You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/advanced-hunting-datasecurityevents-table.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -70,7 +70,7 @@ For information on other tables in the advanced hunting schema, [see the advance
70
70
|`IPAddress`|`string`| IP addresses of the clients on which the activity was performed; can contain multiple Ips if related to Microsoft Defender for Cloud Apps alerts|
71
71
|`Timestamp`|`datetime`| Date and time when the event was recorded|
72
72
|`DeviceSourceLocationType`|`int`| Indicates the type of location where the endpoint signals originated from; values can be: 0 (Unknown), 1 (Local), 2 (Remote), 3 (Removable), 4 (Cloud), 5 (File share)|
73
-
|`DeviceDestinationLocationType`|Int| Indicates the type of location where the endpoint signals connected to; values can be: 0 (Unknown), 1 (Local), 2 (Remote), 3 (Removable), 4 (Cloud), 5 (File share)|
73
+
|`DeviceDestinationLocationType`|`int`| Indicates the type of location where the endpoint signals connected to; values can be: 0 (Unknown), 1 (Local), 2 (Remote), 3 (Removable), 4 (Cloud), 5 (File share)|
74
74
|`IrmPolicyMatchInfo`|`dynamic`| Details of Insider Risk Management policy matches for the content involved in the event; in JSON array format |
75
75
|`UnallowedUrlDomains`|`string`| Websites or service URLs involved in this event that are configured as Unallowed in Insider Risk Management global settings|
76
76
|`ExternalUrlDomains`|`string`| Websites or service URLs involved in this event that are classified as External in Insider Risk Management global settings|
0 commit comments