SecurityEvent
Azure 安全中心 或 Azure Sentinel 从 Windows 计算机收集的安全事件。
表属性
Attribute | 值 |
---|---|
资源类型 | microsoft.securityinsights/securityinsights, microsoft.compute/virtualmachines、 microsoft.conenctedvmwarevsphere/virtualmachines、 microsoft.azurestackhci/virtualmachines、 microsoft.scvmm/virtualmachines、 microsoft.compute/virtualmachinescalesets |
类别 | 安全性 |
解决方案 | Security、SecurityInsights |
基本日志 | 否 |
引入时间转换 | 是 |
示例查询 | 是 |
列
列 | 类型 | 说明 |
---|---|---|
AccessMask | 字符串 | |
帐户 | 字符串 | |
AccountDomain | 字符串 | |
AccountExpires | 字符串 | |
AccountName | 字符串 | |
AccountSessionIdentifier | 字符串 | |
AccountType | 字符串 | |
活动 | 字符串 | |
AdditionalInfo | 字符串 | |
AdditionalInfo2 | 字符串 | |
AllowedToDelegateTo | 字符串 | |
属性 | 字符串 | |
AuditPolicyChanges | 字符串 | |
AuditsDiscarded | int | |
AuthenticationLevel | int | |
AuthenticationPackageName | 字符串 | |
AuthenticationProvider | 字符串 | |
AuthenticationServer | 字符串 | |
AuthenticationService | int | |
AuthenticationType | 字符串 | |
AzureDeploymentID | 字符串 | |
_BilledSize | real | 记录大小(以字节为单位) |
CACertificateHash | 字符串 | |
CalledStationID | 字符串 | |
CallerProcessId | 字符串 | |
CallerProcessName | 字符串 | |
CallingStationID | 字符串 | |
CAPublicKeyHash | 字符串 | |
CategoryId | 字符串 | |
CertificateDatabaseHash | 字符串 | |
通道 | 字符串 | |
ClassId | 字符串 | |
ClassName | 字符串 | |
ClientAddress | 字符串 | |
ClientIPAddress | 字符串 | |
ClientName | 字符串 | |
CommandLine | 字符串 | |
CompatibleIds | 字符串 | |
Computer | string | |
DCDNSName | 字符串 | |
DeviceDescription | 字符串 | |
DeviceId | string | |
DisplayName | 字符串 | |
Disposition | 字符串 | |
DomainBehaviorVersion | 字符串 | |
DomainName | 字符串 | |
DomainPolicyChanged | 字符串 | |
DomainSid | 字符串 | |
EAPType | 字符串 | |
ElevatedToken | 字符串 | |
ErrorCode | int | |
EventData | 字符串 | |
EventID | int | |
EventSourceName | 字符串 | |
ExtendedQuarantineState | 字符串 | |
FailureReason | string | |
FileHash | 字符串 | |
文件路径 | 字符串 | |
FilePathNoUser | 字符串 | |
筛选器 | 字符串 | |
ForceLogoff | 字符串 | |
Fqbn | 字符串 | |
FullyQualifiedSubjectMachineName | 字符串 | |
FullyQualifiedSubjectUserName | 字符串 | |
GroupMembership | 字符串 | |
HandleId | 字符串 | |
HardwareIds | 字符串 | |
HomeDirectory | 字符串 | |
HomePath | 字符串 | |
InterfaceUuid | 字符串 | |
IpAddress | 字符串 | |
IpPort | 字符串 | |
_IsBillable | 字符串 | 指定引入数据是否可计费。 当_IsBillable false 引入时,不会向 Azure 帐户计费 |
KeyLength | int | |
级别 | 字符串 | |
LmPackageName | 字符串 | |
LocationInformation | 字符串 | |
LockoutDuration | 字符串 | |
LockoutObservationWindow | 字符串 | |
LockoutThreshold | 字符串 | |
LoggingResult | 字符串 | |
LogonGuid | 字符串 | |
LogonHours | 字符串 | |
LogonID | 字符串 | |
LogonProcessName | 字符串 | |
LogonType | int | |
LogonTypeName | 字符串 | |
MachineAccountQuota | 字符串 | |
MachineInventory | 字符串 | |
MachineLogon | 字符串 | |
ManagementGroupName | 字符串 | |
MandatoryLabel | 字符串 | |
MaxPasswordAge | 字符串 | |
MemberName | 字符串 | |
MemberSid | 字符串 | |
MinPasswordAge | 字符串 | |
MinPasswordLength | 字符串 | |
MixedDomainMode | 字符串 | |
NASIdentifier | 字符串 | |
NASIPv4Address | 字符串 | |
NASIPv6Address | 字符串 | |
NASPort | 字符串 | |
NASPortType | 字符串 | |
NetworkPolicyName | 字符串 | |
NewDate | 字符串 | |
NewMaxUsers | 字符串 | |
NewProcessId | 字符串 | |
NewProcessName | 字符串 | |
NewRemark | 字符串 | |
NewShareFlags | 字符串 | |
NewTime | 字符串 | |
NewUacValue | 字符串 | |
NewValue | 字符串 | |
NewValueType | 字符串 | |
ObjectName | 字符串 | |
ObjectServer | 字符串 | |
ObjectType | 字符串 | |
ObjectValueName | 字符串 | |
OemInformation | 字符串 | |
OldMaxUsers | 字符串 | |
OldRemark | 字符串 | |
OldShareFlags | 字符串 | |
OldUacValue | 字符串 | |
OldValue | 字符串 | |
OldValueType | 字符串 | |
OperationType | 字符串 | |
PackageName | 字符串 | |
“ParentProcessName” | 字符串 | |
PasswordHistoryLength | 字符串 | |
PasswordLastSet | 字符串 | |
PasswordProperties | 字符串 | |
PreviousDate | 字符串 | |
PreviousTime | 字符串 | |
PrimaryGroupId | 字符串 | |
PrivateKeyUsageCount | 字符串 | |
PrivilegeList | 字符串 | |
进程 | 字符串 | |
ProcessId | 字符串 | |
ProcessName | 字符串 | |
ProfilePath | 字符串 | |
属性 | string | |
ProtocolSequence | 字符串 | |
ProxyPolicyName | 字符串 | |
QuarantineHelpURL | 字符串 | |
QuarantineSessionID | 字符串 | |
QuarantineSessionIdentifier | 字符串 | |
QuarantineState | 字符串 | |
QuarantineSystemHealthResult | 字符串 | |
RelativeTargetName | 字符串 | |
RemoteIpAddress | 字符串 | |
RemotePort | 字符串 | |
请求者 | 字符串 | |
RequestId | 字符串 | |
_ResourceId | 字符串 | 与记录关联的资源的唯一标识符 |
RestrictedAdminMode | 字符串 | |
RowsDeleted | 字符串 | |
SamAccountName | 字符串 | |
ScriptPath | 字符串 | |
SecurityDescriptor | 字符串 | |
ServiceAccount | 字符串 | |
ServiceFileName | 字符串 | |
ServiceName | string | |
ServiceStartType | int | |
ServiceType | 字符串 | |
SessionName | 字符串 | |
ShareLocalPath | 字符串 | |
ShareName | 字符串 | |
SidHistory | 字符串 | |
SourceComputerId | 字符串 | |
SourceSystem | 字符串 | 事件收集依据的代理类型。 例如,OpsManager 对于 Windows 代理,对于直接连接或 Operations Manager,Linux 对于所有 Linux 代理,或者Azure 对于 Azure 诊断 |
状态 | string | |
StorageAccount | 字符串 | |
SubcategoryGuid | 字符串 | |
SubcategoryId | 字符串 | |
使用者 | 字符串 | |
SubjectAccount | 字符串 | |
SubjectDomainName | 字符串 | |
SubjectKeyIdentifier | 字符串 | |
SubjectLogonId | 字符串 | |
SubjectMachineName | 字符串 | |
SubjectMachineSID | 字符串 | |
SubjectUserName | 字符串 | |
SubjectUserSid | 字符串 | |
_SubscriptionId | 字符串 | 与记录关联的订阅的唯一标识符 |
SubStatus | 字符串 | |
TableId | 字符串 | |
TargetAccount | 字符串 | |
TargetDomainName | 字符串 | |
TargetInfo | 字符串 | |
TargetLinkedLogonId | 字符串 | |
TargetLogonGuid | 字符串 | |
TargetLogonId | 字符串 | |
TargetOutboundDomainName | 字符串 | |
TargetOutboundUserName | 字符串 | |
TargetServerName | 字符串 | |
TargetSid | 字符串 | |
TargetUser | 字符串 | |
TargetUserName | 字符串 | |
TargetUserSid | 字符串 | |
任务 | int | |
TemplateContent | 字符串 | |
TemplateDSObjectFQDN | 字符串 | |
TemplateInternalName | 字符串 | |
TemplateOID | 字符串 | |
TemplateSchemaVersion | 字符串 | |
TemplateVersion | 字符串 | |
TimeGenerated | datetime | |
TokenElevationType | 字符串 | |
TransmittedServices | string | |
类型 | 字符串 | 表的名称 |
UserAccountControl | 字符串 | |
UserParameters | 字符串 | |
UserPrincipalName | 字符串 | |
UserWorkstations | 字符串 | |
VendorIds | 字符串 | |
VirtualAccount | 字符串 | |
工作站 | 字符串 | |
WorkstationName | 字符串 |
反馈
https://aka.ms/ContentUserFeedback。
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:提交和查看相关反馈