AlertInfo

AlertInfo Schema #

Table description #

TableSection	TableType	TableSectionName	Description
AlertsAndObservations	Regular		Alerts from Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Cloud App Security, and Microsoft Defender for Identity, including severity information and threat categorization

Table retention #

HotDays	ColdDays	TotalInteractiveDays
30	0	30

Schema #

Name	Description	Type
AlertId	Unique identifier for the alert	String
AttackTechniques	MITRE ATT&CK techniques associated with the activity that triggered the alert	String
Category	Type of threat indicator or breach activity identified by the alert	String
DetectionSource	Detection technology or sensor that identified the notable component or activity	String
MachineGroup		String
SentinelWorkspaceIds	The unique identifiers of the Microsoft Sentinel workspace this alert is associated with	String
ServiceSource	Product or service that provided the alert information	String
Severity	Indicates the potential impact (high, medium, or low) of the threat indicator or breach activity identified by the alert	String
SourceSystem		String
TenantId		String
TimeGenerated		DateTime
Timestamp	Date and time when the record was generated	DateTime
Title	Title of the alert	String
Type		String

Schema changes #

Date	Action
2026-01-02	Column SentinelWorkspaceIds added
2024-10-18	Table added to tracking