SOLVED

Data source and table mapping

%3CLINGO-SUB%20id%3D%22lingo-sub-1132549%22%20slang%3D%22en-US%22%3EData%20source%20and%20table%20mapping%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1132549%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20list%20(official%20or%20crowdsources)%20between%20Azure%20Sentinel%20official%20data%20sources%20and%20schemas%20and%20tables%3F%20For%20example%2C%20%22Windows%20Security%20Events%22%20-%26gt%3B%20SecurityEvent%2C%20Azure%20Security%20Centre%20-%26gt%3B%20SecurityAlert%20(unless%20it%20is%20Azure%20Security%20Centre%20Free%20then%20elsewhere)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1132571%22%20slang%3D%22en-US%22%3ERe%3A%20Data%20source%20and%20table%20mapping%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1132571%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F520442%22%20target%3D%22_blank%22%3E%40truekonrads%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20found%20the%20following%20one%20yesterday%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20814px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F167639i4A9073876CBDF804%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AzureSentinelTablesV1%22%20title%3D%22AzureSentinelTablesV1%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.managedsentinel.com%2Fwp-content%2Fuploads%2F2020%2F01%2FAzure-Sentinel-Tables-v1.1.pdf%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.managedsentinel.com%2Fwp-content%2Fuploads%2F2020%2F01%2FAzure-Sentinel-Tables-v1.1.pdf%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EKind%20Regards%2C%3CBR%20%2F%3EThomas%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1133000%22%20slang%3D%22en-US%22%3ERe%3A%20Data%20source%20and%20table%20mapping%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1133000%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F308071%22%20target%3D%22_blank%22%3E%40thomasdefise%3C%2FA%3E%26nbsp%3BSome%20additional%20descriptions%20for%20some%20of%20those%2C%20too%3A%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmedium.com%2Fwortell%2Fazure-sentinel-tables-explained-d91d8cad6f%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmedium.com%2Fwortell%2Fazure-sentinel-tables-explained-d91d8cad6f%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello,

 

Is there a list (official or crowdsources) between Azure Sentinel official data sources and schemas and tables? For example, "Windows Security Events" -> SecurityEvent, Azure Security Centre -> SecurityAlert (unless it is Azure Security Centre Free then elsewhere)?

 

Thanks!

2 Replies
best response confirmed by truekonrads (Occasional Contributor)
Solution

Hello @truekonrads,

 

I found the following one yesterday

 

AzureSentinelTablesV1

https://www.managedsentinel.com/wp-content/uploads/2020/01/Azure-Sentinel-Tables-v1.1.pdf

Kind Regards,
Thomas

@thomasdefise Some additional descriptions for some of those, too:  https://medium.com/wortell/azure-sentinel-tables-explained-d91d8cad6f