You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/entities-reference.md
+9-7Lines changed: 9 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,22 +4,24 @@ description: This article displays the Microsoft Sentinel entity types and their
4
4
author: yelevin
5
5
ms.author: yelevin
6
6
ms.topic: reference
7
-
ms.date: 10/15/2023
7
+
ms.date: 06/09/2024
8
8
---
9
9
10
10
# Microsoft Sentinel entity types reference
11
11
12
-
This document contains two sets of information regarding entities and entity types in Microsoft Sentinel.
13
-
- The [**Entity types and identifiers**](#entity-types-and-identifiers) table shows the different types of entities that can be used in [entity mapping](map-data-fields-to-entities.md) in both [analytics rules](detect-threats-custom.md) and [hunting](hunting.md). The table also shows, for each entity type, the different identifiers that can be used to identify an entity.
14
-
- The [**Entity schema**](#entity-type-schemas) section shows the data structure and schema for entities in general and for each entity type in particular, including some types that are not represented in the entity mapping feature.
12
+
This document contains two sets of information regarding entities and entity types in Microsoft Sentinel and the [Microsoft unified security operations platform](microsoft-sentinel-defender-portal.md).
13
+
- The [**Entity types and identifiers**](#entity-types-and-identifiers) table shows the different types of [entities](entities.md) that can be identified in alerts and incidents, allowing you to [track and investigate them](entity-pages.md). The table also shows, for each entity type, the different identifiers that can be used to identify an entity.
14
+
- The [**Entity schema**](#entity-type-schemas) section shows the data structure and schema for entities in general and for each entity type in particular.
The following table shows the **entity types**currently available for mapping in Microsoft Sentinel, and the **attributes**available as **identifiers** for each entity type. Nearly all of these attributes appear in the **Identifiers** drop-down list in the [entity mapping](map-data-fields-to-entities.md) section of the [analytics rule wizard](detect-threats-custom.md) (see footnotes for exceptions).
20
+
The following table shows the **entity types**that can be recognized by Microsoft Sentinel, and the **attributes**that can be used as **identifiers** for each entity type.
19
21
20
-
You can use up to three identifiers for a single entity mapping. **Strong identifiers** alone are sufficient to uniquely identify an entity, whereas **weak identifiers** can do so only in combination with other identifiers.
22
+
Microsoft Sentinel recognizes entities in alerts and incidents that are created by [entity mapping](map-data-fields-to-entities.md) in [analytics rules](threat-detection.md). It also recognizes entities already identified in alerts ingested from other sources.
21
23
22
-
Learn more about [strong and weak identifiers](entities.md#strong-and-weak-identifiers).
24
+
You can currently use up to three identifiers for a given entity when creating an entity mapping in Microsoft Sentinel. **Strong identifiers** alone are sufficient to uniquely identify an entity, whereas **weak identifiers** can do so only in combination with other identifiers. Learn more about [strong and weak identifiers](entities.md#strong-and-weak-identifiers). Most but not all identifiers in this table can be used when creating entity mappings in Microsoft Sentinel (see footnotes).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments