You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/advanced-hunting-graphapiauditevents-table.md
+8-7Lines changed: 8 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ ms.custom:
18
18
- cx-ti
19
19
- cx-ah
20
20
ms.topic: reference
21
-
ms.date: 03/12/2024
21
+
ms.date: 07/09/2025
22
22
---
23
23
24
24
# GraphApiAuditEvents (Preview)
@@ -38,20 +38,20 @@ For information on other tables in the advanced hunting schema, [see the advance
38
38
|`IdentityProvider`|`string`| Identity provider that authenticated the subject of the token |
39
39
|`ApiVersion`|`string`| The API version of the event |
40
40
|`ApplicationId`|`string`| Unique identifier for the application |
41
+
|`IPAddress`|`string`| The IP address of the client from where the request was made |
41
42
|`ClientRequestId`|`string`| Identifier for the client request sent; if none is available, the operation identifier is used instead |
43
+
|`EntityType `|`string`| Type of object, such as a file, a process, a device, or a user, that made the request |
42
44
|`RequestUri`|`string`| Uniform resource identifier (URI) of the request |
43
-
|`OperationId`|`string`| Identifier for a batch of requests; the same identifier is used for all requests in a batch but if requests are non-batched, the identifier is unique per request |
44
-
|`AccountObjectId`|`string`| Unique identifier for the user making the request |
45
+
|`AccountObjectId`|`string`| Unique identifier for the account making the request ||`OperationId`|`string`| Identifier for a batch of requests; the same identifier is used for all requests in a batch but if requests are non-batched, the identifier is unique per request |
45
46
|`Location`|`string`| Name of the region that served the request |
46
47
|`RequestDuration`|`string`| Duration of the request in milliseconds |
48
+
|`RequestId`|`string`| Unique identifier of the request |
47
49
|`RequestMethod`|`string`| HTTP method of the request |
48
50
|`Timestamp`|`string`| Date and time when the request was recorded |
49
51
|`ResponseStatusCode`|`string`| HTTP response status code for the request |
50
52
|`Scopes`|`string`| Scopes in token claims |
51
-
|`RequesterRoles`|`string`| Denotes the tenant-wide roles assigned to the user making the request|
52
-
|`RequestDetails`|`string`| Contains information about the request, like the IP address of the client from where the request occurred, the URI of the request, the user-agent information related to request, the application display name |
53
-
|`UserAgent`|`string`|User agent information from the web browser or other client application|
54
-
|`EntityType`|`string`| Type of entity that performed the action |
53
+
|`UniqueTokenIdentifier`|`string`| Unique identifier embedded in every access token and ID token that were issued |
54
+
55
55
56
56
## Related articles
57
57
@@ -60,4 +60,5 @@ For information on other tables in the advanced hunting schema, [see the advance
0 commit comments