyerapan | Ya |
Kueri Sampel | Ya |
Kolom
Kolom | Jenis | Deskripsi |
---|---|---|
AccessMask | string | |
Akun | string | |
AccountDomain | string | |
AccountExpires | string | |
Nama Akun | string | |
AccountSessionIdentifier | string | |
AccountType | string | |
Aktivitas | string | |
AdditionalInfo | string | |
AdditionalInfo2 | string | |
AllowedToDelegateTo | string | |
Atribut | string | |
AuditPolicyChanges | string | |
AuditDiscarded | int | |
AuthenticationLevel | int | |
AuthenticationPackageName | string | |
AuthenticationProvider | string | |
AuthenticationServer | string | |
AuthenticationService | int | |
AuthenticationType | string | |
AzureDeploymentID | string | |
_BilledSize | nyata | Ukuran rekaman dalam byte |
CACertificateHash | string | |
CalledStationID | string | |
CallerProcessId | string | |
CallerProcessName | string | |
CallingStationID | string | |
CAPublicKeyHash | string | |
CategoryId | string | |
CertificateDatabaseHash | string | |
Saluran | string | |
ClassId | string | |
ClassName | string | |
ClientAddress | string | |
ClientIPAddress | string | |
ClientName | string | |
CommandLine | string | |
CompatibleIds | string | |
Komputer | string | |
DCDNSName | string | |
DeviceDescription | string | |
DeviceId | string | |
DisplayName | string | |
Disposisi | string | |
DomainBehaviorVersion | string | |
DomainName | string | |
DomainPolicyChanged | string | |
DomainSid | string | |
EAPType | string | |
ElevatedToken | string | |
ErrorCode | int | |
EventData | string | |
EventID | int | |
EventSourceName | string | |
ExtendedQuarantineState | string | |
FailureReason | string | |
FileHash | string | |
FilePath | string | |
FilePathNoUser | string | |
Filter | string | |
ForceLogoff | string | |
Fqbn | string | |
FullyQualifiedSubjectMachineName | string | |
FullyQualifiedSubjectUserName | string | |
GroupMembership | string | |
HandleId | string | |
HardwareIds | string | |
HomeDirectory | string | |
HomePath | string | |
InterfaceUuid | string | |
IpAddress | string | |
IpPort | string | |
_IsBillable | string | Menentukan apakah menyerap data dapat ditagih. Saat _IsBillable penyerapan false tidak ditagih ke akun Azure Anda |
KeyLength | int | |
Tingkat | string | |
LmPackageName | string | |
LocationInformation | string | |
LockoutDuration | string | |
LockoutObservationWindow | string | |
LockoutThreshold | string | |
LoggingResult | string | |
LogonGuid | string | |
LogonHours | string | |
LogonID | string | |
LogonProcessName | string | |
LogonType | int | |
LogonTypeName | string | |
MachineAccountQuota | string | |
MachineInventory | string | |
MachineLogon | string | |
ManagementGroupName | string | |
MandatoryLabel | string | |
MaxPasswordAge | string | |
Nama Anggota | string | |
MemberSid | string | |
MinPasswordAge | string | |
MinPasswordLength | string | |
MixedDomainMode | string | |
NASIdentifier | string | |
NASIPv4Address | string | |
NASIPv6Address | string | |
NASPort | string | |
NASPortType | string | |
NetworkPolicyName | string | |
NewDate | string | |
NewMaxUsers | string | |
NewProcessId | string | |
NewProcessName | string | |
Tandai Baru | string | |
NewShareFlags | string | |
NewTime | string | |
NewUacValue | string | |
NewValue | string | |
NewValueType | string | |
ObjectName | string | |
ObjectServer | string | |
Jenis Objek | string | |
ObjectValueName | string | |
OemInformation | string | |
OldMaxUsers | string | |
OldRemark | string | |
OldShareFlags | string | |
OldUacValue | string | |
OldValue | string | |
OldValueType | string | |
Jenis Operasi | string | |
PackageName | string | |
ParentProcessName | string | |
PasswordHistoryLength | string | |
PasswordLastSet | string | |
PasswordProperties | string | |
PreviousDate | string | |
PreviousTime | string | |
PrimaryGroupId | string | |
PrivateKeyUsageCount | string | |
PrivilegeList | string | |
Proses | string | |
ProcessId | string | |
ProcessName | string | |
ProfilePath | string | |
Properti | string | |
ProtocolSequence | string | |
ProxyPolicyName | string | |
QuarantineHelpURL | string | |
QuarantineSessionID | string | |
QuarantineSessionIdentifier | string | |
QuarantineState | string | |
QuarantineSystemHealthResult | string | |
RelativeTargetName | string | |
RemoteIpAddress | string | |
Port Jarak Jauh | string | |
Pemohon | string | |
RequestId | string | |
_ResourceId | string | Pengidentifikasi unik untuk sumber daya yang terkait dengan rekaman |
RestrictedAdminMode | string | |
RowsDeleted | string | |
SamAccountName | string | |
ScriptPath | string | |
SecurityDescriptor | string | |
ServiceAccount | string | |
ServiceFileName | string | |
ServiceName | string | |
ServiceStartType | int | |
ServiceType | string | |
SessionName | string | |
ShareLocalPath | string | |
ShareName | string | |
SidHistory | string | |
SourceComputerId | string | |
SourceSystem | string | Jenis agen yang dikumpulkan oleh peristiwa. Misalnya, OpsManager untuk agen Windows, baik koneksi langsung atau Manajer Operasi, Linux untuk semua agen Linux, atau Azure untuk Diagnostik Azure |
Status | string | |
StorageAccount | string | |
SubkataanGuid | string | |
SubkataanId | string | |
Subjek | string | |
SubjectAccount | string | |
SubjectDomainName | string | |
SubjectKeyIdentifier | string | |
SubjectLogonId | string | |
SubjectMachineName | string | |
SubjectMachineSID | string | |
SubjectUserName | string | |
SubjectUserSid | string | |
_SubscriptionId | string | Pengidentifikasi unik untuk langganan yang dikaitkan dengan catatan |
SubStatus | string | |
TableId | string | |
TargetAccount | string | |
TargetDomainName | string | |
TargetInfo | string | |
TargetLinkedLogonId | string | |
TargetLogonGuid | string | |
TargetLogonId | string | |
TargetOutboundDomainName | string | |
TargetOutboundUserName | string | |
TargetServerName | string | |
TargetSid | string | |
TargetUser | string | |
TargetUserName | string | |
TargetUserSid | string | |
Tugas | int | |
TemplateContent | string | |
TemplateDSObjectFQDN | string | |
TemplateInternalName | string | |
TemplateOID | string | |
TemplateSchemaVersion | string | |
TemplateVersion | string | |
TimeGenerated | tanggalwaktu | |
TokenElevationType | string | |
TransmittedServices | string | |
Jenis | string | Nama tabel |
UserAccountControl | string | |
UserParameters | string | |
UserPrincipalName | string | |
UserWorkstations | string | |
VendorIds | string | |
VirtualAccount | string | |
Stasiun kerja | string | |
WorkstationName | string |
Saran dan Komentar
https://aka.ms/ContentUserFeedback.
Segera hadir: Sepanjang tahun 2024 kami akan menghentikan penggunaan GitHub Issues sebagai mekanisme umpan balik untuk konten dan menggantinya dengan sistem umpan balik baru. Untuk mengetahui informasi selengkapnya, lihat:Kirim dan lihat umpan balik untuk