You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|**TenantId**| String | The tenant ID for your Microsoft Sentinel workspace. |
31
-
|**TimeGenerated**| Datetime | The time (UTC) at which the audit event occurred. |
31
+
|**TimeGenerated**| Datetime | The time (UTC) at which the audited activity occurred. |
32
32
| <aname="operationname_audit"></a>**OperationName**| String | The Azure operation being recorded. For example:<br>- `Microsoft.SecurityInsights/alertRules/Write`<br>- `Microsoft.SecurityInsights/alertRules/Delete`|
33
-
| <aname="sentinelresourceid_audit"></a>**SentinelResourceId**| String | The unique identifier of the Microsoft Sentinel workspace and the associated resource on which the audit event occurred. |
33
+
| <aname="sentinelresourceid_audit"></a>**SentinelResourceId**| String | The unique identifier of the Microsoft Sentinel workspace and the associated resource on which the audited activity occurred. |
34
34
|**SentinelResourceName**| String | The resource name. For analytics rules, this is the rule name. |
35
35
| <aname="status_audit"></a>**Status**| String | Indicates `Success` or `Failure` for the [OperationName](#operationname_audit). |
36
36
|**Description**| String | Describes the operation, including extended data as needed. For example, for failures, this column might indicate the failure reason. |
37
-
|**WorkspaceId**| String | The workspace GUID on which the audit issue occurred. The full Azure Resource Identifier is available in the [SentinelResourceID](#sentinelresourceid_audit) column. |
37
+
|**WorkspaceId**| String | The workspace GUID on which the audited activity occurred. The full Azure Resource Identifier is available in the [SentinelResourceID](#sentinelresourceid_audit) column. |
38
38
|**SentinelResourceType**| String | The Microsoft Sentinel resource type being monitored. |
39
39
|**SentinelResourceKind**| String | The specific type of resource being monitored. For example, for analytics rules: `NRT`. |
40
40
|**CorrelationId**| String | The event correlation ID in GUID format. |
@@ -59,15 +59,15 @@ Extended properties for analytics rules reflect certain [rule settings](detect-t
59
59
|**CallerName**| String | The user or application that initiated the action. |
60
60
|**OriginalResourceState**| Dynamic (json) | A JSON bag that describes the rule before the change. |
61
61
|**Reason**| String | The reason why the operation failed. For example: `No permissions`. |
62
-
|**ResourceDiffMemberNames**| Array\[String\]| An array of the properties that changed on the relevant resource. For example: `['custom_details','look_back']`. |
63
-
|**ResourceDisplayName**| String | Name of the analytics rule on which the audit issue occurred. |
64
-
|**ResourceGroupName**| String | Resource group of the workspace on which the audit issue occurred. |
65
-
|**ResourceId**| String | The resource ID of the analytics rule on which the audit issue occurred. |
66
-
|**SubscriptionId**| String | The subscription ID of the workspace on which the audit issue occurred. |
62
+
|**ResourceDiffMemberNames**| Array\[String\]| An array of the properties of the rule that were changed by the audited activity. For example: `['custom_details','look_back']`. |
63
+
|**ResourceDisplayName**| String | Name of the analytics rule on which the audited activity occurred. |
64
+
|**ResourceGroupName**| String | Resource group of the workspace on which the audited activity occurred. |
65
+
|**ResourceId**| String | The resource ID of the analytics rule on which the audited activity occurred. |
66
+
|**SubscriptionId**| String | The subscription ID of the workspace on which the audited activity occurred. |
67
67
|**UpdatedResourceState**| Dynamic (json) | A JSON bag that describes the rule after the change. |
68
68
|**Uri**| String | The full-path resource ID of the analytics rule. |
69
-
|**WorkspaceId**| String | The resource ID of the workspace on which the audit issue occurred. |
70
-
|**WorkspaceName**| String | The name of the workspace on which the audit issue occurred. |
69
+
|**WorkspaceId**| String | The resource ID of the workspace on which the audited activity occurred. |
70
+
|**WorkspaceName**| String | The name of the workspace on which the audited activity occurred. |
0 commit comments