diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 1c357f9e15..fb0d2f287e 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -9,6 +9,16 @@
"source_path": "articles/azure-monitor/reference/supported-logs/logs-index.md",
"redirect_url": "/azure/azure-monitor/reference",
"redirect_document_id": false
+ },
+ {
+ "source_path": "articles/azure-monitor/reference/queries/chsmmanagementauditlogs.md",
+ "redirect_url": "/azure/azure-monitor/reference",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "articles/azure-monitor/reference/queries/chsmserviceoperationauditlogs.md",
+ "redirect_url": "/azure/azure-monitor/reference",
+ "redirect_document_id": false
}
]
}
\ No newline at end of file
diff --git a/articles/azure-monitor/reference/queries-by-table.md b/articles/azure-monitor/reference/queries-by-table.md
index 281f1bee32..e620007ec7 100644
--- a/articles/azure-monitor/reference/queries-by-table.md
+++ b/articles/azure-monitor/reference/queries-by-table.md
@@ -4,7 +4,7 @@ description: Azure Monitor log analytics queries by tables
author: EdB-MSFT
ms.topic: reference
ms.service: azure-monitor
-ms.date: 09/16/2024
+ms.date: 09/24/2024
ms.author: edbaynash
ms.reviewer: lualderm
@@ -1036,19 +1036,6 @@ ms.reviewer: lualderm
- [CCF application errors](./queries/CCFApplicationLogs.md#ccf-application-errors)
-## [CHSMManagementAuditLogs](./queries/CHSMManagementAuditLogs.md)
-
-- [Aggregate operations query](./queries/CHSMManagementAuditLogs.md#aggregate-operations-query)
-- [Failed operations count](./queries/CHSMManagementAuditLogs.md#failed-operations-count)
-- [Operations per user](./queries/CHSMManagementAuditLogs.md#operations-per-user)
-
-## [CHSMServiceOperationAuditLogs](./queries/CHSMServiceOperationAuditLogs.md)
-
-- [Are there any slow requests?](./queries/CHSMServiceOperationAuditLogs.md#are-there-any-slow-requests)
-- [How active has this Cloud HSM been?](./queries/CHSMServiceOperationAuditLogs.md#how-active-has-this-cloud-hsm-been)
-- [Are there any failures?](./queries/CHSMServiceOperationAuditLogs.md#are-there-any-failures)
-- [Who is calling this Cloud HSM?](./queries/CHSMServiceOperationAuditLogs.md#who-is-calling-this-cloud-hsm)
-
## [CIEventsAudit](./queries/CIEventsAudit.md)
- [CIEventsAudit - API response codes line chart](./queries/CIEventsAudit.md#cieventsaudit---api-response-codes-line-chart)
@@ -1386,7 +1373,6 @@ ms.reviewer: lualderm
## [MDCDetectionDNSEvents](./queries/MDCDetectionDNSEvents.md)
- [All DNS events where the domain queried was 'www.google.com' ordered by time](./queries/MDCDetectionDNSEvents.md#all-dns-events-where-the-domain-queried-was-wwwgooglecom-ordered-by-time)
-- [All recent Gating validation events](./queries/MDCDetectionDNSEvents.md#all-recent-gating-validation-events)
## [MDCDetectionFimEvents](./queries/MDCDetectionFimEvents.md)
diff --git a/articles/azure-monitor/reference/queries/chsmmanagementauditlogs.md b/articles/azure-monitor/reference/queries/chsmmanagementauditlogs.md
deleted file mode 100644
index 753ffb70a4..0000000000
--- a/articles/azure-monitor/reference/queries/chsmmanagementauditlogs.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-title: Example log table queries for CHSMManagementAuditLogs
-description: Example queries for CHSMManagementAuditLogs log table
-ms.topic: reference
-ms.service: azure-monitor
-ms.author: edbaynash
-author: EdB-MSFT
-ms.date: 09/16/2024
-
-# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.
-
----
-
-# Queries for the CHSMManagementAuditLogs table
-
-For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).
-
-
-### Aggregate operations query
-
-
-List logs for specific HSM partition operations.
-
-```query
-CHSMManagementAuditLogs
-| where OperationName == "END_MARKER_OPCODE (0xffff)/SPECIAL (0xffff)"
-| where OperationName == "CN_GENERATE_KEY_PAIR (0x19)/CN_MGMT_CMD (0x0)"
-| sort by TimeGenerated desc
-| limit 100
-
-```
-
-
-
-### Failed operations count
-
-
-Count of failed HSM partition operations requests by userId, operationName and opCode.
-
-```query
-CHSMManagementAuditLogs
-| where not(Response contains "FAIL")
-| summarize count() by TimeGenerated, UserId, OperationName, Opcode
-```
-
-
-
-### Operations per user
-
-
-Count of total HSM partition operations performed per user.
-
-```query
-CHSMManagementAuditLogs
-| summarize count() by UserId
-
-```
-
diff --git a/articles/azure-monitor/reference/queries/chsmserviceoperationauditlogs.md b/articles/azure-monitor/reference/queries/chsmserviceoperationauditlogs.md
deleted file mode 100644
index 157e57c20b..0000000000
--- a/articles/azure-monitor/reference/queries/chsmserviceoperationauditlogs.md
+++ /dev/null
@@ -1,68 +0,0 @@
----
-title: Example log table queries for CHSMServiceOperationAuditLogs
-description: Example queries for CHSMServiceOperationAuditLogs log table
-ms.topic: reference
-ms.service: azure-monitor
-ms.author: edbaynash
-author: EdB-MSFT
-ms.date: 09/16/2024
-
-# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.
-
----
-
-# Queries for the CHSMServiceOperationAuditLogs table
-
-For information on using these queries in the Azure portal, see [Log Analytics tutorial](/azure/azure-monitor/logs/log-analytics-tutorial). For the REST API, see [Query](/rest/api/loganalytics/query).
-
-
-### Are there any slow requests?
-
-
-List of Cloud HSM requests taking longer than 1 second.
-
-```query
-let threshold=1000;
-CHSMServiceOperationAuditLogs
-| where DurationMs > threshold
-| summarize count() by OperationName, _ResourceId
-```
-
-
-
-### How active has this Cloud HSM been?
-
-
-Line chart showing trend of Cloud HSM requests volume, per operation over time.
-
-```query
-CHSMServiceOperationAuditLogs
-| summarize count() by bin(TimeGenerated, 1h), OperationName // Aggregate by hour
-| render timechart
-```
-
-
-
-### Are there any failures?
-
-
-Count of failed requests by request type
-
-```query
-CHSMServiceOperationAuditLogs
-| where ResultType == "Failure"
-| summarize count() by ResultSignature, _ResourceId
-```
-
-
-
-### Who is calling this Cloud HSM?
-
-
-List of callers identified by their IP address with their request count.
-
-```query
-CHSMServiceOperationAuditLogs
-| summarize count() by CallerIpAddress
-```
-
diff --git a/articles/azure-monitor/reference/queries/databricksworkspacelogs.md b/articles/azure-monitor/reference/queries/databricksworkspacelogs.md
index 5dda1d73d8..b630ffffc6 100644
--- a/articles/azure-monitor/reference/queries/databricksworkspacelogs.md
+++ b/articles/azure-monitor/reference/queries/databricksworkspacelogs.md
@@ -5,7 +5,7 @@ ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
-ms.date: 09/16/2024
+ms.date: 09/24/2024
# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.
@@ -62,7 +62,8 @@ DatabricksDataMonitoring,
DatabricksIngestion,
DatabricksMarketplaceConsumer,
DatabricksLineageTracking,
-DatabricksFilesystem
+DatabricksFilesystem,
+DatabricksLakeviewConfig,
| distinct Category, Type
```
diff --git a/articles/azure-monitor/reference/queries/mdcdetectiondnsevents.md b/articles/azure-monitor/reference/queries/mdcdetectiondnsevents.md
index 55fe0668ef..ae641064b8 100644
--- a/articles/azure-monitor/reference/queries/mdcdetectiondnsevents.md
+++ b/articles/azure-monitor/reference/queries/mdcdetectiondnsevents.md
@@ -5,7 +5,7 @@ ms.topic: reference
ms.service: azure-monitor
ms.author: edbaynash
author: EdB-MSFT
-ms.date: 09/16/2024
+ms.date: 09/24/2024
# NOTE: This content is automatically generated using API calls to Azure. Any edits made on these files will be overwritten in the next run of the script.
@@ -28,27 +28,3 @@ MDCDetectionDNSEvents
| limit 100
```
-
-
-### All recent Gating validation events
-
-
-Get all Gating validation events published in the last 24 hours.
-
-```query
-source
-| project
- AzureResourceId,
- Region,
- Action,
- RuleProperties,
- AdmissionControlVersions,
- EvaluatedResourceKind,
- EvaluatedResourceName,
- EvaluatedResourceParentKind,
- EvaluatedResourceParentName,
- EvaluatedResourceDetails,
- Namespace,
- TimeGenerated
-```
-
diff --git a/articles/azure-monitor/reference/tables-category.md b/articles/azure-monitor/reference/tables-category.md
index 8dc1ff8247..993693b667 100644
--- a/articles/azure-monitor/reference/tables-category.md
+++ b/articles/azure-monitor/reference/tables-category.md
@@ -6,7 +6,7 @@ ms.service: azure-monitor
ms.subservice: logs
ms.author: edbaynash
author: EdB-MSFT
-ms.date: 09/16/2024
+ms.date: 09/24/2024
---
# Azure Monitor Log Analytics log tables organized by category
@@ -119,8 +119,6 @@ ms.date: 09/16/2024
- [CDBPartitionKeyStatistics](./tables/cdbpartitionkeystatistics.md)
- [CDBQueryRuntimeStatistics](./tables/cdbqueryruntimestatistics.md)
- [CDBTableApiRequests](./tables/cdbtableapirequests.md)
-- [CHSMManagementAuditLogs](./tables/chsmmanagementauditlogs.md)
-- [CHSMServiceOperationAuditLogs](./tables/chsmserviceoperationauditlogs.md)
- [CIEventsAudit](./tables/cieventsaudit.md)
- [CassandraAudit](./tables/cassandraaudit.md)
- [ChaosStudioExperimentEventLogs](./tables/chaosstudioexperimenteventlogs.md)
@@ -169,6 +167,7 @@ ms.date: 09/16/2024
- [AlertHistory](./tables/alerthistory.md)
- [AutoscaleEvaluationsLog](./tables/autoscaleevaluationslog.md)
- [AutoscaleScaleActionsLog](./tables/autoscalescaleactionslog.md)
+- [AzureMetricsV2](./tables/azuremetricsv2.md)
- [ComputerGroup](./tables/computergroup.md)
- [Operation](./tables/operation.md)
- [Usage](./tables/usage.md)
@@ -329,6 +328,7 @@ ms.date: 09/16/2024
- [AzureDiagnostics](./tables/azurediagnostics.md)
- [AzureLoadTestingOperation](./tables/azureloadtestingoperation.md)
- [AzureMetrics](./tables/azuremetrics.md)
+- [AzureMetricsV2](./tables/azuremetricsv2.md)
- [BlockchainApplicationLog](./tables/blockchainapplicationlog.md)
- [BlockchainProxyLog](./tables/blockchainproxylog.md)
- [CCFApplicationLogs](./tables/ccfapplicationlogs.md)
@@ -341,8 +341,6 @@ ms.date: 09/16/2024
- [CDBPartitionKeyStatistics](./tables/cdbpartitionkeystatistics.md)
- [CDBQueryRuntimeStatistics](./tables/cdbqueryruntimestatistics.md)
- [CDBTableApiRequests](./tables/cdbtableapirequests.md)
-- [CHSMManagementAuditLogs](./tables/chsmmanagementauditlogs.md)
-- [CHSMServiceOperationAuditLogs](./tables/chsmserviceoperationauditlogs.md)
- [CIEventsAudit](./tables/cieventsaudit.md)
- [CIEventsOperational](./tables/cieventsoperational.md)
- [ChaosStudioExperimentEventLogs](./tables/chaosstudioexperimenteventlogs.md)
@@ -683,6 +681,16 @@ ms.date: 09/16/2024
- [AADServicePrincipalSignInLogs](./tables/aadserviceprincipalsigninlogs.md)
- [AADUserRiskEvents](./tables/aaduserriskevents.md)
- [ADFSSignInLogs](./tables/adfssigninlogs.md)
+- [ASimAuditEventLogs](./tables/asimauditeventlogs.md)
+- [ASimAuthenticationEventLogs](./tables/asimauthenticationeventlogs.md)
+- [ASimDhcpEventLogs](./tables/asimdhcpeventlogs.md)
+- [ASimDnsActivityLogs](./tables/asimdnsactivitylogs.md)
+- [ASimFileEventLogs](./tables/asimfileeventlogs.md)
+- [ASimNetworkSessionLogs](./tables/asimnetworksessionlogs.md)
+- [ASimProcessEventLogs](./tables/asimprocesseventlogs.md)
+- [ASimRegistryEventLogs](./tables/asimregistryeventlogs.md)
+- [ASimUserManagementActivityLogs](./tables/asimusermanagementactivitylogs.md)
+- [ASimWebSessionLogs](./tables/asimwebsessionlogs.md)
- [AWSCloudTrail](./tables/awscloudtrail.md)
- [AWSCloudWatch](./tables/awscloudwatch.md)
- [AWSGuardDuty](./tables/awsguardduty.md)
@@ -729,6 +737,7 @@ ms.date: 09/16/2024
- [DeviceTvmSoftwareInventory](./tables/devicetvmsoftwareinventory.md)
- [DeviceTvmSoftwareVulnerabilities](./tables/devicetvmsoftwarevulnerabilities.md)
- [DeviceTvmSoftwareVulnerabilitiesKB](./tables/devicetvmsoftwarevulnerabilitieskb.md)
+- [DnsAuditEvents](./tables/dnsauditevents.md)
- [DynamicEventCollection](./tables/dynamiceventcollection.md)
- [EmailAttachmentInfo](./tables/emailattachmentinfo.md)
- [EmailEvents](./tables/emailevents.md)
@@ -768,6 +777,7 @@ ms.date: 09/16/2024
- [ProtectionStatus](./tables/protectionstatus.md)
- [PurviewDataSensitivityLogs](./tables/purviewdatasensitivitylogs.md)
- [RemoteNetworkHealthLogs](./tables/remotenetworkhealthlogs.md)
+- [SecurityAlert](./tables/securityalert.md)
- [SecurityAttackPathData](./tables/securityattackpathdata.md)
- [SecurityBaseline](./tables/securitybaseline.md)
- [SecurityBaselineSummary](./tables/securitybaselinesummary.md)
@@ -780,6 +790,8 @@ ms.date: 09/16/2024
- [SigninLogs](./tables/signinlogs.md)
- [StorageMalwareScanningResults](./tables/storagemalwarescanningresults.md)
- [Syslog](./tables/syslog.md)
+- [ThreatIntelIndicators](./tables/threatintelindicators.md)
+- [ThreatIntelObjects](./tables/threatintelobjects.md)
- [ThreatIntelligenceIndicator](./tables/threatintelligenceindicator.md)
- [Update](./tables/update.md)
- [UrlClickEvents](./tables/urlclickevents.md)
diff --git a/articles/azure-monitor/reference/tables-index.md b/articles/azure-monitor/reference/tables-index.md
index 453ebd951d..7eb425c29b 100644
--- a/articles/azure-monitor/reference/tables-index.md
+++ b/articles/azure-monitor/reference/tables-index.md
@@ -4,7 +4,7 @@ description: Field definitions for Azure Monitor resource log / log analytics ta
author: EdB-MSFT
ms.topic: reference
ms.service: azure-monitor
-ms.date: 09/16/2024
+ms.date: 09/24/2024
ms.author: edbaynash
ms.reviewer: lualderm
@@ -234,8 +234,6 @@ Microsoft.HardwareSecurityModules/cloudHsmClusters
- [AzureActivity](./tables/azureactivity.md)
- [AzureMetrics](./tables/azuremetrics.md)
-- [CHSMManagementAuditLogs](./tables/chsmmanagementauditlogs.md)
-- [CHSMServiceOperationAuditLogs](./tables/chsmserviceoperationauditlogs.md)
### Azure Cosmos DB
@@ -476,6 +474,28 @@ Microsoft.PlayFab/titles
- [PFTitleAuditLogs](./tables/pftitleauditlogs.md)
+### Azure Sentinel
+
+microsoft.securityinsights
+
+- [SecurityAlert](./tables/securityalert.md)
+- [SecurityEvent](./tables/securityevent.md)
+- [DnsAuditEvents](./tables/dnsauditevents.md)
+- [CommonSecurityLog](./tables/commonsecuritylog.md)
+- [ASimWebSessionLogs](./tables/asimwebsessionlogs.md)
+- [PurviewDataSensitivityLogs](./tables/purviewdatasensitivitylogs.md)
+- [ASimDhcpEventLogs](./tables/asimdhcpeventlogs.md)
+- [ASimFileEventLogs](./tables/asimfileeventlogs.md)
+- [ASimUserManagementActivityLogs](./tables/asimusermanagementactivitylogs.md)
+- [ASimRegistryEventLogs](./tables/asimregistryeventlogs.md)
+- [ASimAuditEventLogs](./tables/asimauditeventlogs.md)
+- [ASimAuthenticationEventLogs](./tables/asimauthenticationeventlogs.md)
+- [ASimDnsActivityLogs](./tables/asimdnsactivitylogs.md)
+- [ASimNetworkSessionLogs](./tables/asimnetworksessionlogs.md)
+- [ASimProcessEventLogs](./tables/asimprocesseventlogs.md)
+- [ThreatIntelObjects](./tables/threatintelobjects.md)
+- [ThreatIntelIndicators](./tables/threatintelindicators.md)
+
### Azure Sphere
Microsoft.AzureSphere/catalogs
@@ -1030,6 +1050,7 @@ Microsoft.OperationalInsights/Workspaces
- [LAQueryLogs](./tables/laquerylogs.md)
- [LASummaryLogs](./tables/lasummarylogs.md)
+- [AzureMetricsV2](./tables/azuremetricsv2.md)
### Logic Apps
@@ -1479,6 +1500,13 @@ Microsoft.TimeSeriesInsights/environments
- [AzureMetrics](./tables/azuremetrics.md)
- [TSIIngress](./tables/tsiingress.md)
+### Toolchain orchestrator
+
+Microsoft.ToolchainOrchestrator/diagnostics
+
+- [AzureActivity](./tables/azureactivity.md)
+- [AzureDiagnostics](./tables/azurediagnostics.md)
+
### Traffic Manager Profiles
Microsoft.Network/trafficmanagerprofiles
diff --git a/articles/azure-monitor/reference/tables/asimauditeventlogs.md b/articles/azure-monitor/reference/tables/asimauditeventlogs.md
new file mode 100644
index 0000000000..c466db3cfa
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/asimauditeventlogs.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ASimAuditEventLogs
+description: Reference for ASimAuditEventLogs table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ASimAuditEventLogs
+
+Microsoft Sentinel normalized audit events table. Stores events associated with the audit trail of information systems and audit trail logs system configuration activities and policy changes. Such changes are often performed by system administrators, but can also be performed by users when configuring the settings of their own applications.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/auditeventnormalized|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [asimauditeventlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asimauditeventlogs-include.md)]
diff --git a/articles/azure-monitor/reference/tables/asimauthenticationeventlogs.md b/articles/azure-monitor/reference/tables/asimauthenticationeventlogs.md
new file mode 100644
index 0000000000..e42506795d
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/asimauthenticationeventlogs.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ASimAuthenticationEventLogs
+description: Reference for ASimAuthenticationEventLogs table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ASimAuthenticationEventLogs
+
+Microsoft Sentinel normalized authentication events table. Stores events associated, for example, with the user authentication, sign-in, and sign-out.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/authenticationevent|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [asimauthenticationeventlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asimauthenticationeventlogs-include.md)]
diff --git a/articles/azure-monitor/reference/tables/asimdhcpeventlogs.md b/articles/azure-monitor/reference/tables/asimdhcpeventlogs.md
new file mode 100644
index 0000000000..71fbf0be15
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/asimdhcpeventlogs.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ASimDhcpEventLogs
+description: Reference for ASimDhcpEventLogs table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ASimDhcpEventLogs
+
+The ASIM DHCP schema represents DHCP server activity, including serving requests for DHCP IP address leased from client systems and updating a DNS server with the leases granted.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/asimtables|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [asimdhcpeventlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asimdhcpeventlogs-include.md)]
diff --git a/articles/azure-monitor/reference/tables/asimdnsactivitylogs.md b/articles/azure-monitor/reference/tables/asimdnsactivitylogs.md
new file mode 100644
index 0000000000..875333c42e
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/asimdnsactivitylogs.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ASimDnsActivityLogs
+description: Reference for ASimDnsActivityLogs table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ASimDnsActivityLogs
+
+The ASim DNS activity schema represents DNS protocol activity, which may be logged either by a DNS server or by a device sending DNS requests to a DNS server. The DNS protocol activity includes DNS queries, DNS server updates, and DNS bulk data transfers. Since the schema represents protocol activity, it is governed by RFCs and officially assigned parameter lists. The DNS activity schema does not represent DNS server audit events.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/dnsnormalized|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/asimdnsactivitylogs)|
+
+
+
+## Columns
+
+[!INCLUDE [asimdnsactivitylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asimdnsactivitylogs-include.md)]
diff --git a/articles/azure-monitor/reference/tables/asimfileeventlogs.md b/articles/azure-monitor/reference/tables/asimfileeventlogs.md
new file mode 100644
index 0000000000..5f216b0bee
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/asimfileeventlogs.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ASimFileEventLogs
+description: Reference for ASimFileEventLogs table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ASimFileEventLogs
+
+The Advanced Security Information Model (ASIM) File Event normalization schema describes file activity such as creating, modifying, or deleting files or documents.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/asimtables|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [asimfileeventlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asimfileeventlogs-include.md)]
diff --git a/articles/azure-monitor/reference/tables/asimnetworksessionlogs.md b/articles/azure-monitor/reference/tables/asimnetworksessionlogs.md
new file mode 100644
index 0000000000..0fc4047506
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/asimnetworksessionlogs.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ASimNetworkSessionLogs
+description: Reference for ASimNetworkSessionLogs table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ASimNetworkSessionLogs
+
+The Microsoft Sentinel network session normalization schema represents an IP network activity, such as network connections and network sessions. Such events are reported, for example, by operating systems, routers, firewalls, and intrusion prevention systems.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/networksessionnormalized|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [asimnetworksessionlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asimnetworksessionlogs-include.md)]
diff --git a/articles/azure-monitor/reference/tables/asimprocesseventlogs.md b/articles/azure-monitor/reference/tables/asimprocesseventlogs.md
new file mode 100644
index 0000000000..ffc2416230
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/asimprocesseventlogs.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ASimProcessEventLogs
+description: Reference for ASimProcessEventLogs table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ASimProcessEventLogs
+
+The Microsoft Sentinel process events normalized table stores events using the Process Event ASIM normalized schema associated with creation or termination of a process. Such events are reported by operating systems and security systems, such as EDR (End Point Detection and Response) systems.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/processeventnormalized|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [asimprocesseventlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asimprocesseventlogs-include.md)]
diff --git a/articles/azure-monitor/reference/tables/asimregistryeventlogs.md b/articles/azure-monitor/reference/tables/asimregistryeventlogs.md
new file mode 100644
index 0000000000..e2fac7355c
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/asimregistryeventlogs.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ASimRegistryEventLogs
+description: Reference for ASimRegistryEventLogs table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ASimRegistryEventLogs
+
+The ASim Registry Event schema represents Windows activity of creating, modifying, or deleting Windows Registry entities. Registry events are specific to Windows systems, but are reported by different systems that monitor Windows, such as EDR (End Point Detection and Response) systems, Sysmon, or Windows itself.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/asimtables|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [asimregistryeventlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asimregistryeventlogs-include.md)]
diff --git a/articles/azure-monitor/reference/tables/asimusermanagementactivitylogs.md b/articles/azure-monitor/reference/tables/asimusermanagementactivitylogs.md
new file mode 100644
index 0000000000..936841e1b9
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/asimusermanagementactivitylogs.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ASimUserManagementActivityLogs
+description: Reference for ASimUserManagementActivityLogs table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ASimUserManagementActivityLogs
+
+The ASim User Management schema represents user management activities, such as creating a user or a group, changing user attribute, or adding a user to a group. Such events are reported, for example, by operating systems, directory services, identity management systems, and any other system reporting on its local user management activity.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/asimtables|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [asimusermanagementactivitylogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asimusermanagementactivitylogs-include.md)]
diff --git a/articles/azure-monitor/reference/tables/asimwebsessionlogs.md b/articles/azure-monitor/reference/tables/asimwebsessionlogs.md
new file mode 100644
index 0000000000..e5d896e4b3
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/asimwebsessionlogs.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ASimWebSessionLogs
+description: Reference for ASimWebSessionLogs table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ASimWebSessionLogs
+
+The Advanced Security Information Model (ASIM) Web Session normalization schema - describe an IP network activity. For example, IP network activities are reported by web servers, web proxies, and web security gateways.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/websessionlogs|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [asimwebsessionlogs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/asimwebsessionlogs-include.md)]
diff --git a/articles/azure-monitor/reference/tables/azureactivity.md b/articles/azure-monitor/reference/tables/azureactivity.md
index b3b325d1bc..72b03f8e9c 100644
--- a/articles/azure-monitor/reference/tables/azureactivity.md
+++ b/articles/azure-monitor/reference/tables/azureactivity.md
@@ -6,7 +6,7 @@ ms.service: azure-monitor
ms.subservice: logs
ms.author: orens
author: osalzberg
-ms.date: 09/16/2024
+ms.date: 09/24/2024
---
# AzureActivity
@@ -18,7 +18,7 @@ Entries from the Azure Activity log that provides insight into any subscription-
|Attribute|Value|
|---|---|
-|**Resource types**|microsoft.aad/domainservices,
microsoft.apimanagement/service,
microsoft.appconfiguration/configurationstores,
microsoft.network/applicationgateways,
microsoft.servicenetworking/trafficcontrollers,
microsoft.web/sites,
microsoft.autonomousdevelopmentplatform/workspaces,
microsoft.kubernetes/connectedclusters,
microsoft.attestation/attestationproviders,
microsoft.cache/redis,
microsoft.cdn/profiles,
microsoft.hardwaresecuritymodules/cloudhsmclusters,
microsoft.communication/communicationservices,
microsoft.documentdb/databaseaccounts,
microsoft.datacollaboration/workspaces,
microsoft.digitaltwins/digitaltwinsinstances,
microsoft.network/dnsresolverpolicies,
microsoft.eventgrid/namespaces,
microsoft.eventgrid/topics,
microsoft.eventhub/namespaces,
microsoft.network/azurefirewalls,
microsoft.dashboard/grafana,
microsoft.keyvault/vaults,
microsoft.containerservice/managedclusters,
microsoft.loadtestservice/loadtests,
microsoft.managednetworkfabric/networkdevices,
microsoft.documentdb/cassandraclusters,
microsoft.network/loadbalancers,
microsoft.networkcloud/baremetalmachines,
microsoft.networkcloud/clustermanagers,
microsoft.networkcloud/clusters,
microsoft.networkcloud/storageappliances,
microsoft.purview/accounts,
microsoft.recoveryservices/vaults,
microsoft.relay/namespaces,
microsoft.servicebus/namespaces,
microsoft.networkfunction/azuretrafficcollectors,
microsoft.network/networkmanagers,
microsoft.botservice/botservices,
microsoft.chaos/experiments,
microsoft.cognitiveservices/accounts,
microsoft.connectedcache/cachenodes,
microsoft.connectedvehicle/platformaccounts,
microsoft.network/networkwatchers/connectionmonitors,
microsoft.app/managedenvironments,
microsoft.d365customerinsights/instances,
microsoft.databricks/workspaces,
microsoft.dbformysql/flexibleservers,
microsoft.dbforpostgresql/flexibleservers,
microsoft.dbforpostgresql/servergroupsv2,
microsoft.devcenter/devcenters,
microsoft.experimentation/experimentworkspaces,
microsoft.hdinsight/clusters,
microsoft.compute/virtualmachines,
microsoft.logic/integrationaccounts,
microsoft.machinelearningservices/workspaces,
microsoft.machinelearningservices/registries,
microsoft.media/mediaservices,
microsoft.azureplaywrightservice/accounts,
microsoft.graph/tenants,
microsoft.networkanalytics/dataproducts,
microsoft.storage/storageaccounts,
microsoft.storagecache/amlfilesytems,
microsoft.storagemover/storagemovers,
microsoft.synapse/workspaces,
microsoft.desktopvirtualization/hostpools,
default,
subscription,
resourcegroup,
microsoft.signalrservice/webpubsub,
microsoft.insights/components,
microsoft.desktopvirtualization/applicationgroups,
microsoft.desktopvirtualization/workspaces,
microsoft.timeseriesinsights/environments,
microsoft.workloadmonitor/monitors,
microsoft.analysisservices/servers,
microsoft.batch/batchaccounts,
microsoft.appplatform/spring,
microsoft.signalrservice/signalr,
microsoft.containerregistry/registries,
microsoft.kusto/clusters,
microsoft.blockchain/blockchainmembers,
microsoft.eventgrid/domains,
microsoft.eventgrid/partnernamespaces,
microsoft.eventgrid/partnertopics,
microsoft.eventgrid/systemtopics,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.hybridcontainerservice/provisionedclusters,
microsoft.insights/autoscalesettings,
microsoft.devices/iothubs,
microsoft.servicefabric/clusters,
microsoft.logic/workflows,
microsoft.automation/automationaccounts,
microsoft.datafactory/factories,
microsoft.datalakestore/accounts,
microsoft.datalakeanalytics/accounts,
microsoft.powerbidedicated/capacities,
microsoft.datashare/accounts,
microsoft.sql/managedinstances,
microsoft.sql/servers,
microsoft.sql/servers/databases,
microsoft.dbformysql/servers,
microsoft.dbforpostgresql/servers,
microsoft.dbforpostgresql/serversv2,
microsoft.dbformariadb/servers,
microsoft.devices/provisioningservices,
microsoft.network/expressroutecircuits,
microsoft.network/frontdoors,
microsoft.network/networkinterfaces,
microsoft.network/networksecuritygroups,
microsoft.network/publicipaddresses,
microsoft.network/trafficmanagerprofiles,
microsoft.network/virtualnetworkgateways,
microsoft.network/vpngateways,
microsoft.network/virtualnetworks,
microsoft.search/searchservices,
microsoft.streamanalytics/streamingjobs,
microsoft.network/bastionhosts,
microsoft.healthcareapis/services|
+|**Resource types**|microsoft.aad/domainservices,
microsoft.apimanagement/service,
microsoft.appconfiguration/configurationstores,
microsoft.network/applicationgateways,
microsoft.servicenetworking/trafficcontrollers,
microsoft.web/sites,
microsoft.autonomousdevelopmentplatform/workspaces,
microsoft.kubernetes/connectedclusters,
microsoft.toolchainorchestrator/diagnostics,
microsoft.attestation/attestationproviders,
microsoft.cache/redis,
microsoft.cdn/profiles,
microsoft.hardwaresecuritymodules/cloudhsmclusters,
microsoft.communication/communicationservices,
microsoft.documentdb/databaseaccounts,
microsoft.datacollaboration/workspaces,
microsoft.digitaltwins/digitaltwinsinstances,
microsoft.network/dnsresolverpolicies,
microsoft.eventgrid/namespaces,
microsoft.eventgrid/topics,
microsoft.eventhub/namespaces,
microsoft.network/azurefirewalls,
microsoft.dashboard/grafana,
microsoft.keyvault/vaults,
microsoft.containerservice/managedclusters,
microsoft.loadtestservice/loadtests,
microsoft.managednetworkfabric/networkdevices,
microsoft.documentdb/cassandraclusters,
microsoft.network/loadbalancers,
microsoft.networkcloud/baremetalmachines,
microsoft.networkcloud/clustermanagers,
microsoft.networkcloud/clusters,
microsoft.networkcloud/storageappliances,
microsoft.purview/accounts,
microsoft.recoveryservices/vaults,
microsoft.relay/namespaces,
microsoft.servicebus/namespaces,
microsoft.networkfunction/azuretrafficcollectors,
microsoft.network/networkmanagers,
microsoft.botservice/botservices,
microsoft.chaos/experiments,
microsoft.cognitiveservices/accounts,
microsoft.connectedcache/cachenodes,
microsoft.connectedvehicle/platformaccounts,
microsoft.network/networkwatchers/connectionmonitors,
microsoft.app/managedenvironments,
microsoft.d365customerinsights/instances,
microsoft.databricks/workspaces,
microsoft.dbformysql/flexibleservers,
microsoft.dbforpostgresql/flexibleservers,
microsoft.dbforpostgresql/servergroupsv2,
microsoft.devcenter/devcenters,
microsoft.experimentation/experimentworkspaces,
microsoft.hdinsight/clusters,
microsoft.compute/virtualmachines,
microsoft.logic/integrationaccounts,
microsoft.machinelearningservices/workspaces,
microsoft.machinelearningservices/registries,
microsoft.media/mediaservices,
microsoft.azureplaywrightservice/accounts,
microsoft.graph/tenants,
microsoft.networkanalytics/dataproducts,
microsoft.storage/storageaccounts,
microsoft.storagecache/amlfilesytems,
microsoft.storagemover/storagemovers,
microsoft.synapse/workspaces,
microsoft.desktopvirtualization/hostpools,
default,
subscription,
resourcegroup,
microsoft.signalrservice/webpubsub,
microsoft.insights/components,
microsoft.desktopvirtualization/applicationgroups,
microsoft.desktopvirtualization/workspaces,
microsoft.timeseriesinsights/environments,
microsoft.workloadmonitor/monitors,
microsoft.analysisservices/servers,
microsoft.batch/batchaccounts,
microsoft.appplatform/spring,
microsoft.signalrservice/signalr,
microsoft.containerregistry/registries,
microsoft.kusto/clusters,
microsoft.blockchain/blockchainmembers,
microsoft.eventgrid/domains,
microsoft.eventgrid/partnernamespaces,
microsoft.eventgrid/partnertopics,
microsoft.eventgrid/systemtopics,
microsoft.conenctedvmwarevsphere/virtualmachines,
microsoft.azurestackhci/virtualmachines,
microsoft.scvmm/virtualmachines,
microsoft.compute/virtualmachinescalesets,
microsoft.hybridcontainerservice/provisionedclusters,
microsoft.insights/autoscalesettings,
microsoft.devices/iothubs,
microsoft.servicefabric/clusters,
microsoft.logic/workflows,
microsoft.automation/automationaccounts,
microsoft.datafactory/factories,
microsoft.datalakestore/accounts,
microsoft.datalakeanalytics/accounts,
microsoft.powerbidedicated/capacities,
microsoft.datashare/accounts,
microsoft.sql/managedinstances,
microsoft.sql/servers,
microsoft.sql/servers/databases,
microsoft.dbformysql/servers,
microsoft.dbforpostgresql/servers,
microsoft.dbforpostgresql/serversv2,
microsoft.dbformariadb/servers,
microsoft.devices/provisioningservices,
microsoft.network/expressroutecircuits,
microsoft.network/frontdoors,
microsoft.network/networkinterfaces,
microsoft.network/networksecuritygroups,
microsoft.network/publicipaddresses,
microsoft.network/trafficmanagerprofiles,
microsoft.network/virtualnetworkgateways,
microsoft.network/vpngateways,
microsoft.network/virtualnetworks,
microsoft.search/searchservices,
microsoft.streamanalytics/streamingjobs,
microsoft.network/bastionhosts,
microsoft.healthcareapis/services|
|**Categories**|Azure Resources, Audit, Security|
|**Solutions**| LogManagement|
|**Basic log**|No|
diff --git a/articles/azure-monitor/reference/tables/azuremetricsv2.md b/articles/azure-monitor/reference/tables/azuremetricsv2.md
new file mode 100644
index 0000000000..9792eeb79d
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/azuremetricsv2.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - AzureMetricsV2
+description: Reference for AzureMetricsV2 table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# AzureMetricsV2
+
+Azure native platform metrics that can help to measure health and performance. AzureMetricsV2 includes metric categories and dimensions, improving upon legacy AzureMetrics table.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.operationalinsights/workspaces|
+|**Categories**|Azure Resources, Azure Monitor|
+|**Solutions**| LogManagement|
+|**Basic log**|Yes|
+|**Ingestion-time transformation**|No|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [azuremetricsv2](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/azuremetricsv2-include.md)]
diff --git a/articles/azure-monitor/reference/tables/chsmmanagementauditlogs.md b/articles/azure-monitor/reference/tables/chsmmanagementauditlogs.md
index a4694c5311..c3de8c942d 100644
--- a/articles/azure-monitor/reference/tables/chsmmanagementauditlogs.md
+++ b/articles/azure-monitor/reference/tables/chsmmanagementauditlogs.md
@@ -6,7 +6,7 @@ ms.service: azure-monitor
ms.subservice: logs
ms.author: orens
author: osalzberg
-ms.date: 09/16/2024
+ms.date: 09/24/2024
---
# CHSMManagementAuditLogs
@@ -18,12 +18,12 @@ This table contains audit logs retrieved from your Azure CloudHsm resource's HSM
|Attribute|Value|
|---|---|
-|**Resource types**|microsoft.hardwaresecuritymodules/cloudhsmclusters|
-|**Categories**|Azure Resources, Audit|
+|**Resource types**|-|
+|**Categories**|-|
|**Solutions**| LogManagement|
|**Basic log**|Yes|
|**Ingestion-time transformation**|No|
-|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/chsmmanagementauditlogs)|
+|**Sample Queries**|-|
diff --git a/articles/azure-monitor/reference/tables/chsmserviceoperationauditlogs.md b/articles/azure-monitor/reference/tables/chsmserviceoperationauditlogs.md
index 38c3c60e4d..c3dcff80d2 100644
--- a/articles/azure-monitor/reference/tables/chsmserviceoperationauditlogs.md
+++ b/articles/azure-monitor/reference/tables/chsmserviceoperationauditlogs.md
@@ -6,7 +6,7 @@ ms.service: azure-monitor
ms.subservice: logs
ms.author: orens
author: osalzberg
-ms.date: 09/16/2024
+ms.date: 09/24/2024
---
# CHSMServiceOperationAuditLogs
@@ -18,12 +18,12 @@ This table contains HSM Commands send to your Azure Cloud HSM resource's HSM par
|Attribute|Value|
|---|---|
-|**Resource types**|microsoft.hardwaresecuritymodules/cloudhsmclusters|
-|**Categories**|Azure Resources, Audit|
+|**Resource types**|-|
+|**Categories**|-|
|**Solutions**| LogManagement|
|**Basic log**|Yes|
|**Ingestion-time transformation**|No|
-|**Sample Queries**|[Yes](/azure/azure-monitor/reference/queries/chsmserviceoperationauditlogs)|
+|**Sample Queries**|-|
diff --git a/articles/azure-monitor/reference/tables/dnsauditevents.md b/articles/azure-monitor/reference/tables/dnsauditevents.md
new file mode 100644
index 0000000000..57e46ae217
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/dnsauditevents.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - DnsAuditEvents
+description: Reference for DnsAuditEvents table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# DnsAuditEvents
+
+DNS server audit events enable change tracking on the DNS server. An audit event is logged each time server, zone, or resource record settings are changed. This includes operational events such as zone transfers, and DNSSEC zone signing and unsigning. This table captures audit events that are not from dynamic updates.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/securityinsights|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|No|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [dnsauditevents](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/dnsauditevents-include.md)]
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_asimtables.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_asimtables.md
new file mode 100644
index 0000000000..2020edf7ee
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_asimtables.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/asimtables
+description: Azure Monitor tables for resource type microsoft.securityinsights/asimtables
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/asimtables
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_asimtables-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_auditeventnormalized.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_auditeventnormalized.md
new file mode 100644
index 0000000000..aee60fda2b
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_auditeventnormalized.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/auditeventnormalized
+description: Azure Monitor tables for resource type microsoft.securityinsights/auditeventnormalized
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/auditeventnormalized
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_auditeventnormalized-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_authenticationevent.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_authenticationevent.md
new file mode 100644
index 0000000000..d7ecefbc4e
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_authenticationevent.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/authenticationevent
+description: Azure Monitor tables for resource type microsoft.securityinsights/authenticationevent
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/authenticationevent
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_authenticationevent-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_cef.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_cef.md
new file mode 100644
index 0000000000..a93ca2cff6
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_cef.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/cef
+description: Azure Monitor tables for resource type microsoft.securityinsights/cef
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/cef
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_cef-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_dnsnormalized.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_dnsnormalized.md
new file mode 100644
index 0000000000..69b03f406a
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_dnsnormalized.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/dnsnormalized
+description: Azure Monitor tables for resource type microsoft.securityinsights/dnsnormalized
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/dnsnormalized
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_dnsnormalized-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_networksessionnormalized.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_networksessionnormalized.md
new file mode 100644
index 0000000000..9455721550
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_networksessionnormalized.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/networksessionnormalized
+description: Azure Monitor tables for resource type microsoft.securityinsights/networksessionnormalized
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/networksessionnormalized
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_networksessionnormalized-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_processeventnormalized.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_processeventnormalized.md
new file mode 100644
index 0000000000..fba59f0bef
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_processeventnormalized.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/processeventnormalized
+description: Azure Monitor tables for resource type microsoft.securityinsights/processeventnormalized
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/processeventnormalized
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_processeventnormalized-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_purview.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_purview.md
new file mode 100644
index 0000000000..ed9d7c04e7
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_purview.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/purview
+description: Azure Monitor tables for resource type microsoft.securityinsights/purview
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/purview
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_purview-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_securityinsights.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_securityinsights.md
new file mode 100644
index 0000000000..72c38eb5d6
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_securityinsights.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/securityinsights
+description: Azure Monitor tables for resource type microsoft.securityinsights/securityinsights
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/securityinsights
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_securityinsights-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_threatintelligence.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_threatintelligence.md
new file mode 100644
index 0000000000..c824544b96
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_threatintelligence.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/threatintelligence
+description: Azure Monitor tables for resource type microsoft.securityinsights/threatintelligence
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/threatintelligence
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_threatintelligence-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-securityinsights_websessionlogs.md b/articles/azure-monitor/reference/tables/microsoft-securityinsights_websessionlogs.md
new file mode 100644
index 0000000000..53abce1600
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-securityinsights_websessionlogs.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.securityinsights/websessionlogs
+description: Azure Monitor tables for resource type microsoft.securityinsights/websessionlogs
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.securityinsights/websessionlogs
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-securityinsights_websessionlogs-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/microsoft-toolchainorchestrator_diagnostics.md b/articles/azure-monitor/reference/tables/microsoft-toolchainorchestrator_diagnostics.md
new file mode 100644
index 0000000000..7d7ca8f3b2
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/microsoft-toolchainorchestrator_diagnostics.md
@@ -0,0 +1,18 @@
+---
+title: Azure Monitor tables for microsoft.toolchainorchestrator/diagnostics
+description: Azure Monitor tables for resource type microsoft.toolchainorchestrator/diagnostics
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: edbaynash
+author: EdB-MSFT
+
+ms.date: 09/24/2024
+
+
+---
+
+# Log Analytics tables for microsoft.toolchainorchestrator/diagnostics
+
+[!INCLUDE [table](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/microsoft-toolchainorchestrator_diagnostics-include.md)]
+
diff --git a/articles/azure-monitor/reference/tables/securityalert.md b/articles/azure-monitor/reference/tables/securityalert.md
new file mode 100644
index 0000000000..0ce86d095f
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/securityalert.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - SecurityAlert
+description: Reference for SecurityAlert table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# SecurityAlert
+
+Alerts that been generated by security products.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/securityinsights|
+|**Categories**|Security|
+|**Solutions**| AzureSecurityOfThings, Security, SecurityCenter, SecurityCenterFree, SecurityInsights|
+|**Basic log**|No|
+|**Ingestion-time transformation**|Yes|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [securityalert](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/securityalert-include.md)]
diff --git a/articles/azure-monitor/reference/tables/threatintelindicators.md b/articles/azure-monitor/reference/tables/threatintelindicators.md
new file mode 100644
index 0000000000..aab09753d2
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/threatintelindicators.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ThreatIntelIndicators
+description: Reference for ThreatIntelIndicators table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ThreatIntelIndicators
+
+Threat Intelligence table that contains STIX indicators.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/threatintelligence|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|Yes|
+|**Ingestion-time transformation**|No|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [threatintelindicators](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/threatintelindicators-include.md)]
diff --git a/articles/azure-monitor/reference/tables/threatintelobjects.md b/articles/azure-monitor/reference/tables/threatintelobjects.md
new file mode 100644
index 0000000000..fcdba5ad96
--- /dev/null
+++ b/articles/azure-monitor/reference/tables/threatintelobjects.md
@@ -0,0 +1,32 @@
+---
+title: Azure Monitor Logs reference - ThreatIntelObjects
+description: Reference for ThreatIntelObjects table in Azure Monitor Logs.
+ms.topic: reference
+ms.service: azure-monitor
+ms.subservice: logs
+ms.author: orens
+author: osalzberg
+ms.date: 09/24/2024
+---
+
+# ThreatIntelObjects
+
+Threat Intelligence Generic STIX Object Table.
+
+
+## Table attributes
+
+|Attribute|Value|
+|---|---|
+|**Resource types**|microsoft.securityinsights/threatintelligence|
+|**Categories**|Security|
+|**Solutions**| SecurityInsights|
+|**Basic log**|Yes|
+|**Ingestion-time transformation**|No|
+|**Sample Queries**|-|
+
+
+
+## Columns
+
+[!INCLUDE [threatintelobjects](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/tables/threatintelobjects-include.md)]
diff --git a/articles/azure-monitor/reference/toc.yml b/articles/azure-monitor/reference/toc.yml
index 72f7ecc348..04843c2a69 100644
--- a/articles/azure-monitor/reference/toc.yml
+++ b/articles/azure-monitor/reference/toc.yml
@@ -1411,6 +1411,28 @@ items:
href: tables/microsoft-security_defenderforstoragesettings.md
- name: microsoft.security/security
href: tables/microsoft-security_security.md
+ - name: microsoft.securityinsights/asimtables
+ href: tables/microsoft-securityinsights_asimtables.md
+ - name: microsoft.securityinsights/auditeventnormalized
+ href: tables/microsoft-securityinsights_auditeventnormalized.md
+ - name: microsoft.securityinsights/authenticationevent
+ href: tables/microsoft-securityinsights_authenticationevent.md
+ - name: microsoft.securityinsights/cef
+ href: tables/microsoft-securityinsights_cef.md
+ - name: microsoft.securityinsights/dnsnormalized
+ href: tables/microsoft-securityinsights_dnsnormalized.md
+ - name: microsoft.securityinsights/networksessionnormalized
+ href: tables/microsoft-securityinsights_networksessionnormalized.md
+ - name: microsoft.securityinsights/processeventnormalized
+ href: tables/microsoft-securityinsights_processeventnormalized.md
+ - name: microsoft.securityinsights/purview
+ href: tables/microsoft-securityinsights_purview.md
+ - name: microsoft.securityinsights/securityinsights
+ href: tables/microsoft-securityinsights_securityinsights.md
+ - name: microsoft.securityinsights/threatintelligence
+ href: tables/microsoft-securityinsights_threatintelligence.md
+ - name: microsoft.securityinsights/websessionlogs
+ href: tables/microsoft-securityinsights_websessionlogs.md
- name: microsoft.servicebus/namespaces
href: tables/microsoft-servicebus_namespaces.md
- name: microsoft.servicefabric/clusters
@@ -1441,6 +1463,8 @@ items:
href: tables/microsoft-synapse_workspaces.md
- name: microsoft.timeseriesinsights/environments
href: tables/microsoft-timeseriesinsights_environments.md
+ - name: microsoft.toolchainorchestrator/diagnostics
+ href: tables/microsoft-toolchainorchestrator_diagnostics.md
- name: microsoft.videoindexer/accounts
href: tables/microsoft-videoindexer_accounts.md
- name: microsoft.web/sites
@@ -1672,6 +1696,26 @@ items:
href: tables/asrjobs.md
- name: ASRReplicatedItems
href: tables/asrreplicateditems.md
+ - name: ASimAuditEventLogs
+ href: tables/asimauditeventlogs.md
+ - name: ASimAuthenticationEventLogs
+ href: tables/asimauthenticationeventlogs.md
+ - name: ASimDhcpEventLogs
+ href: tables/asimdhcpeventlogs.md
+ - name: ASimDnsActivityLogs
+ href: tables/asimdnsactivitylogs.md
+ - name: ASimFileEventLogs
+ href: tables/asimfileeventlogs.md
+ - name: ASimNetworkSessionLogs
+ href: tables/asimnetworksessionlogs.md
+ - name: ASimProcessEventLogs
+ href: tables/asimprocesseventlogs.md
+ - name: ASimRegistryEventLogs
+ href: tables/asimregistryeventlogs.md
+ - name: ASimUserManagementActivityLogs
+ href: tables/asimusermanagementactivitylogs.md
+ - name: ASimWebSessionLogs
+ href: tables/asimwebsessionlogs.md
- name: ATCExpressRouteCircuitIpfix
href: tables/atcexpressroutecircuitipfix.md
- name: ATCPrivatePeeringMetadata
@@ -1926,6 +1970,8 @@ items:
href: tables/azureloadtestingoperation.md
- name: AzureMetrics
href: tables/azuremetrics.md
+ - name: AzureMetricsV2
+ href: tables/azuremetricsv2.md
- name: BehaviorAnalytics
href: tables/behavioranalytics.md
- name: BlockchainApplicationLog
@@ -2172,6 +2218,8 @@ items:
href: tables/devicetvmsoftwarevulnerabilities.md
- name: DeviceTvmSoftwareVulnerabilitiesKB
href: tables/devicetvmsoftwarevulnerabilitieskb.md
+ - name: DnsAuditEvents
+ href: tables/dnsauditevents.md
- name: DnsEvents
href: tables/dnsevents.md
- name: DnsInventory
@@ -2678,6 +2726,10 @@ items:
href: tables/syslog.md
- name: TSIIngress
href: tables/tsiingress.md
+ - name: ThreatIntelIndicators
+ href: tables/threatintelindicators.md
+ - name: ThreatIntelObjects
+ href: tables/threatintelobjects.md
- name: ThreatIntelligenceIndicator
href: tables/threatintelligenceindicator.md
- name: UAApp
@@ -3092,10 +3144,6 @@ items:
href: queries/AzureMetrics.md
- name: CCFApplicationLogs
href: queries/CCFApplicationLogs.md
- - name: CHSMManagementAuditLogs
- href: queries/CHSMManagementAuditLogs.md
- - name: CHSMServiceOperationAuditLogs
- href: queries/CHSMServiceOperationAuditLogs.md
- name: CIEventsAudit
href: queries/CIEventsAudit.md
- name: CIEventsOperational