SOLVED

Data source and table mapping

Occasional Contributor

Hello,

 

Is there a list (official or crowdsources) between Azure Sentinel official data sources and schemas and tables? For example, "Windows Security Events" -> SecurityEvent, Azure Security Centre -> SecurityAlert (unless it is Azure Security Centre Free then elsewhere)?

 

Thanks!

2 Replies
best response confirmed by truekonrads (Occasional Contributor)
Solution

Hello @truekonrads,

 

I found the following one yesterday

 

AzureSentinelTablesV1

https://www.managedsentinel.com/wp-content/uploads/2020/01/Azure-Sentinel-Tables-v1.1.pdf

Kind Regards,
Thomas

@thomasdefise Some additional descriptions for some of those, too:  https://medium.com/wortell/azure-sentinel-tables-explained-d91d8cad6f