SecurityAlert
Alerts that been generated by security products.
Table attributes
Attribute |
Value |
Resource types |
microsoft.securityinsights/securityinsights |
Categories |
Security |
Solutions |
AzureSecurityOfThings, Security, SecurityCenter, SecurityCenterFree, SecurityInsights |
Basic log |
No |
Ingestion-time transformation |
Yes |
Sample Queries |
- |
Columns
Column |
Type |
Description |
AlertLink |
string |
|
AlertName |
string |
|
AlertSeverity |
string |
|
AlertType |
string |
|
_BilledSize |
real |
The record size in bytes |
CompromisedEntity |
string |
|
ConfidenceLevel |
string |
|
ConfidenceScore |
real |
|
Description |
string |
|
DisplayName |
string |
|
EndTime |
datetime |
|
Entities |
string |
|
ExtendedLinks |
string |
|
ExtendedProperties |
string |
|
_IsBillable |
string |
Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
IsIncident |
bool |
|
ProcessingEndTime |
datetime |
|
ProductComponentName |
string |
|
ProductName |
string |
|
ProviderName |
string |
|
RemediationSteps |
string |
|
ResourceId |
string |
|
SourceComputerId |
string |
|
StartTime |
datetime |
|
Status |
string |
|
SubTechniques |
string |
|
SystemAlertId |
string |
|
Tactics |
string |
|
Techniques |
string |
|
TimeGenerated |
datetime |
|
Type |
string |
The name of the table |
VendorName |
string |
|
VendorOriginalId |
string |
|
WorkspaceResourceGroup |
string |
|
WorkspaceSubscriptionId |
string |
|