auditLogQuery 资源类型

Namespace:microsoft.graph.security

重要

Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。

表示用于查询和检索相关审核日志记录的审核日志查询。

继承自 microsoft.graph.entity

方法

方法 返回类型 说明
列出 auditLogQueries auditLogQuery 集合 获取 auditLogQuery 对象及其属性的列表。
创建 auditLogQuery auditLogQuery 创建新的 auditLogQuery 对象。
获取 auditLogQuery auditLogQuery 读取 auditLogQuery 对象的属性和关系。
列出记录 auditLogRecord 集合 从记录导航属性获取 auditLogRecord 资源。

属性

属性 类型 说明
administrativeUnitIdFilters 字符串集合 标记为审核日志记录的管理单元。
displayName String 保存的审核日志查询的显示名称。
filterEndDateTime DateTimeOffset 查询中日期范围的结束日期。
filterStartDateTime DateTimeOffset 查询中日期范围的开始日期。
id String 审核日志查询的唯一标识符。 继承自 microsoft.graph.entity
ipAddressFilters 字符串集合 记录活动时使用的设备的 IP 地址。
keywordFilter String 用于搜索审核日志的非索引属性的自由文本字段。
objectIdFilters 字符串集合 对于 SharePoint 和 OneDrive for Business 活动,用户访问的文件或文件夹的完整路径名称。 对于 Exchange 管理员审核日志,通过 cmdlet 修改的对象的名称。
operationFilters 字符串集合 用户或管理员活动的名称。 有关最常见操作/活动的说明,请参阅在 Office 365 保护中心搜索审核日志
recordTypeFilters microsoft.graph.security.auditLogRecordType 集合 记录指示的操作类型。 可能的值为:、、、、、exchangeItemGroupsharePointFileOperationsyntheticProbesharePointazureActiveDirectoryoneDrive、、 microsoftTeamsDevicehrSignalmicrosoftTeamsAdminsharePointContentTypeOperationsharePointFieldOperationinformationBarrierPolicyApplicationdataInsightsRestApiAudithygieneEventexchangeItemAggregatedteamsHealthcarelabelContentExplorerthreatIntelligenceAtpContentpowerAppsPlansharePointListItemOperationpowerAppsAppworkplaceAnalyticsmipLabelmicrosoftTeamsAnalyticssecurityComplianceInsightsinformationWorkerProtectiondiscoverymicrosoftTeamsskypeForBusinessCmdletsyammercrmthreatIntelligencepowerBIAuditexchangeAggregatedOperationsecurityComplianceCenterEOPCmdletmicrosoftFlowcampaignmailSubmissioncomplianceDLPSharePointClassificationmicrosoftStreamaeDthreatIntelligenceUrldataGovernancethreatFinderkaizalasecurityComplianceAlertssharePointListOperationsharePointCommentOperationprojectcomplianceDLPExchangesharePointSharingOperationswayskypeForBusinessUsersBlockedazureActiveDirectoryAccountLogonskypeForBusinessPSTNUsagedataCenterSecurityCmdletazureActiveDirectoryStsLogoncomplianceDLPSharePointexchangeItemexchangeAdmindlpEndpointairInvestigationquarantinemicrosoftFormsapplicationAuditcomplianceSupervisionExchangecustomerKeyServiceEncryption, , mipAutoLabelSharePointItemofficeNativemipAutoLabelSharePointPolicyLocationmicrosoftTeamsShiftssecureScoremipAutoLabelExchangeItemcortanaBriefingsearchwdatpAlertspowerPlatformAdminDlppowerPlatformAdminEnvironmentmdatpAuditsensitivityLabelPolicyMatchsensitivityLabelActionsensitivityLabeledFileActionattackSimairManualInvestigationsecurityComplianceRBACuserTrainingairAdminActionInvestigationmsticphysicalBadgingSignalteamsEasyApprovalsaipDiscoveraipSensitivityLabelActionaipProtectionActionaipFileDeletedaipHeartBeatmcasAlertsonPremisesFileShareScannerDlponPremisesSharePointScannerDlpexchangeSearchsharePointSearchprivacyDataMinimizationlabelAnalyticsAggregatemyAnalyticsSettingssecurityComplianceUserChangecomplianceDLPExchangeClassificationcomplianceDLPEndpointmipExactDataMatchmsdeResponseActionsmsdeGeneralSettingsmsdeIndicatorsSettingsms365DCustomDetectionmsdeRolesSettingsmapgAlertsmapgPolicymapgRemediationprivacyRemediationActionprivacyDigestEmailmipAutoLabelSimulationProgressmipAutoLabelSimulationCompletionmipAutoLabelProgressFeedbackdlpSensitiveInformationTypemipAutoLabelSimulationStatisticslargeContentMetadatamicrosoft365GroupcdpMlInferencingResultfilteringEntityEventdlpImportResultcdpCompliancePolicyExecutionmultiStageDispositionprivacyDataMatchhealthcareSignalfilteringEmailFeaturesfilteringDocMetadatapowerBIDlpfilteringUrlInfofilteringAttachmentInfocoreReportingSettingscomplianceConnectorconsumptionResourcepowerPlatformLockboxResourceCommandpowerPlatformLockboxResourceAccessRequestcdpPredictiveCodingLabelcdpCompliancePolicyUserFeedbackwebpageActivityEndpointomePortalscorePlatformGenericAuditRecordpowerPlatformServiceActivityfilteringTimeTravelDocMetadatamicrosoftManagedServicePlatformlabelExplorerfilteringMailSubmissionalertfilteringRuleHitsmipLabelAnalyticsAuditRecordfilteringUrlClickalertStatuscmImprovementActionChangetenantAllowBlockListcdpUnifiedFeedbackfilteringPostMailDeliveryActionfilteringMailGradingResultcaseInvestigationrecordsManagementprivacyRemediationcaseehrConnectorincidentStatuscdpDlpSensitivealertIncidentdataShareOperationpublicFolderfilteringMailMetadatacdpClassificationMailItemcdpClassificationDocumentofficeScriptsRunActionprivacyTenantAuditHistoryRecordaipScannerDiscoverEventeduDataLakeDownloadOperationm365ComplianceConnectormicrosoftGraphDataConnectOperationmdcRegulatoryComplianceAssessmentsplannerTaskListplannerTenantSettingsprojectForTheWebProjectprojectForTheWebTaskplannerPlanListprojectForTheWebRoadmapItemprojectForTheWebRoadmapprojectForTheWebProjectSettingsprojectForTheWebRoadmapSettingsquarantineMetadatamicrosoftTodoAudittimeTravelFilteringDocMetadataplannerRostersharePointAppPermissionOperationteamsQuarantineMetadatamicrosoftTeamsSensitivityLabelActionfilteringTeamsMetadatafilteringTeamsUrlInfofilteringTeamsPostDeliveryActionmicrosoftGraphDataConnectConsentattackSimAdminfilteringAtpDetonationInfofilteringRuntimeInfovivaGoalsmdaDataSecuritySignalprivacyPortalmdcSecurityConnectorsmdcRegulatoryComplianceControlsmdcRegulatoryComplianceStandardsmanagedTenantsmdcAssessmentsplannerTaskplannerCopyPlanplannerPlanms365DIncidentms365DSuppressionRulepurviewDataMapOperationfilteringUrlPostClickActionupdateQuarantineMetadataplannerRosterSensitivityLabelunifiedSimulationSummaryteamsUpdatesunifiedSimulationMatchedItemirmUserDefinedDetectionSignalfilteringDelistingMetadatamicrosoftPurviewfilteringEmailContentFeaturespowerPagesSitepowerAppsResourcecomplianceDLPSharePointClassificationExtendedmicrosoftDefenderForIdentityAudit、、supervisoryReviewDayXInsightdefenderExpertsforXDRAdminhostedRpacdpContentExplorerAggregateRecordcdpEdgeBlockedMessage、、cdpHygieneAttachmentInfocdpHygieneSummarycdpPostMailDeliveryActioncdpEmailFeaturescdpUrlClickcdpHygieneUrlInfocdpPackageManagerHygieneEvent、、filteringDocScantimeTravelFilteringDocScan、 。 unknownFutureValuemapgOnboard
serviceFilter String 指审核记录中的工作负载属性。 这是发生活动的Microsoft服务。 可选。
status microsoft.graph.security.auditLogQueryStatus 描述查询的当前状态。 可能的值包括 notStartedrunningsucceededfailedcancelledunknownFutureValue
userPrincipalNameFilters 字符串集合 UPN (用户主体名称) 执行操作的用户 (操作属性中指定的) ,导致记录被记录;例如, my_name@my_domain_name

关系

关系 类型 说明
记录 microsoft.graph.security.auditLogRecord 集合 单个审核日志记录。

JSON 表示形式

以下 JSON 表示形式显示了资源类型。

{
  "@odata.type": "#microsoft.graph.security.auditLogQuery",
  "id": "String (identifier)",
  "displayName": "String",
  "filterStartDateTime": "String (timestamp)",
  "filterEndDateTime": "String (timestamp)",
  "recordTypeFilters": [
    "String"
  ],
  "keywordFilter": "String",
  "serviceFilter": "String",
  "operationFilters": [
    "String"
  ],
  "userPrincipalNameFilters": [
    "String"
  ],
  "ipAddressFilters": [
    "String"
  ],
  "objectIdFilters": [
    "String"
  ],
  "administrativeUnitIdFilters": [
    "String"
  ],
  "status": "String"
}