SecurityEvent
Azure 資訊安全中心 或 Azure Sentinel 從 Windows 計算機收集的安全性事件。
數據表屬性
| 屬性 | 值 |
|---|---|
| 資源類型 | microsoft.securityinsights/securityinsights, microsoft.compute/virtualmachines, microsoft.conenctedvmwarevsphere/virtualmachines, microsoft.azurestackhci/virtualmachines, microsoft.scvmm/virtualmachines, microsoft.compute/virtualmachinescalesets |
| 類別 | 安全性 |
| 方案 | Security、SecurityInsights |
| 基本記錄檔 | No |
| 擷取時間轉換 | Yes |
| 範例查詢 | 是 |
資料行
| 資料行 | 類型 | Description |
|---|---|---|
| AccessMask | 字串 | |
| 帳戶 | 字串 | |
| AccountDomain | 字串 | |
| AccountExpires | 字串 | |
| AccountName | 字串 | |
| AccountSessionIdentifier | 字串 | |
| AccountType | 字串 | |
| 活動 | 字串 | |
| AdditionalInfo | 字串 | |
| AdditionalInfo2 | 字串 | |
| AllowedToDelegateTo | 字串 | |
| 屬性 | 字串 | |
| AuditPolicyChanges | 字串 | |
| AuditsDiscarded | int | |
| AuthenticationLevel | int | |
| AuthenticationPackageName | 字串 | |
| AuthenticationProvider | 字串 | |
| AuthenticationServer | 字串 | |
| AuthenticationService | int | |
| AuthenticationType | 字串 | |
| AzureDeploymentID | 字串 | |
| _BilledSize | real | 以位元組為單位的記錄大小 |
| CACertificateHash | 字串 | |
| CalledStationID | 字串 | |
| CallerProcessId | 字串 | |
| CallerProcessName | 字串 | |
| CallingStationID | 字串 | |
| CAPublicKeyHash | 字串 | |
| CategoryId | 字串 | |
| CertificateDatabaseHash | 字串 | |
| 管道 | 字串 | |
| ClassId | 字串 | |
| ClassName | 字串 | |
| ClientAddress | 字串 | |
| ClientIPAddress | 字串 | |
| ClientName | 字串 | |
| CommandLine | 字串 | |
| CompatibleIds | 字串 | |
| 電腦 | 字串 | |
| DCDNSName | 字串 | |
| DeviceDescription | 字串 | |
| DeviceId | 字串 | |
| DisplayName | 字串 | |
| Disposition | 字串 | |
| DomainBehaviorVersion | 字串 | |
| DomainName | 字串 | |
| DomainPolicyChanged | 字串 | |
| DomainSid | 字串 | |
| EAPType | 字串 | |
| ElevatedToken | 字串 | |
| ErrorCode | int | |
| EventData | 字串 | |
| EventID | int | |
| EventSourceName | 字串 | |
| ExtendedQuarantineState | string | |
| FailureReason | string | |
| FileHash | 字串 | |
| FilePath | 字串 | |
| FilePathNoUser | 字串 | |
| 篩選 | 字串 | |
| ForceLogoff | 字串 | |
| Fqbn | 字串 | |
| FullyQualifiedSubjectMachineName | 字串 | |
| FullyQualifiedSubjectUserName | 字串 | |
| GroupMembership | 字串 | |
| HandleId | 字串 | |
| HardwareIds | 字串 | |
| HomeDirectory | 字串 | |
| HomePath | 字串 | |
| InterfaceUuid | 字串 | |
| IpAddress | 字串 | |
| IpPort | 字串 | |
| _IsBillable | 字串 | 指定擷取數據是否可計費。 當_IsBillable false 擷取未向您 Azure 帳戶計費時 |
| KeyLength | int | |
| 層級 | 字串 | |
| LmPackageName | 字串 | |
| LocationInformation | 字串 | |
| LockoutDuration | 字串 | |
| LockoutObservationWindow | 字串 | |
| LockoutThreshold | 字串 | |
| LoggingResult | 字串 | |
| LogonGuid | 字串 | |
| LogonHours | 字串 | |
| LogonID | 字串 | |
| LogonProcessName | 字串 | |
| LogonType | int | |
| LogonTypeName | 字串 | |
| MachineAccountQuota | 字串 | |
| MachineInventory | 字串 | |
| MachineLogon | 字串 | |
| ManagementGroupName | 字串 | |
| MandatoryLabel | 字串 | |
| MaxPasswordAge | 字串 | |
| MemberName | 字串 | |
| MemberSid | 字串 | |
| MinPasswordAge | 字串 | |
| MinPasswordLength | 字串 | |
| MixedDomainMode | 字串 | |
| NASIdentifier | 字串 | |
| NASIPv4Address | 字串 | |
| NASIPv6Address | 字串 | |
| NASPort | 字串 | |
| NASPortType | 字串 | |
| NetworkPolicyName | 字串 | |
| NewDate | 字串 | |
| NewMaxUsers | 字串 | |
| NewProcessId | 字串 | |
| NewProcessName | 字串 | |
| NewRemark | 字串 | |
| NewShareFlags | 字串 | |
| NewTime | 字串 | |
| NewUacValue | 字串 | |
| NewValue | 字串 | |
| NewValueType | 字串 | |
| ObjectName | 字串 | |
| ObjectServer | 字串 | |
| ObjectType | 字串 | |
| ObjectValueName | 字串 | |
| OemInformation | 字串 | |
| OldMaxUsers | 字串 | |
| OldRemark | 字串 | |
| OldShareFlags | 字串 | |
| OldUacValue | 字串 | |
| OldValue | 字串 | |
| OldValueType | 字串 | |
| OperationType | 字串 | |
| PackageName | 字串 | |
| ParentProcessName | 字串 | |
| PasswordHistoryLength | 字串 | |
| PasswordLastSet | 字串 | |
| PasswordProperties | 字串 | |
| PreviousDate | 字串 | |
| PreviousTime | 字串 | |
| PrimaryGroupId | 字串 | |
| PrivateKeyUsageCount | 字串 | |
| PrivilegeList | 字串 | |
| 流程 | 字串 | |
| ProcessId | 字串 | |
| ProcessName | 字串 | |
| ProfilePath | 字串 | |
| 屬性 | 字串 | |
| ProtocolSequence | 字串 | |
| ProxyPolicyName | 字串 | |
| QuarantineHelpURL | 字串 | |
| QuarantineSessionID | 字串 | |
| QuarantineSessionIdentifier | 字串 | |
| QuarantineState | 字串 | |
| QuarantineSystemHealthResult | 字串 | |
| RelativeTargetName | 字串 | |
| RemoteIpAddress | 字串 | |
| 遠端連接埠 | 字串 | |
| 要求者 | 字串 | |
| RequestId | 字串 | |
| _ResourceId | 字串 | 記錄相關資源的唯一識別碼。 |
| RestrictedAdminMode | 字串 | |
| RowsDeleted | 字串 | |
| SamAccountName | 字串 | |
| ScriptPath | 字串 | |
| SecurityDescriptor | 字串 | |
| ServiceAccount | 字串 | |
| ServiceFileName | 字串 | |
| ServiceName | 字串 | |
| ServiceStartType | int | |
| ServiceType | 字串 | |
| SessionName | 字串 | |
| ShareLocalPath | 字串 | |
| ShareName | 字串 | |
| SidHistory | 字串 | |
| SourceComputerId | 字串 | |
| SourceSystem | 字串 | 事件所收集的代理程序類型。 例如,針對 Windows 代理程式、OpsManager直接連線或 Operations Manager、Linux所有 Linux 代理程式,或Azure針對 Azure 診斷 |
| 狀態 | 字串 | |
| StorageAccount | 字串 | |
| SubcategoryGuid | 字串 | |
| SubcategoryId | 字串 | |
| 主旨 | 字串 | |
| SubjectAccount | 字串 | |
| SubjectDomainName | 字串 | |
| SubjectKeyIdentifier | 字串 | |
| SubjectLogonId | 字串 | |
| SubjectMachineName | 字串 | |
| SubjectMachineSID | 字串 | |
| SubjectUserName | 字串 | |
| SubjectUserSid | 字串 | |
| _SubscriptionId | 字串 | 與記錄相關的訂用帳戶唯一識別碼 |
| SubStatus | 字串 | |
| TableId | 字串 | |
| TargetAccount | 字串 | |
| TargetDomainName | 字串 | |
| TargetInfo | 字串 | |
| TargetLinkedLogonId | 字串 | |
| TargetLogonGuid | 字串 | |
| TargetLogonId | 字串 | |
| TargetOutboundDomainName | 字串 | |
| TargetOutboundUserName | 字串 | |
| TargetServerName | 字串 | |
| TargetSid | 字串 | |
| TargetUser | 字串 | |
| TargetUserName | 字串 | |
| TargetUserSid | 字串 | |
| 工作 | int | |
| TemplateContent | 字串 | |
| TemplateDSObjectFQDN | 字串 | |
| TemplateInternalName | 字串 | |
| TemplateOID | 字串 | |
| TemplateSchemaVersion | 字串 | |
| TemplateVersion | 字串 | |
| TimeGenerated | Datetime | |
| TokenElevationType | 字串 | |
| TransmittedServices | 字串 | |
| 類型 | 字串 | 資料表的名稱 |
| UserAccountControl | 字串 | |
| UserParameters | 字串 | |
| UserPrincipalName | 字串 | |
| UserWorkstations | 字串 | |
| VendorIds | 字串 | |
| VirtualAccount | 字串 | |
| 工作站 | 字串 | |
| WorkstationName | 字串 |
意見反應
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:https://aka.ms/ContentUserFeedback。
提交並檢視相關的意見反應