Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Field

Description

TABLE

AzureNetworkSecurityGroupCounters was a value derived from Azure + CATEGORY’s value.

SYSTEM

Depends on PRIMARYIPV4ADDRESS field if Will based its value if the PRIMARYIPV4ADDRESS is not empty, else it will depend on configured use domain value defined in the configuration.

DATE

Based on the extracted date value from CreatedDateTime.

TIME

Based on the extracted time value from CreatedDateTime.

DATETIME

Based on the extracted datetime value from CreatedDateTime and formatted usingRFC3339Nano (2023-03-03T01:59:16.756103200Z00:00) format.

COLLECTIONDATETIME

The datetime value when the log was collected from the API and formatted usingRFC3339Nano (2023-03-03T01:59:16.756103200Z00:00) format.

ADDITIONALFIELDS

Based on AdditionalFields, where this field contains the data is added to a dynamic property bag column.

ACTIONTYPE

Based on type_s, where this field indicates the action done, either allow or deny, as specified in the rule.

CATEGORY

Based on Category, where this field indicates the log category of the event, NetworkSecurityGroupRuleCounter is the fix value for this log type.

DIRECTION

Based on direction_s, where this field indicates the request direction either In or Out, as specified in the rule.

INGESTIONTIME

Based on IngestionTime, where this field indicates the datetime value specifying the approximate time of ingestion into an Azure table.

LOGID

Based on LogId, where this field indicates a unique identifier for the record or log.

MACADDRESS

Based on macAddress_s, where this field indicates the MAC address of the VM associated with the NSG resource.

MATCHEDCONNECTIONS

Based on matchedConnections_d, there’s no available documentation for this field.

OPERATIONNAME

Based on OperationName, where this field indicates the name of the operation that this event represents, NetworkSecurityGroupCounters is the fix value for this log type.

PRIMARYIPV4ADDRESS

Based on primaryIPv4Address_s, where this field indicates the private IP address of the VM associated with the NSG resource.

RESOURCE

Based on Resource, where this field indicates the name of the impacted resource.
If Resource is empty, will use the value from Properties.resource as its value.

RESOURCEGROUP

Based on ResourceGroup, where this field indicates the resource group name of the impacted resource.

RESOURCEID

Based on ResourceId, where this field indicates a unique identifier for the resource that the record or log is associated with.

RESOURCEPROVIDER

Based on ResourceProvider, where this field indicates the Id of the resource provider for the impacted resource, MICROSOFT.NETWORK is the fix value for this log type.

RESOURCETYPE

Based on ResourceType, where this field indicates the type of the impacted resource, NETWORKSECURITYGROUPS is the fix value for all Azure NSG logs.

RULENAME

Based on ruleName_s, where this field indicates the rule name set and configured on the NSG resource.

SOURCESYSTEM

Based on SourceSystem, where this field contains Azure as fix value for all log types under AzureDiagnostics table.

SUBNETPREFIX

Based on subnetPrefix_s, where this field indicates the subnet of the VM associated with the NSG resource.

SUBSCRIPTIONID

Based on SubscriptionId, where this field indicates the subscription ID of the impacted resource.

SYSTEMID

Based on systemId_g, where this field indicates the system ID of the network security group.

TENANTID

Based on TenantId, where this field indicates the Log Analytics workspace ID.

TIMEGENERATED

Based on TimeGenerated, where this field indicates the timestamp when the event was generated by the Azure service processing the request corresponding the event.

TYPE

Based on Type, where this field indicates the name of the table, AzureDiagnostics is the fix value for this log type.

VNETRESOURCEGUID

Based on vnetResourceGuid_g, where this field indicates the virtual network ID of the VM associated with the NSG resource.

WORKSPACEID

A value that was derived from TenantId.

SNAREDATAMAP

All unclassified field(s) parsed from this log type will be pushed into the SNAREDATAMAP in key=value format and separated by newline.

...