Skip to content

Commit f5e3036

Browse files
yelevinyelevin
committed
Unsovled mysteries 1
1 parent 5001290 commit f5e3036

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

articles/sentinel/automation-rule-reference.md

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,10 @@ The following entities and entity properties can be used as conditions for autom
2121

2222
### [Property descriptions](#tab/descriptions)
2323

24+
This table shows the entity properties supported in the automation rules API. These are the entity properties whose values you can set as conditions for triggering an automation rule.
25+
26+
For the full list of supported properties, which includes incident properties, see [Automation rule property condition supported properties](/rest/api/securityinsights/automation-rules/get) in the [Automation rules API documentation](/rest/api/securityinsights/automation-rules).
27+
2428
| Name (in API) | Type | Description |
2529
|-------------------------------|--------|-------------------------------------------------------------|
2630
| AccountAadTenantId | string | The account Microsoft Entra ID tenant ID |
@@ -71,6 +75,8 @@ The following entities and entity properties can be used as conditions for autom
7175

7276
### [Mapping to entities](#tab/mapping)
7377

78+
This table shows how the supported entity properties in the [Automation rules API](/rest/api/securityinsights/automation-rules) are displayed in the condition drop-down in the automation rules creation wizard. It also shows how those properties map to [entities and their identifiers](entities-reference.md) as defined in Microsoft Sentinel security alerts.
79+
7480
| Name in API | Name in UI drop-down | Entity: Identifier in V3 alert schema |
7581
| --------------------------- | ------------------------------ | ------------------------------------- |
7682
| AccountAadTenantId | Account tenant ID | Account: AadTenantId |
@@ -83,21 +89,21 @@ The following entities and entity properties can be used as conditions for autom
8389
| AccountUPNSuffix | Account UPN suffix | Account: UPNSuffix |
8490
| AzureResourceResourceId | Azure resource ID | AzureResource: ResourceId |
8591
| AzureResourceSubscriptionId | Azure resource subscription ID | AzureResource: SubscriptionId |
86-
| CloudApplicationAppId | Cloud application ID | CloudApplication: AppId ***(SaasId?)*** |
92+
| CloudApplicationAppId | Cloud application ID | CloudApplication: AppId |
8793
| CloudApplicationAppName | Cloud application name | CloudApplication: Name |
8894
| DNSDomainName | DNS domain name | DNS: DomainName |
8995
| FileDirectory | File directory | File: Directory |
9096
| FileName | File name | File: Name |
9197
| FileHashValue | File hash | FileHash: Value |
9298
| HostAzureID | Host Azure ID | Host: AzureID |
9399
| HostName | Host name | Host: HostName |
94-
| HostNetBiosName | ***Host BIOS name!!!*** | Host: NetBiosName |
100+
| HostNetBiosName | Host NetBIOS name | Host: NetBiosName |
95101
| HostNTDomain | Host NT domain | Host: NTDomain |
96102
| HostOSVersion | Host operating system | Host: OSVersion |
97103
| IoTDeviceId | IoT device ID | IoTDevice: DeviceId |
98104
| IoTDeviceName | IoT device name | IoTDevice: DeviceName |
99105
| IoTDeviceType | IoT device type | IoTDevice: DeviceType |
100-
| IoTDeviceVendor | IoT device vendor | IoTDevice: ***Source? Manufacturer?*** |
106+
| IoTDeviceVendor | IoT device vendor | IoTDevice: Manufacturer |
101107
| IoTDeviceModel | IoT device model | IoTDevice: Model |
102108
| IoTDeviceOperatingSystem | IoT device operating system | IoTDevice: OperatingSystem |
103109
| IPAddress | IP address | IP: Address |

0 commit comments

Comments
 (0)