Skip to content

Commit 8682cec

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #306503 from mberdugo/DataLakeAssets
Remove MS365 from asset data tables - Ginna
2 parents ceb278f + 8e390e4 commit 8682cec

2 files changed

Lines changed: 1 addition & 24 deletions

File tree

articles/sentinel/datalake/asset-data-tables.md

Lines changed: 0 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -314,23 +314,3 @@ The following table mappings are available in the Microsoft Sentinel data lake f
314314
| _SnapshotTime | TimestampMicros | DateTime | DATETIME2(7) | The timestamp (in microseconds) indicating when the snapshot of the data was taken. Useful for point-in-time analysis. |
315315
| _ReceivedTime | TimestampMicros | DateTime | DATETIME2(7) | The timestamp (in microseconds) when the system received the data. Helps track data ingestion latency. |
316316
| TimeGenerated | TimestampMicros | DateTime | DATETIME2(7) | The timestamp (in microseconds) when the data was originally generated at the source. Important for event sequencing and time-based analytics. |
317-
318-
## Microsoft 365 asset data tables
319-
320-
### SharePointSitesAndLists
321-
322-
| Property | Parquet Type | Kusto Type | SQL Type | Description |
323-
|-----------------------|------------------|-------------|----------------|---------------------------------------------------------------------------------|
324-
| _ReceivedTime | TimestampMicros | DateTime | DATETIME2(7) | The timestamp when the asset data was received into the system |
325-
| _SnapshotTime | TimestampMicros | DateTime | DATETIME2(7) | The timestamp representing when the snapshot of the asset was taken. |
326-
| FileType | Utf8 | String | NVARCHAR(MAX) | The type or format of the file associated with the asset |
327-
| ItemUniqueId | Utf8 | String | NVARCHAR(MAX) | Offshoot of the "ID" column from the original schema to handle ID differences. |
328-
| LastModifiedById | Utf8 | String | NVARCHAR(MAX) | Offshoot of "LastModifiedBy" from original schema; simplified to ID only. |
329-
| LastModifiedDateTime | TimestampMicros | DateTime | DATETIME2(7) | The timestamp when the asset was last modified. |
330-
| Name | Utf8 | String | NVARCHAR(MAX) | The name of the asset or item. |
331-
| ObjectType | Utf8 | String | NVARCHAR(MAX) | The type of object represented by the asset (for example, file, folder, site). |
332-
| SensitivityLabelId | Utf8 | String | NVARCHAR(MAX) | Offshoot of "SensitivityLabel" from original schema; simplified to ID. |
333-
| TenantId | Utf8 | String | NVARCHAR(MAX) | The unique identifier of the tenant to which the asset belongs. |
334-
| TimeGenerated | TimestampMicros | DateTime | DATETIME2(7) | The timestamp when the asset data was generated or logged |
335-
| WebUrl | Utf8 | String | NVARCHAR(MAX) | The web URL points to the location of the asset. |
336-
| ReceivedTimeWindow | TimestampMicros | DateTime | DATETIME2(7) | The time window during which data was received. |

articles/sentinel/datalake/enable-data-connectors.md

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ ms.collection: ms-security
1414
#Customer intent: As a Microsoft Sentinel user, I want to enable and manage data connectors in the Microsoft Sentinel data lake so that I can ingest and analyze security-related data from various sources.
1515
---
1616

17-
# Enable asset data ingestion in the Microsoft Sentinel data lake (preview)
17+
# Enable asset data ingestion in the Microsoft Sentinel data lake
1818

1919
Asset data refers to structured information about digital or physical entities, such as devices, services, applications, or infrastructure components, that are relevant to an organization’s operations, security, or analytics. This article explains how to enable and manage asset data in Microsoft Sentinel's data lake.
2020

@@ -53,9 +53,6 @@ The following table describes the various asset data sources and their data conn
5353
|-------------|--------|------------|------------------------|
5454
| **Azure Resource Graph (ARG)** | [ARGResources](./asset-data-tables.md#argresources) <br> [ARGResourceContainers](./asset-data-tables.md#argresourcecontainers) <br> [ARGAuthorizationResources](./asset-data-tables.md#argauthorizationresources) | Subscription Owner | Azure Resource Graph |
5555
| **Microsoft Entra ID** | [EntraApplications](./asset-data-tables.md#entraapplications) <br> [EntraGroupMemberships](./asset-data-tables.md#entragroupmemberships) <br> [EntraGroups](./asset-data-tables.md#entragroups) <br> [EntraMembers](./asset-data-tables.md#entramembers) <br> [EntraOrganizations](./asset-data-tables.md#entraorganizations) <br> [EntraServicePrincipals](./asset-data-tables.md#entraserviceprincipals) <br> [EntraUsers](./asset-data-tables.md#entrausers) | None | Microsoft Entra ID Asset |
56-
| **Microsoft 365**<sup>1</sup> | [SharePointSitesAndLists](./asset-data-tables.md#sharepointsitesandlists) | <ul> <li> Global Admin/Security Admin</li> <li> Sentinel workspace contributor</li> </ul> | Microsoft 365 Assets |
57-
58-
<sup>1</sup> Microsoft 365 Activity log connector must be already enabled in the same workspace.
5956

6057
> [!NOTE]
6158
> Certain data connectors, including but not limited to asset connectors, contribute to the construction of data risk graphs in Purview. If these graphs are active, disabling the associated connectors interrupts their generation. Connector descriptions indicate if they're involved in building data risk graphs.

0 commit comments

Comments
 (0)