You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/advanced-hunting-identityinfo-table.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,11 +35,11 @@ Microsoft Sentinel uses a slightly expanded version of this table in Log Analyti
35
35
36
36
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
37
37
38
-
The following schema is the unified `IdentityInfo` schema that streamlines a similar table in Microsoft Sentinel's log analytics and in Microsoft Defender XDR advanced hunting. The complete set of columns below is available for Defender portal users who have onboarded Sentinel and turned on the User and Entity Behavior Analytics (UEBA) service.
38
+
The following schema is the unified `IdentityInfo` schema that streamlines a similar table in Microsoft Sentinel's log analytics and in Microsoft Defender XDR advanced hunting. The complete set of columns is available for Defender portal users who have onboarded Microsoft Sentinel and turned on the User and Entity Behavior Analytics (UEBA) service.
39
39
40
-
Defender portal users who have not onboarded a Sentinel workspace that has the UEBA service turned on cannot view UEBA-specific columns. Read [UEBA-specific columns](#ueba-specific-columns).
40
+
Defender portal users who haven't onboarded a Microsoft Sentinel workspace that has the UEBA service turned on can't view UEBA-specific columns. Read [UEBA-specific columns](#ueba-specific-columns).
41
41
42
-
This advanced hunting table is populated by records from Microsoft Defender for Identity or Microsoft Sentinel and Mirosoft Entra ID. If your organization hasn’t deployed the service in Microsoft Defender XDR, queries that use the table aren’t going to work or return any results. For more information about how to deploy Defender for Identity in Defender XDR, read [Deploy supported services](deploy-supported-services.md).
42
+
This advanced hunting table is populated by records from Microsoft Defender for Identity or Microsoft Sentinel and Microsoft Entra ID. If your organization hasn’t deployed the service in Microsoft Defender XDR, queries that use the table aren’t going to work or return any results. For more information about how to deploy Defender for Identity in Defender XDR, read [Deploy supported services](deploy-supported-services.md).
43
43
44
44
| Column name | Data type | Description |
45
45
|-------------|-----------|-------------|
@@ -76,7 +76,7 @@ This advanced hunting table is populated by records from Microsoft Defender for
76
76
|`OtherMailAddresses`|`dynamic`| Additional email addresses of the user account |
77
77
|`RiskLevel`|`string`| Microsoft Entra ID risk level of the user account; possible values: Low, Medium, High |
78
78
|`RiskLevelDetails`|`string`| Details regarding the Microsoft Entra ID risk level |
79
-
|`State`|`string`| State where the sign-in occured, if available |
79
+
|`State`|`string`| State where the sign-in occurred, if available |
80
80
|`Tags`[*](#mdi-only)|`dynamic`| Tags assigned to the account user by Defender for Identity |
81
81
|`AssignedRoles`[*](#mdi-only)|`dynamic`| For identities from Microsoft Entra-only, the roles assigned to the account user|
82
82
|`PrivilegedEntraPimRoles` (Preview) [**](#mdi)|`dynamic`| A snapshot of privileged role assignment schedules and eligibility schedules for the account as maintained by Microsoft Entra Privileged Identity Management (excluding activated assignments) |
@@ -95,7 +95,7 @@ This advanced hunting table is populated by records from Microsoft Defender for
95
95
<aname="mdi"></a>** Available only for tenants with Microsoft Defender for Identity.
96
96
97
97
## UEBA-specific columns
98
-
If you are using the Microsoft Defender portal but have not onboarded a Microsoft Sentinel workspace with the UEBA service turned on, the following columns are not available in your `IdentityInfo` table:
98
+
If you're using the Microsoft Defender portal but haven't onboarded a Microsoft Sentinel workspace with the UEBA service turned on, the following columns aren't available in your `IdentityInfo` table:
99
99
100
100
-`BlastRadius`
101
101
-`CompanyName`
@@ -110,7 +110,7 @@ If you are using the Microsoft Defender portal but have not onboarded a Microsof
110
110
For more information about UEBA, read [Advanced threat detection with User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel](/azure/sentinel/identify-threats-with-entity-behavior-analytics). For more information about the different data sources in UEBA, read [Microsoft Sentinel UEBA reference](/azure/sentinel/ueba-reference).
0 commit comments