SecurityIncident

Incidents generated by security products.

Solutions

  • Microsoft Sentinel

Columns

Column Type Description
AdditionalData dynamic Additional data on the incident
AlertIds dynamic The IDs of the alerts related to the incident
BookmarkIds dynamic The IDs of the bookmarks related to the incident
Classification string The classification the incident was given when closed
ClassificationComment string Description of the reason the incident was closed
ClassificationReason string The classification reason the incident was given when closed
ClosedTime datetime Timestamp (UTC) of when the incident was last closed
Comments dynamic The comments added to the incident
CreatedTime datetime Timestamp (UTC) of when the incident was created
Description string The description of the incident
FirstActivityTime datetime Timestamp (UTC) of when the first activity in the incident occured
FirstModifiedTime datetime Timestamp (UTC) of when the incident was first modified
IncidentName string The resource name of the incident
IncidentNumber int The sequential number of the incident
IncidentUrl string The URI to open the incident in Azure Sentinel portal
Labels dynamic The labels added to the incident
LastActivityTime datetime Timestamp (UTC) of when the last activity in the incident occured
LastModifiedTime datetime Timestamp (UTC) of when the incident was last modified
ModifiedBy string The source of the change in the incident
Owner dynamic The user the incident is assigned to
ProviderIncidentId string The incident ID assigned by the incident provider
ProviderName string The name of the source provider that generated the incident
RelatedAnalyticRuleIds dynamic The IDs of the Analytic rules associated with the incident
Severity string The severity of the incident
SourceSystem string
Status string The status of the incident
TenantId string
TimeGenerated datetime Timestamp (UTC) of when the incident was ingested
Title string The title of the incident
Type string The name of the table