AACAudit |
AACHttpRequest |
AADDomainServicesAccountLogon |
AADDomainServicesAccountManagement |
AADDomainServicesDirectoryServiceAccess |
AADDomainServicesLogonLogoff |
AADDomainServicesPolicyChange |
AADDomainServicesPrivilegeUse |
AADManagedIdentitySignInLogs |
AADNonInteractiveUserSignInLogs |
AADProvisioningLogs |
AADRiskyUsers |
AADServicePrincipalSignInLogs |
AADUserRiskEvents |
ABAPAuditLog |
ABSBotRequests |
ACSAuthIncomingOperations |
ACSBillingUsage |
ACSChatIncomingOperations |
ACSSMSIncomingOperations |
ADAssessmentRecommendation |
AddonAzureBackupAlerts |
AddonAzureBackupJobs |
AddonAzureBackupPolicy |
AddonAzureBackupProtectedInstance |
AddonAzureBackupStorage |
ADFActivityRun |
ADFAirflowSchedulerLogs |
ADFAirflowTaskLogs |
ADFAirflowWebLogs |
ADFAirflowWorkerLogs |
ADFPipelineRun |
ADFSandboxActivityRun |
ADFSandboxPipelineRun |
ADFSSignInLogs |
ADFSSISIntegrationRuntimeLogs |
ADFSSISPackageEventMessageContext |
ADFSSISPackageEventMessages |
ADFSSISPackageExecutableStatistics |
ADFSSISPackageExecutionComponentPhases |
ADFSSISPackageExecutionDataStatistics |
ADFTriggerRun |
ADPAudit |
ADPDiagnostics |
ADPRequests |
ADReplicationResult |
ADSecurityAssessmentRecommendation |
ADTDigitalTwinsOperation |
ADTModelsOperation |
ADTQueryOperation |
ADXCommand |
ADXJournal |
ADXQuery |
ADXTableDetails |
ADXTableUsageStatistics |
AegDeliveryFailureLogs |
AegPublishFailureLogs |
AirflowDagProcessingLogs |
Alert |
AlertEvidence |
AlertInfo |
AmlComputeClusterEvent |
AmlComputeCpuGpuUtilization |
AmlComputeInstanceEvent |
AmlComputeJobEvent |
AmlDataLabelEvent |
AmlDataSetEvent |
AmlDataStoreEvent |
AmlDeploymentEvent |
AmlEnvironmentEvent |
AmlInferencingEvent |
AmlModelsEvent |
AmlOnlineEndpointConsoleLog |
AmlPipelineEvent |
AmlRunEvent |
AmlRunStatusChangedEvent |
Anomalies |
ApiManagementGatewayLogs |
AppAvailabilityResults |
AppBrowserTimings |
AppCenterError |
AppDependencies |
AppEvents |
AppExceptions |
AppMetrics |
AppPageViews |
AppPerformanceCounters |
AppPlatformIngressLogs |
AppPlatformLogsforSpring |
AppPlatformSystemLogs |
AppRequests |
AppServiceAntivirusScanAuditLogs |
AppServiceAppLogs |
AppServiceAuditLogs |
AppServiceConsoleLogs |
AppServiceEnvironmentPlatformLogs |
AppServiceFileAuditLogs |
AppServiceHTTPLogs |
AppServiceIPSecAuditLogs |
AppServicePlatformLogs |
AppSystemEvents |
AppTraces |
ASimAuditEventLogs |
ASimAuthenticationEventLogs |
ASimDhcpEventLogs |
ASimDnsActivityLogs |
ASimDnsAuditLogs |
ASimFileEventLogs |
ASimNetworkSessionLogs |
ASimProcessEventLogs |
ASimRegistryEventLogs |
ASimUserManagementActivityLogs |
ASimWebSessionLogs |
AuditLogs |
AutoscaleEvaluationsLog |
AutoscaleScaleActionsLog |
AWSCloudTrail |
AWSCloudWatch |
AWSGuardDuty |
AzureAssessmentRecommendation |
AzureDevOpsAuditing |
BehaviorAnalytics |
BlockchainApplicationLog |
BlockchainProxyLog |
CDBCassandraRequests |
CDBControlPlaneRequests |
CDBDataPlaneRequests |
CDBGremlinRequests |
CDBMongoRequests |
CDBPartitionKeyRUConsumption |
CDBPartitionKeyStatistics |
CDBQueryRuntimeStatistics |
CloudAppEvents |
CommonSecurityLog |
ComputerGroup |
ConfigurationChange |
ConfigurationData |
Partial support – some of the data is ingested through internal services that aren't supported. |
ContainerImageInventory |
ContainerInventory |
ContainerLog |
ContainerLogV2 |
ContainerNodeInventory |
ContainerRegistryLoginEvents |
ContainerRegistryRepositoryEvents |
ContainerServiceLog |
CoreAzureBackup |
DatabricksAccounts |
DatabricksClusters |
DatabricksDBFS |
DatabricksFeatureStore |
DatabricksGenie |
DatabricksGlobalInitScripts |
DatabricksInstancePools |
DatabricksJobs |
DatabricksMLflowAcledArtifact |
DatabricksMLflowExperiment |
DatabricksNotebook |
DatabricksRemoteHistoryService |
DatabricksSecrets |
DatabricksSQLPermissions |
DatabricksSSH |
DatabricksWorkspace |
DataverseActivity |
DefenderForSqlAlerts |
DefenderForSqlTelemetry |
DeviceEvents |
DeviceFileCertificateInfo |
DeviceFileEvents |
DeviceImageLoadEvents |
DeviceInfo |
DeviceLogonEvents |
DeviceNetworkEvents |
DeviceNetworkInfo |
DeviceProcessEvents |
DeviceRegistryEvents |
DeviceTvmSecureConfigurationAssessment |
DeviceTvmSecureConfigurationAssessmentKB |
DeviceTvmSoftwareInventory |
DeviceTvmSoftwareVulnerabilities |
DeviceTvmSoftwareVulnerabilitiesKB |
DnsEvents |
DnsInventory |
DummyHydrationFact |
DynamicEventCollection |
Dynamics365Activity |
EmailAttachmentInfo |
EmailEvents |
EmailPostDeliveryEvents |
EmailUrlInfo |
Event |
Partial support . Data arriving from Log Analytics agent (MMA) or Azure Monitor Agent (AMA) is fully supported. Data arriving from Diagnostics Extension is collected through Azure storage. This path isn’t supported. |
ExchangeAssessmentRecommendation |
ExchangeOnlineAssessmentRecommendation |
FailedIngestion |
FunctionAppLogs |
GCPAuditLogs |
GoogleCloudSCC |
HDInsightAmbariClusterAlerts |
HDInsightAmbariSystemMetrics |
HDInsightHadoopAndYarnLogs |
HDInsightHadoopAndYarnMetrics |
HDInsightHBaseLogs |
HDInsightHBaseMetrics |
HDInsightHiveAndLLAPLogs |
HDInsightHiveAndLLAPMetrics |
HDInsightHiveTezAppStats |
HDInsightKafkaLogs |
HDInsightKafkaMetrics |
HDInsightOozieLogs |
HDInsightSecurityLogs |
HDInsightSparkApplicationEvents |
HDInsightSparkBlockManagerEvents |
HDInsightSparkEnvironmentEvents |
HDInsightSparkExecutorEvents |
HDInsightSparkJobEvents |
HDInsightSparkLogs |
HDInsightSparkSQLExecutionEvents |
HDInsightSparkStageEvents |
HDInsightSparkStageTaskAccumulables |
HDInsightSparkTaskEvents |
HealthStateChangeEvent |
HuntingBookmark |
IdentityDirectoryEvents |
IdentityInfo |
IdentityLogonEvents |
IdentityQueryEvents |
InsightsMetrics |
Partial support – some of the data is ingested through internal services that aren't supported. |
IntuneAuditLogs |
IntuneDevices |
IntuneOperationalLogs |
KubeEvents |
KubeHealth |
KubeMonAgentEvents |
KubeNodeInventory |
KubePodInventory |
KubePVInventory |
KubeServices |
LAQueryLogs |
LinuxAuditLog |
McasShadowItReporting |
MCCEventLogs |
MicrosoftAzureBastionAuditLogs |
MicrosoftDataShareReceivedSnapshotLog |
MicrosoftDataShareSentSnapshotLog |
MicrosoftGraphActivityLogs |
MicrosoftHealthcareApisAuditLogs |
MicrosoftPurviewInformationProtection |
NetworkAccessTraffic |
NetworkMonitoring |
NTAIpDetails |
NTANetAnalytics |
NTATopologyDetails |
NWConnectionMonitorPathResult |
NWConnectionMonitorTestResult |
OfficeActivity |
Perf |
PowerAppsActivity |
PowerAutomateActivity |
PowerBIActivity |
PowerBIDatasetsWorkspace |
PowerPlatformAdminActivity |
PowerPlatformConnectorActivity |
PowerPlatformDlpActivity |
ProcessInvestigator |
ProjectActivity |
ProtectionStatus |
PurviewScanStatusLogs |
RomeDetectionEvent |
SCCMAssessmentRecommendation |
SCOMAssessmentRecommendation |
SecureScoreControls |
SecureScores |
SecurityAlert |
SecurityBaseline |
SecurityBaselineSummary |
SecurityDetection |
SecurityEvent |
Partial support – data arriving from Log Analytics agent (MMA) or Azure Monitor Agent (AMA) is fully supported. Data arriving via Diagnostics Extension agent is collected though storage while this path isn’t supported. |
SecurityIncident |
SecurityIoTRawEvent |
SecurityNestedRecommendation |
SecurityRecommendation |
SecurityRegulatoryCompliance |
SentinelHealth |
ServiceMap |
SfBAssessmentRecommendation |
SfBOnlineAssessmentRecommendation |
SharePointOnlineAssessmentRecommendation |
SignalRServiceDiagnosticLogs |
SigninLogs |
SPAssessmentRecommendation |
SQLAssessmentRecommendation |
SqlAtpStatus |
SQLSecurityAuditEvents |
SqlThreatProtectionLoginAudits |
SqlVulnerabilityAssessmentResult |
SqlVulnerabilityAssessmentScanStatus |
StorageBlobLogs |
StorageFileLogs |
StorageInsightsAccountPropertiesDaily |
StorageInsightsDailyMetrics |
StorageInsightsHourlyMetrics |
StorageInsightsMonthlyMetrics |
StorageInsightsWeeklyMetrics |
StorageQueueLogs |
StorageTableLogs |
SucceededIngestion |
SynapseBigDataPoolApplicationsEnded |
SynapseBuiltinSqlPoolRequestsEnded |
SynapseDXFailedIngestion |
SynapseDXSucceededIngestion |
SynapseGatewayApiRequests |
SynapseIntegrationActivityRuns |
SynapseIntegrationPipelineRuns |
SynapseIntegrationTriggerRuns |
SynapseRbacOperations |
SynapseSqlPoolDmsWorkers |
SynapseSqlPoolExecRequests |
SynapseSqlPoolRequestSteps |
SynapseSqlPoolSqlRequests |
SynapseSqlPoolWaits |
Syslog |
Partial support – data arriving from Log Analytics agent (MMA) or Azure Monitor Agent (AMA) is fully supported. Data arriving via Diagnostics Extension agent is collected though storage while this path isn’t supported. |
ThreatIntelligenceIndicator |
TSIIngress |
UCClient |
UCClientReadinessStatus |
UCClientUpdateStatus |
UCDeviceAlert |
UCDOAggregatedStatus |
UCDOStatus |
UCServiceUpdateStatus |
UCUpdateAlert |
Update |
Partial support – some of the data is ingested through internal services that aren't supported. |
UpdateRunProgress |
UpdateSummary |
UrlClickEvents |
Partial support – data arriving from Log Analytics agent (MMA) or Azure Monitor Agent (AMA) is fully supported. Data arriving via Diagnostics Extension agent is collected though storage while this path isn’t supported. |
WaaSDeploymentStatus |
WaaSInsiderStatus |
WaaSUpdateStatus |
Watchlist |
WebPubSubConnectivity |
WebPubSubHttpRequest |
WebPubSubMessaging |
WindowsClientAssessmentRecommendation |
WindowsEvent |
WindowsFirewall |
WindowsServerAssessmentRecommendation |
WireData |
Partial support – some of the data is ingested through internal services that aren't supported. |
WorkloadDiagnosticLogs |
WUDOAggregatedStatus |
WUDOStatus |
WVDAgentHealthStatus |
WVDCheckpoints |
WVDConnectionNetworkData |
WVDConnections |
WVDErrors |
WVDFeeds |
WVDHostRegistrations |
WVDManagement |