| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| _ResourceId |
A unique identifier for the resource that the record is associated with |
String |
| _SubscriptionId |
A unique identifier for the subscription that the record is associated with |
String |
| AdditionalFields |
The type specifc fields that Sentinel adds. Contains the TLPLevel: white, green, amber, or red. |
Object |
| AzureTenantId |
The tenant that submitted the indicator. |
String |
| Confidence |
The confidence that the creator has in the correctness of their data. The value must be a number in the range of 0-100. |
Int32 |
| Created |
The date when the indicator was created. |
DateTime |
| Data |
All object properties, formatted according to the STIX specification (https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.pdf). |
Object |
| Id |
A value that uniquely identifies the indicator STIX object. This value is usable with Sentinel APIs. |
String |
| IsActive |
A value that specifies if an indicator is active and valid for detections. |
Boolean |
| IsDeleted |
A value that indicates whether the data was deleted from Sentinel or not. |
Boolean |
| LastUpdateMethod |
The component that last updated the indicator. |
String |
| Modified |
The date when the indicator was modified. |
DateTime |
| ObservableKey |
The entire left-hand side of an equality comparison from the pattern. |
String |
| ObservableValue |
The entire right-hand side of an equality comparison from the pattern. |
String |
| Pattern |
The detection pattern for this indicator MAY be expressed as a STIX pattern. |
String |
| Revoked |
A value that specifies whether the indicator was revoked. |
Boolean |
| Source |
The name of the source. |
String |
| SourceSystem |
|
String |
| Tags |
Sentinel defined tags for the indicator. |
String |
| TenantId |
|
String |
| TimeGenerated |
The time of indicator ingestion. |
DateTime |
| Type |
The name of the table |
String |
| ValidFrom |
The time from which this indicator is considered a valid indicator of the behaviors it is related or represents. |
DateTime |
| ValidUntil |
The time at which this indicator should no longer be considered a valid indicator of the bahviors it is related to or represents. |
DateTime |
| WorkspaceId |
The workspace that submitted the indicator. |
String |