HuntingBookmark

Azure sentinel hunting bookmarks audit table

Categories

  • Security

Solutions

  • Microsoft Sentinel

Columns

Column Type Description
BookmarkId string Guid - the bookmark ARM resource name
BookmarkName string Bookmark name given by the user
BookmarkType string Can be used to mark bookmark origin - currently not used
CreatedBy string JSON object with the user who created the bookmark, including: ObjectID, email and name
CreatedTime datetime The timestamp of bookmark first creation time
Entities string A serialized JSON of entities mapped by this bookmark
EventTime datetime The timestamp of the original event that is bookmarked
LastUpdatedTime datetime The timestamp of bookmark last update time
Notes string Notes provided by user
QueryEndTime datetime Query time range end time
QueryResultRow string JSON object with a single result row of the query
QueryStartTime datetime Query time range start time
QueryText string Original log analytics query text
_ResourceId string A unique identifier for the resource that the record is associated with
SoftDeleted bool Was the bookmark deleted by user
SourceSystem string
_SubscriptionId string A unique identifier for the subscription that the record is associated with
Tags string Comma seperated list of tags provided by user
TenantId string
TimeGenerated datetime The timestamp (UTC) of the log
Type string
UpdatedBy string JSON object with the user who last updated the bookmark, including: ObjectID, email and name