Security
Security Overview
This category contains the record any alerts generated by Microsoft Defender for Cloud.
Schema
Element Name | Description |
---|---|
channels | Always “Operation” |
correlationId | A GUID in the string format. |
description | Static text description of the security event. |
eventDataId | Unique identifier of the security event. |
eventName | Friendly name of the security event. |
category | Always "Security" |
ID | Unique resource identifier of the security event. |
level | Severity level of the event. |
resourceGroupName | Name of the resource group for the resource. |
resourceProviderName | Name of the resource provider for Microsoft Defender for Cloud. Always "Microsoft.Security". |
resourceType | The type of resource that generated the security event, such as "Microsoft.Security/locations/alerts" |
resourceId | Resource ID of the security alert. |
operationId | A GUID shared among the events that correspond to a single operation. |
operationName | Name of the operation. |
properties | Set of |
properties.Severity | The severity level. Possible values are "High," "Medium," or "Low." |
status | String describing the status of the operation. Some common values are: Started, In Progress, Succeeded, Failed, Active, Resolved. |
subStatus | Usually null for security events. |
eventTimestamp | Timestamp when the event was generated by the Azure service processing the request corresponding the event. |
submissionTimestamp | Timestamp when the event became available for querying. |
subscriptionId | Azure Subscription ID. |
Last updated