1
_time
3
AlertId
5
TenantId
7
OperationName
9
Category
11
Timestamp
13
EntityType
15
EvidenceRole
17
SHA1
19
SHA256
21
RemoteIP
23
LocalIP
25
RemoteUrl
27
AccountName
29
AccountDomain
31
AccountSid
33
AccountObjectId
35
DeviceId
37
ThreatFamily
39
EvidenceDirection
41
AdditionalFields
43
MachineGroup
45
NetworkMessageId
47
ServiceSource
49
FileName
51
FolderPath
53
ProcessCommandLine
55
EmailSubject
57
ApplicationId
59
Application
61
DeviceName
63
FileSize
65
RegistryKey
67
RegistryValueName
69
RegistryValueData
71
AccountUpn
73
OAuthApplicationId
75
Categories
77
Title
79
AttackTechniques
81
DetectionSource
83
Severity
85
not set