Bearbeiten

Freigeben über


SecurityAttackPathData

This tables contains attack paths that are being generated by Microsoft Defender for Cloud in order to detect potential breach paths of attackers to your cloud environment.

Table attributes

Attribute Value
Resource types microsoft.security/security
Categories Security
Solutions Security, SecurityCenter, SecurityCenterFree
Basic log Yes
Ingestion-time transformation No
Sample Queries Yes

Columns

Column Type Description
AdditionalRemediationSteps string The manual remediation steps of the attack path.
Assessments dynamic The assessments mapped to the attack path.
AttackPathId string The ID of the attack path.
AttackStory string The attack story.
_BilledSize real The record size in bytes
Description string The description of the attack path.
DisplayName string The display name of the attack path.
EntrypointId string The ID of the attack path enry point.
_IsBillable string Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account
Mitre string MITRE mapping of the path.
Path dynamic The nodes, edges & insights that create the path.
PotentialImpact string The potenrial impact of the attack path.
_ResourceId string A unique identifier for the resource that the record is associated with
RiskFactors dynamic The risk factors of the attack path.
RiskLevel string The risk level of the attack path.
SourceSystem string The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics
_SubscriptionId string A unique identifier for the subscription that the record is associated with
TargetId string The ID of the attack path target.
TenantId string The Log Analytics workspace ID
TimeGenerated datetime The date and time the attack path was exported.
Type string The name of the table