BehaviorAnalytics

This table stores the enriched events for Sentinel UEBA, providing behavior analytics over raw data.

Categories

  • Security

Solutions

  • Azure Sentinel UEBA

Columns

Column Type Description
ActionType string The specific type of action that triggered the event
ActivityInsights dynamic Activity and behavioral insights
ActivityType string The activity type that triggered the event
DestinationDevice string The hostname of the destination device
DestinationIPAddress string The destination IP address
DestinationIPLocation string The destination Geo location based on the IP address
DevicesInsights dynamic Devices metadata and insights
EventSource string Data source for this event
InvestigationPriority int Investigation priority score
_ResourceId string A unique identifier for the resource that the record is associated with
SourceDevice string The hostname of the source device
SourceIPAddress string The source IP address
SourceIPLocation string The source Geo location based on the IP address
SourceRecordId string The unique Id of the source raw event
SourceSystem string
_SubscriptionId string A unique identifier for the subscription that the record is associated with
TenantId string
TimeGenerated datetime Time when the raw event was generated (UTC)
TimeProcessed datetime Time when enrichment processing occurred (UTC)
Type string The name of the table
UserName string User name of the account
UserPrincipalName string User principal name of the account
UsersInsights dynamic Users metadata and insights