Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
| Table | Categories | Solutions | Supports basic log plan | Queries |
|---|---|---|---|---|
| AggregatedSecurityAlert Alerts that were generated by security products and were aggregated from a partner. |
security | SecurityInsights | Yes | Yes |
| DnsAuditEvents DNS server audit events enable change tracking on the DNS server. An audit event is logged each time server, zone, or resource record settings are changed. This includes operational events such as zone transfers, and DNSSEC zone signing and unsigning. This table captures audit events that are not from dynamic updates. |
security | SecurityInsights | Yes | - |
| SecurityAlert Alerts that been generated by security products. |
security | AzureSecurityOfThings, Security, SecurityCenter, SecurityCenterFree, SecurityInsights | No | - |
| SecurityEvent Security events collected from windows machines by Azure Security Center or Azure Sentinel. |
security | Security, SecurityInsights | Yes | Yes |
| SentinelBehaviorEntities Microsoft Sentinel behaviors table. Contains information about entities (file, process, device, user, and others) that are involved in a behavior or observation, including detected threats. |
security | SecurityInsights | Yes | - |
| SentinelBehaviorInfo Microsoft Sentinel behaviors table. Contains information about behaviors, which refers to a conclusion or insight based on one or more raw events, which can provide analysts more context in investigations. |
security | SecurityInsights | Yes | - |
| WindowsEvent Windows events which are collected and sent by the agent. |
security | CustomizedWindowsEventsFiltering, InternalWindowsEvent, SecurityInsights, WEFInternalUat, WEF_10x, WEF_10xDSRE, WinLog, WindowsEventForwarding | No | Yes |