{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# msticpy Threat Intel Lookup\n", "This notebook describes the use of the Threat Intelligence lookup class in msticpy.\n", "The class allows lookup of individual or multiple IoCs from one or more TI providers.\n", "\n", "TILookup is also extensible - you can subclass TIProvider to implement your own custom lookups. You can also subclass the HTTPProvider or KqlProvider classes, which provide support for querying a REST endpoint or Log Analytics table respectively." ] }, { "cell_type": "markdown", "metadata": { "toc": true }, "source": [ "

Table of Contents

\n", "
" ] }, { "cell_type": "code", "execution_count": 1, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:57:32.266387Z", "start_time": "2019-09-25T04:57:25.562903Z" }, "execution_event_id": "8bb96ca5-5051-4f08-853b-3461927f2e2d", "last_executed_text": "# Imports\nimport sys\nimport warnings\n\nfrom msticpy.common.utility import check_py_version\nMIN_REQ_PYTHON = (3,6)\ncheck_py_version(MIN_REQ_PYTHON)\n\nfrom IPython import get_ipython\nfrom IPython.display import display, HTML, Markdown\nimport ipywidgets as widgets\n\nimport matplotlib.pyplot as plt\nimport seaborn as sns\nsns.set()\nimport networkx as nx\n\nimport pandas as pd\npd.set_option('display.max_rows', 100)\npd.set_option('display.max_columns', 50)\npd.set_option('display.max_colwidth', 100)\n\nfrom msticpy.data import QueryProvider\nfrom msticpy.nbtools import *\nfrom msticpy.sectools import *\nfrom msticpy.nbtools.foliummap import FoliumMap\n\nWIDGET_DEFAULTS = {'layout': widgets.Layout(width='95%'),\n 'style': {'description_width': 'initial'}}\n\n# Some of our dependencies (networkx) still use deprecated Matplotlib\n# APIs - we can't do anything about it so suppress them from view\nfrom matplotlib import MatplotlibDeprecationWarning\nwarnings.simplefilter(\"ignore\", category=MatplotlibDeprecationWarning)\n\n", "persistent_id": "249a5400-e20e-452e-8d0d-2c65a8856bdf", "scrolled": true, "tags": [] }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Processing imports....\n", "Checking configuration....\n", "\n", "The following configuration errors were found: \n", " -----------------------------------------------\n", "TIProviders/AzureSentinel: Missing or invalid WorkspaceID.\n", "TIProviders/AzureSentinel: Missing or invalid TenantID.\n", "\n", "The following configuration warnings were found: \n", " -------------------------------------------------\n", "No AzureCLI section in settings.\n", "Setting options....\n" ] }, { "data": { "text/html": [ "

Notebook setup failed

" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "# Imports\n", "import sys\n", "import warnings\n", "\n", "from msticpy.common.utility import check_py_version\n", "MIN_REQ_PYTHON = (3,6)\n", "check_py_version(MIN_REQ_PYTHON)\n", "\n", "from msticpy import init_notebook\n", "init_notebook(namespace=globals());\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# TILookup class\n", "Input can be a single IoC observable or a pandas DataFrame containing\n", "multiple observables. Processing may require a an API key and\n", "processing performance may be limited to a specific number of\n", "requests per minute for the account type that you have." ] }, { "cell_type": "code", "execution_count": 2, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:57:32.290350Z", "start_time": "2019-09-25T04:57:32.267365Z" }, "tags": [] }, "outputs": [ { "data": { "text/markdown": [ "### Constructor\n" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Initialize TILookup instance.\n", "\n", " Parameters\n", " ----------\n", " primary_providers : Optional[List[TIProvider]], optional\n", " Primary TI Providers, by default None\n", " secondary_providers : Optional[List[TIProvider]], optional\n", " Secondary TI Providers, by default None\n", " providers: Optional[List[str]], optional\n", " List of provider names to load, by default all available\n", " providers are loaded. To see the list of available providers\n", " call `TILookup.list_available_providers()`.\n", " Note: if primary_provides or secondary_providers is specified\n", " This will override the providers list.\n", "\n", " \n" ] }, { "data": { "text/markdown": [ "### Attributes\n" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/markdown": [ "#### _add_provider()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Add a TI provider to the current collection.\n", "\n", " Parameters\n", " ----------\n", " provider : TIProvider\n", " Provider instance\n", " name : str, optional\n", " The name to use for the provider (overrides the class name\n", " of `provider`)\n", " primary : bool, optional\n", " \"primary\" or \"secondary\" if False, by default \"primary\"\n", "\n", " \n", "\n" ] }, { "data": { "text/markdown": [ "#### _available_providers()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Return a list of builtin providers.\n", "\n", " Returns\n", " -------\n", " List[str]\n", " List of TI Provider classes.\n", "\n", " \n", "\n" ] }, { "data": { "text/markdown": [ "#### _configured_providers()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Return a list of avaliable providers that have configuration details present.\n", "\n", " Returns\n", " -------\n", " List[str]\n", " List of TI Provider classes.\n", "\n", " \n", "\n" ] }, { "data": { "text/markdown": [ "#### _list_available_providers()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Print a list of builtin providers with optional usage.\n", "\n", " Parameters\n", " ----------\n", " show_query_types : bool, optional\n", " Show query types supported by providers, by default False\n", " as_list : bool, optional\n", " Return list of providers instead of printing to stdout.\n", " Note: if you specify `show_query_types` this will be printed\n", " irrespective of this parameter setting.\n", "\n", " Returns\n", " -------\n", " Optional[List[str]]\n", " A list of provider names (if `return_list=True`)\n", "\n", " \n", "\n" ] }, { "data": { "text/markdown": [ "#### _loaded_providers()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Return dictionary of loaded providers.\n", "\n", " Returns\n", " -------\n", " Dict[str, TIProvider]\n", " [description]\n", "\n", " \n", "\n" ] }, { "data": { "text/markdown": [ "#### _lookup_ioc()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Lookup single IoC in active providers.\n", "\n", " Parameters\n", " ----------\n", " observable : str\n", " IoC observable\n", " (`ioc` is also an alias for observable)\n", " ioc_type : str, optional\n", " One of IoCExtract.IoCType, by default None\n", " If none, the IoC type will be inferred\n", " ioc_query_type: str, optional\n", " The ioc query type (e.g. rep, info, malware)\n", " providers: List[str]\n", " Explicit list of providers to use\n", " prov_scope : str, optional\n", " Use \"primary\", \"secondary\" or \"all\" providers, by default \"primary\"\n", " kwargs :\n", " Additional arguments passed to the underlying provider(s)\n", "\n", " Returns\n", " -------\n", " Tuple[bool, List[Tuple[str, LookupResult]]]\n", " The result returned as a tuple(bool, list):\n", " bool indicates whether a TI record was found in any provider\n", " list has an entry for each provider result\n", "\n", " \n", "\n" ] }, { "data": { "text/markdown": [ "#### _lookup_iocs()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Lookup a collection of IoCs.\n", "\n", " Parameters\n", " ----------\n", " data : Union[pd.DataFrame, Mapping[str, str], Iterable[str]]\n", " Data input in one of three formats:\n", " 1. Pandas dataframe (you must supply the column name in\n", " `obs_col` parameter)\n", " 2. Mapping (e.g. a dict) of [observable, IoCType]\n", " 3. Iterable of observables - IoCTypes will be inferred\n", " obs_col : str, optional\n", " DataFrame column to use for observables, by default None\n", " ioc_type_col : str, optional\n", " DataFrame column to use for IoCTypes, by default None\n", " ioc_query_type: str, optional\n", " The ioc query type (e.g. rep, info, malware)\n", " providers: List[str]\n", " Explicit list of providers to use\n", " prov_scope : str, optional\n", " Use \"primary\", \"secondary\" or \"all\" providers, by default \"primary\"\n", " kwargs :\n", " Additional arguments passed to the underlying provider(s)\n", "\n", " Returns\n", " -------\n", " pd.DataFrame\n", " DataFrame of results\n", "\n", " \n", "\n" ] }, { "data": { "text/markdown": [ "#### _provider_status()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Return loaded provider status.\n", "\n", " Returns\n", " -------\n", " Iterable[str]\n", " List of providers and descriptions.\n", "\n", " \n", "\n" ] }, { "data": { "text/markdown": [ "#### _provider_usage()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "Print usage of loaded providers.\n", "\n" ] }, { "data": { "text/markdown": [ "#### _reload_provider_settings()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "Reload provider settings from config.\n", "\n" ] }, { "data": { "text/markdown": [ "#### _reload_providers()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Reload providers based on currrent settings in config.\n", "\n", " Parameters\n", " ----------\n", " clear_keyring : bool, optional\n", " Clears any secrets cached in keyring, by default False\n", "\n", " \n", "\n" ] }, { "data": { "text/markdown": [ "#### _result_to_df()_" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "\n", " Return DataFrame representation of IoC Lookup response.\n", "\n", " Parameters\n", " ----------\n", " ioc_lookup : Tuple[bool, List[Tuple[str, LookupResult]]]\n", " Output from `lookup_ioc`\n", "\n", " Returns\n", " -------\n", " pd.DataFrame\n", " The response as a DataFrame with a row for each\n", " provider response.\n", "\n", " \n", "\n" ] } ], "source": [ "# TILookup class\n", "display(Markdown(\"### Constructor\\n\"))\n", "print(TILookup.__init__.__doc__)\n", "display(Markdown(\"### Attributes\\n\"))\n", "for name in [att for att in dir(TILookup) if not att.startswith(\"_\")]:\n", " display(Markdown(f\"#### _{name}()_\"))\n", " print(getattr(TILookup, name).__doc__)\n", " print()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Available Providers\n", "The **msticpy** TI Provider library can lookup IoCs in multiple providers.\n", "\n", "The list below shows the current set of providers." ] }, { "cell_type": "code", "execution_count": 3, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:57:56.777457Z", "start_time": "2019-09-25T04:57:32.291350Z" }, "tags": [] }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "AzSTI\n", "OPR\n", "OTX\n", "Tor\n", "VirusTotal\n", "XForce\n" ] } ], "source": [ "TILookup.list_available_providers()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "You can view the list of supported query types for each provider with the `show_query_types=True` parameter" ] }, { "cell_type": "code", "execution_count": 4, "metadata": { "tags": [] }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "AzSTI\n", "Azure Sentinel TI provider class. Supported query types:\n", "\tioc_type=dns\n", "\tioc_type=file_hash\n", "\tioc_type=hostname\n", "\tioc_type=ipv4\n", "\tioc_type=ipv6\n", "\tioc_type=linux_path\n", "\tioc_type=md5_hash\n", "\tioc_type=sha1_hash\n", "\tioc_type=sha256_hash\n", "\tioc_type=url\n", "\tioc_type=windows_path\n", "OPR\n", "Open PageRank Lookup. Supported query types:\n", "\tioc_type=dns\n", "OTX\n", "AlientVault OTX Lookup. Supported query types:\n", "\tioc_type=dns\n", "\tioc_type=dns, ioc_query_type=geo\n", "\tioc_type=dns, ioc_query_type=passivedns\n", "\tioc_type=file_hash\n", "\tioc_type=hostname\n", "\tioc_type=ipv4\n", "\tioc_type=ipv4, ioc_query_type=geo\n", "\tioc_type=ipv4, ioc_query_type=passivedns\n", "\tioc_type=ipv6\n", "\tioc_type=ipv6, ioc_query_type=geo\n", "\tioc_type=ipv6, ioc_query_type=passivedns\n", "\tioc_type=md5_hash\n", "\tioc_type=sha1_hash\n", "\tioc_type=sha256_hash\n", "\tioc_type=url\n", "Tor\n", "Tor Exit Nodes Lookup. Supported query types:\n", "\tioc_type=ipv4\n", "VirusTotal\n", "VirusTotal Lookup. Supported query types:\n", "\tioc_type=dns\n", "\tioc_type=file_hash\n", "\tioc_type=ipv4\n", "\tioc_type=md5_hash\n", "\tioc_type=sha1_hash\n", "\tioc_type=sha256_hash\n", "\tioc_type=url\n", "XForce\n", "IBM XForce Lookup. Supported query types:\n", "\tioc_type=dns\n", "\tioc_type=dns, ioc_query_type=malware\n", "\tioc_type=dns, ioc_query_type=passivedns\n", "\tioc_type=dns, ioc_query_type=whois\n", "\tioc_type=file_hash\n", "\tioc_type=hostname, ioc_query_type=whois\n", "\tioc_type=ipv4\n", "\tioc_type=ipv4, ioc_query_type=malware\n", "\tioc_type=ipv4, ioc_query_type=passivedns\n", "\tioc_type=ipv4, ioc_query_type=rep\n", "\tioc_type=ipv4, ioc_query_type=whois\n", "\tioc_type=ipv6\n", "\tioc_type=ipv6, ioc_query_type=malware\n", "\tioc_type=ipv6, ioc_query_type=passivedns\n", "\tioc_type=ipv6, ioc_query_type=rep\n", "\tioc_type=ipv6, ioc_query_type=whois\n", "\tioc_type=md5_hash\n", "\tioc_type=sha1_hash\n", "\tioc_type=sha256_hash\n", "\tioc_type=url\n", "\tioc_type=url, ioc_query_type=malware\n" ] } ], "source": [ "TILookup.list_available_providers(show_query_types=True)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Loading TIProviders\n", "\n", "Calling TILookup with no parameters will load all of the available providers\n", "that have a configuration entry in `msticpyconfig.yaml` (see next section)" ] }, { "cell_type": "code", "execution_count": 5, "metadata": { "tags": [] }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Please wait. Loading Kqlmagic extension...\n" ] }, { "data": { "application/javascript": [ "try {IPython.notebook.kernel.reconnect();} catch(err) {;}" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": [ "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": [ "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "\n", " \n", "
\n", " \n", " \n", "
\n", "\n", " \n", "\n", " " ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": [ "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n" ] }, { "data": { "text/plain": [ "['OTX - AlientVault OTX Lookup. (primary)',\n", " 'OPR - Open PageRank Lookup. (primary)',\n", " 'Tor - Tor Exit Nodes Lookup. (primary)',\n", " 'VirusTotal - VirusTotal Lookup. (primary)',\n", " 'XForce - IBM XForce Lookup. (primary)',\n", " 'AzSTI - Azure Sentinel TI provider class. (secondary)']" ] }, "execution_count": 5, "metadata": {}, "output_type": "execute_result" } ], "source": [ "# load all configured providers\n", "ti_lookup = TILookup()\n", "ti_lookup.provider_status\n", "\n", "# Restricting which providers get loaded\n", "#ti_lookup = TILookup(providers=[\"VirusTotal\", \"XForce\"])" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Configuration File\n", "You can configure primary and secondary providers. \n", "Primary providers are used by default.\n", "\n", "You may need to supply an authorization (API) key and in some cases a user ID for each provider.\n", "\n", "For LogAnalytics/Azure Sentinel providers, you will need the workspace ID and tenant ID and will need to authenticate in order to access the data (although if you have an existing authenticated connection with the same workspace/tenant, this connection will be re-used).\n", "\n", "The configuration file is read from the current directory.\n", "\n", "Alternatively, you can specify a location for this file in an environment variable `MSTICPYCONFIG`.\n", "\n", "If you need to create a config file, uncomment the lines in the following cell.
\n", "### Warning - this will overwrite a file of the same name in the current directory\n", "\n", "Delete any provider entries that you do not want to use and add the missing parameters for your providers. " ] }, { "cell_type": "code", "execution_count": 6, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:57:56.781478Z", "start_time": "2019-09-25T04:57:56.778478Z" } }, "outputs": [], "source": [ "# %%writefile msticpyconfig.yaml\n", "# QueryDefinitions:\n", "\n", "# TIProviders:\n", "# OTX:\n", "# Args:\n", "# AuthKey: \"your-otx-key\"\n", "# Primary: True\n", "# Provider: \"OTX\" # Explicitly name provider to override\n", "# VirusTotal:\n", "# Args:\n", "# AuthKey: \"your-vt-key\"\n", "# Primary: True\n", "# Provider: \"VirusTotal\"\n", "# XForce:\n", "# Args:\n", "# ApiID: \"your-xforce-id\"\n", "# AuthKey: \"your-xforce-key\"\n", "# Primary: True\n", "# Provider: \"XForce\"\n", "# AzureSentinel:\n", "# # Note if you do not specify any settings in the Args key for the AzureSentinel\n", "# # provider, it will default to using your default Azure Sentinel workspace.\n", "# Args:\n", "# WorkspaceID: \"your-azure-sentinel-workspace-id\"\n", "# TenantID: \"your-azure-sentinel-tenant-id\"\n", "# Primary: True\n", "# Provider: \"AzSTI\"" ] }, { "cell_type": "markdown", "metadata": { "ExecuteTime": { "end_time": "2019-09-17T23:08:31.871974Z", "start_time": "2019-09-17T23:08:31.854984Z" } }, "source": [ "Reload providers to pick up new settings" ] }, { "cell_type": "code", "execution_count": 7, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:57:57.200981Z", "start_time": "2019-09-25T04:57:56.782454Z" }, "tags": [] }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Settings reloaded. Use reload_providers to update settings for loaded providers.\n" ] }, { "data": { "application/javascript": [ "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": [ "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n" ] }, { "data": { "text/plain": [ "['OTX - AlientVault OTX Lookup. (primary)',\n", " 'OPR - Open PageRank Lookup. (primary)',\n", " 'Tor - Tor Exit Nodes Lookup. (primary)',\n", " 'VirusTotal - VirusTotal Lookup. (primary)',\n", " 'XForce - IBM XForce Lookup. (primary)',\n", " 'AzSTI - Azure Sentinel TI provider class. (secondary)']" ] }, "execution_count": 7, "metadata": {}, "output_type": "execute_result" } ], "source": [ "ti_lookup.reload_providers()\n", "ti_lookup.provider_status" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Looking up IoCs" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### lookup_ioc\n", "To lookup a single IoC.\n", "```\n", "ti_lookup.lookup_ioc(\n", " observable: str = None,\n", " ioc_type: str = None,\n", " ioc_query_type: str = None,\n", " providers: List[str] = None,\n", " prov_scope: str = 'primary',\n", " **kwargs,\n", ") -> Tuple[bool, List[Tuple[str, msticpy.sectools.tiproviders.ti_provider_base.LookupResult]]]\n", "\n", "Lookup single IoC in active providers.\n", "\n", "Parameters\n", "----------\n", "observable : str\n", " IoC observable\n", " (`ioc` is also an alias for observable)\n", "ioc_type : str, optional\n", " One of IoCExtract.IoCType, by default None\n", " If none, the IoC type will be inferred\n", "ioc_query_type: str, optional\n", " The ioc query type (e.g. rep, info, malware)\n", "providers: List[str]\n", " Explicit list of providers to use\n", "prov_scope : str, optional\n", " Use primary, secondary or all providers, by default \"primary\"\n", "kwargs :\n", " Additional arguments passed to the underlying provider(s)\n", "\n", "Returns\n", "-------\n", "Tuple[bool, List[Tuple[str, LookupResult]]]\n", " The result returned as a tuple(bool, list):\n", " bool indicates whether a TI record was found in any provider\n", " list has an entry for each provider result\n", "```" ] }, { "cell_type": "code", "execution_count": 8, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:57:57.204979Z", "start_time": "2019-09-25T04:57:57.203002Z" } }, "outputs": [], "source": [ "# Uncomment this and run to see the document string\n", "# ti_lookup.lookup_ioc?" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Lookup an IoC from a single provider\n", "And show the output" ] }, { "cell_type": "code", "execution_count": 9, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:57:59.999072Z", "start_time": "2019-09-25T04:57:57.205979Z" } }, "outputs": [ { "data": { "application/javascript": [ "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
IocIocTypeQuerySubtypeProviderResultSeverityDetailsRawResultReferenceStatus
XForce52.183.120.194ipv4NoneXForceTruewarning{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...{'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...https://api.xforce.ibmcloud.com/ipr/52.183.120.1940
AzSTI52.183.120.194ipv4NoneAzSTIFalseinformationNot found.NoneNone0
\n", "
" ], "text/plain": [ " Ioc IocType QuerySubtype Provider Result Severity \\\n", "XForce 52.183.120.194 ipv4 None XForce True warning \n", "AzSTI 52.183.120.194 ipv4 None AzSTI False information \n", "\n", " Details \\\n", "XForce {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... \n", "AzSTI Not found. \n", "\n", " RawResult \\\n", "XForce {'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... \n", "AzSTI None \n", "\n", " Reference Status \n", "XForce https://api.xforce.ibmcloud.com/ipr/52.183.120.194 0 \n", "AzSTI None 0 " ] }, "execution_count": 9, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result = ti_lookup.lookup_ioc(observable=\"52.183.120.194\", providers=[\"AzSTI\", \"XForce\"])\n", "ti_lookup.result_to_df(result)" ] }, { "cell_type": "code", "execution_count": 10, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:00.314867Z", "start_time": "2019-09-25T04:58:00.000046Z" } }, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
OTXOPRTorVirusTotalXForce
Ioc52.183.120.19452.183.120.19452.183.120.19452.183.120.19452.183.120.194
IocTypeipv4ipv4ipv4ipv4ipv4
QuerySubtypeNoneNoneNoneNoneNone
ProviderOTXOPRTorVirusTotalXForce
ResultTrueFalseTrueTrueTrue
Severityinformationinformationinformationinformationwarning
Details{'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d...IoC type ipv4 not supported.Not found.{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0}{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...
RawResult{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...NoneNone{'https_certificate_date': 1569589456, 'whois': 'NetRange: 52.145.0.0 - 52.191.255.255\n", "CIDR: 52....{'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...
Referencehttps://otx.alienvault.com/api/v1/indicators/IPv4/52.183.120.194/generalNonehttps://check.torproject.org/exit-addresseshttps://www.virustotal.com/vtapi/v2/ip-address/reporthttps://api.xforce.ibmcloud.com/ipr/52.183.120.194
Status01000
\n", "
" ], "text/plain": [ " OTX \\\n", "Ioc 52.183.120.194 \n", "IocType ipv4 \n", "QuerySubtype None \n", "Provider OTX \n", "Result True \n", "Severity information \n", "Details {'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d... \n", "RawResult {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... \n", "Reference https://otx.alienvault.com/api/v1/indicators/IPv4/52.183.120.194/general \n", "Status 0 \n", "\n", " OPR \\\n", "Ioc 52.183.120.194 \n", "IocType ipv4 \n", "QuerySubtype None \n", "Provider OPR \n", "Result False \n", "Severity information \n", "Details IoC type ipv4 not supported. \n", "RawResult None \n", "Reference None \n", "Status 1 \n", "\n", " Tor \\\n", "Ioc 52.183.120.194 \n", "IocType ipv4 \n", "QuerySubtype None \n", "Provider Tor \n", "Result True \n", "Severity information \n", "Details Not found. \n", "RawResult None \n", "Reference https://check.torproject.org/exit-addresses \n", "Status 0 \n", "\n", " VirusTotal \\\n", "Ioc 52.183.120.194 \n", "IocType ipv4 \n", "QuerySubtype None \n", "Provider VirusTotal \n", "Result True \n", "Severity information \n", "Details {'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0} \n", "RawResult {'https_certificate_date': 1569589456, 'whois': 'NetRange: 52.145.0.0 - 52.191.255.255\n", "CIDR: 52.... \n", "Reference https://www.virustotal.com/vtapi/v2/ip-address/report \n", "Status 0 \n", "\n", " XForce \n", "Ioc 52.183.120.194 \n", "IocType ipv4 \n", "QuerySubtype None \n", "Provider XForce \n", "Result True \n", "Severity warning \n", "Details {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... \n", "RawResult {'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... \n", "Reference https://api.xforce.ibmcloud.com/ipr/52.183.120.194 \n", "Status 0 " ] }, "execution_count": 10, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result = ti_lookup.lookup_ioc(observable=\"52.183.120.194\")\n", "ti_lookup.result_to_df(result).T" ] }, { "cell_type": "code", "execution_count": 11, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:00.486796Z", "start_time": "2019-09-25T04:58:00.315866Z" }, "tags": [] }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "OTX\n", "ioc: 38.75.137.9 ( ipv4 )\n", "result: True\n", "{ 'names': ['Underminer.EK - Exploit Kit IOC Feed', 'Underminer EK'],\n", " 'pulse_count': 2,\n", " 'references': [ [],\n", " [ 'https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/']],\n", " 'tags': [['Underminer.EK'], []]}\n", "reference: https://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/general\n" ] } ], "source": [ "import pprint\n", "pp = pprint.PrettyPrinter(indent=2)\n", "\n", "result, details = ti_lookup.lookup_ioc(observable=\"38.75.137.9\", providers=[\"OTX\"])\n", "\n", "# the details is a list (since there could be multiple responses for an IoC)\n", "for provider, detail in details:\n", " print(provider)\n", " detail.summary\n", "# Un-comment to view raw response\n", "# print(\"\\nRaw Results\")\n", "# pp.pprint(detail.raw_result)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "#### Or convert result to a DataFrame and let pandas do the display work..." ] }, { "cell_type": "code", "execution_count": 12, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:00.498762Z", "start_time": "2019-09-25T04:58:00.487768Z" } }, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
OTX
Ioc38.75.137.9
IocTypeipv4
QuerySubtypeNone
ProviderOTX
ResultTrue
Severityhigh
Details{'pulse_count': 2, 'names': ['Underminer.EK - Exploit Kit IOC Feed', 'Underminer EK'], 'tags': [...
RawResult{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...
Referencehttps://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/general
Status0
\n", "
" ], "text/plain": [ " OTX\n", "Ioc 38.75.137.9\n", "IocType ipv4\n", "QuerySubtype None\n", "Provider OTX\n", "Result True\n", "Severity high\n", "Details {'pulse_count': 2, 'names': ['Underminer.EK - Exploit Kit IOC Feed', 'Underminer EK'], 'tags': [...\n", "RawResult {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...\n", "Reference https://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/general\n", "Status 0" ] }, "execution_count": 12, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result = ti_lookup.lookup_ioc(observable=\"38.75.137.9\", providers=[\"OTX\"])\n", "ti_lookup.result_to_df(result).T" ] }, { "cell_type": "code", "execution_count": 13, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:00.519751Z", "start_time": "2019-09-25T04:58:00.499762Z" }, "scrolled": true }, "outputs": [ { "data": { "text/plain": [ "{'sections': ['general',\n", " 'geo',\n", " 'reputation',\n", " 'url_list',\n", " 'passive_dns',\n", " 'malware',\n", " 'nids_list',\n", " 'http_scans'],\n", " 'city': 'Los Angeles',\n", " 'area_code': 0,\n", " 'accuracy_radius': 1000,\n", " 'pulse_info': {'count': 2,\n", " 'references': ['https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/'],\n", " 'pulses': [{'indicator_type_counts': {'domain': 1, 'hostname': 1, 'IPv4': 7},\n", " 'pulse_source': 'api',\n", " 'TLP': 'white',\n", " 'description': 'IPs and hostnames for the Exploit Kit known as Underminer.EK.',\n", " 'subscriber_count': 257,\n", " 'tags': ['Underminer.EK'],\n", " 'export_count': 1,\n", " 'malware_families': [],\n", " 'is_modified': True,\n", " 'upvotes_count': 0,\n", " 'modified_text': '248 days ago ',\n", " 'is_subscribing': None,\n", " 'references': [],\n", " 'targeted_countries': [],\n", " 'groups': [],\n", " 'vote': 0,\n", " 'validator_count': 0,\n", " 'threat_hunter_scannable': True,\n", " 'is_author': False,\n", " 'adversary': '',\n", " 'id': '5db816cba3e59aeced1fad16',\n", " 'industries': [],\n", " 'locked': False,\n", " 'name': 'Underminer.EK - Exploit Kit IOC Feed',\n", " 'created': '2019-10-29T10:39:07.558000',\n", " 'related_indicator_is_active': 1,\n", " 'threat_hunter_has_agents': 1,\n", " 'cloned_from': None,\n", " 'downvotes_count': 0,\n", " 'modified': '2019-11-04T13:21:54.514000',\n", " 'comment_count': 0,\n", " 'indicator_count': 9,\n", " 'attack_ids': [],\n", " 'in_group': False,\n", " 'follower_count': 0,\n", " 'votes_count': 0,\n", " 'author': {'username': 'otxrobottwo',\n", " 'is_subscribed': False,\n", " 'avatar_url': 'https://otx20-web-media.s3.amazonaws.com/media/avatars/user_78495/resized/80/avatar_ba5a8acdbd.png',\n", " 'is_following': False,\n", " 'id': '78495'},\n", " 'related_indicator_type': 'IPv4',\n", " 'public': 1},\n", " {'indicator_type_counts': {'URL': 16, 'FileHash-MD5': 5, 'IPv4': 3},\n", " 'pulse_source': 'web',\n", " 'TLP': 'white',\n", " 'description': '',\n", " 'subscriber_count': 26,\n", " 'tags': [],\n", " 'export_count': 0,\n", " 'malware_families': [],\n", " 'is_modified': False,\n", " 'upvotes_count': 0,\n", " 'modified_text': '344 days ago ',\n", " 'is_subscribing': None,\n", " 'references': ['https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/'],\n", " 'targeted_countries': [],\n", " 'groups': [],\n", " 'vote': 0,\n", " 'validator_count': 0,\n", " 'threat_hunter_scannable': True,\n", " 'is_author': False,\n", " 'adversary': '',\n", " 'id': '5d41d77901a2f8c6e9b650e9',\n", " 'industries': [],\n", " 'locked': False,\n", " 'name': 'Underminer EK',\n", " 'created': '2019-07-31T18:01:29.744000',\n", " 'related_indicator_is_active': 1,\n", " 'threat_hunter_has_agents': 1,\n", " 'cloned_from': None,\n", " 'downvotes_count': 0,\n", " 'modified': '2019-07-31T18:01:29.744000',\n", " 'comment_count': 0,\n", " 'indicator_count': 24,\n", " 'attack_ids': [],\n", " 'in_group': False,\n", " 'follower_count': 0,\n", " 'votes_count': 0,\n", " 'author': {'username': 'mattvittitoe',\n", " 'is_subscribed': False,\n", " 'avatar_url': 'https://otx.alienvault.com/assets/images/default-avatar.png',\n", " 'is_following': False,\n", " 'id': '79520'},\n", " 'related_indicator_type': 'IPv4',\n", " 'public': 1}]},\n", " 'continent_code': 'NA',\n", " 'latitude': 34.0584,\n", " 'postal_code': '90017',\n", " 'longitude': -118.278,\n", " 'country_code': 'US',\n", " 'flag_url': '/assets/images/flags/us.png',\n", " 'asn': 'AS63023 AS-GLOBALTELEHOST',\n", " 'city_data': True,\n", " 'indicator': '38.75.137.9',\n", " 'subdivision': 'CA',\n", " 'whois': 'http://whois.domaintools.com/38.75.137.9',\n", " 'type_title': 'IPv4',\n", " 'region': 'CA',\n", " 'charset': 0,\n", " 'dma_code': 803,\n", " 'country_code3': 'USA',\n", " 'country_code2': 'US',\n", " 'reputation': 0,\n", " 'base_indicator': {'indicator': '38.75.137.9',\n", " 'description': '',\n", " 'title': '',\n", " 'access_reason': '',\n", " 'access_type': 'public',\n", " 'content': '',\n", " 'type': 'IPv4',\n", " 'id': 2127020821},\n", " 'country_name': 'United States of America',\n", " 'type': 'IPv4',\n", " 'flag_title': 'United States of America'}" ] }, "execution_count": 13, "metadata": {}, "output_type": "execute_result" } ], "source": [ "# Extract a single field (RawResult) from the dataframe (.iloc[0] is to select the row)\n", "ti_lookup.result_to_df(result)[\"RawResult\"].iloc[0]" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Lookup using all primary providers" ] }, { "cell_type": "code", "execution_count": 14, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:03.536452Z", "start_time": "2019-09-25T04:58:00.520750Z" }, "scrolled": true }, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
IocIocTypeQuerySubtypeProviderResultSeverityDetailsRawResultReferenceStatus
OTX188.127.231.124ipv4NoneOTXTruehigh{'pulse_count': 4, 'names': ['Locky Ransomware C2 IP blocklist (LY_C2_IPBL)', 'Malicious IP', 'F...{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...https://otx.alienvault.com/api/v1/indicators/IPv4/188.127.231.124/general0
OPR188.127.231.124ipv4NoneOPRFalseinformationIoC type ipv4 not supported.NoneNone1
Tor188.127.231.124ipv4NoneTorTrueinformationNot found.Nonehttps://check.torproject.org/exit-addresses0
VirusTotal188.127.231.124ipv4NoneVirusTotalTrueinformation{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0...{'undetected_downloaded_samples': [{'date': '2018-01-09 20:05:03', 'positives': 0, 'total': 71, ...https://www.virustotal.com/vtapi/v2/ip-address/report0
XForce188.127.231.124ipv4NoneXForceTruewarning{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...{'ip': '188.127.231.124', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona...https://api.xforce.ibmcloud.com/ipr/188.127.231.1240
\n", "
" ], "text/plain": [ " Ioc IocType QuerySubtype Provider Result \\\n", "OTX 188.127.231.124 ipv4 None OTX True \n", "OPR 188.127.231.124 ipv4 None OPR False \n", "Tor 188.127.231.124 ipv4 None Tor True \n", "VirusTotal 188.127.231.124 ipv4 None VirusTotal True \n", "XForce 188.127.231.124 ipv4 None XForce True \n", "\n", " Severity \\\n", "OTX high \n", "OPR information \n", "Tor information \n", "VirusTotal information \n", "XForce warning \n", "\n", " Details \\\n", "OTX {'pulse_count': 4, 'names': ['Locky Ransomware C2 IP blocklist (LY_C2_IPBL)', 'Malicious IP', 'F... \n", "OPR IoC type ipv4 not supported. \n", "Tor Not found. \n", "VirusTotal {'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0... \n", "XForce {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... \n", "\n", " RawResult \\\n", "OTX {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... \n", "OPR None \n", "Tor None \n", "VirusTotal {'undetected_downloaded_samples': [{'date': '2018-01-09 20:05:03', 'positives': 0, 'total': 71, ... \n", "XForce {'ip': '188.127.231.124', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regiona... \n", "\n", " Reference \\\n", "OTX https://otx.alienvault.com/api/v1/indicators/IPv4/188.127.231.124/general \n", "OPR None \n", "Tor https://check.torproject.org/exit-addresses \n", "VirusTotal https://www.virustotal.com/vtapi/v2/ip-address/report \n", "XForce https://api.xforce.ibmcloud.com/ipr/188.127.231.124 \n", "\n", " Status \n", "OTX 0 \n", "OPR 1 \n", "Tor 0 \n", "VirusTotal 0 \n", "XForce 0 " ] }, "execution_count": 14, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result = ti_lookup.lookup_ioc(observable=\"188.127.231.124\")\n", "ti_lookup.result_to_df(result)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Provider Usage\n", "This shows the supported IoC Types.\n", "\n", "In some cases an IoC type will also support special types of sub-query such as geo-ip and passive-dns" ] }, { "cell_type": "code", "execution_count": 15, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:03.543449Z", "start_time": "2019-09-25T04:58:03.537451Z" }, "tags": [] }, "outputs": [ { "data": { "text/plain": [ "['OTX - AlientVault OTX Lookup. (primary)',\n", " 'OPR - Open PageRank Lookup. (primary)',\n", " 'Tor - Tor Exit Nodes Lookup. (primary)',\n", " 'VirusTotal - VirusTotal Lookup. (primary)',\n", " 'XForce - IBM XForce Lookup. (primary)',\n", " 'AzSTI - Azure Sentinel TI provider class. (secondary)']" ] }, "metadata": {}, "output_type": "display_data" }, { "name": "stdout", "output_type": "stream", "text": [ "Azure Sentinel TI provider class. Supported query types:\n", "\tioc_type=dns\n", "\tioc_type=file_hash\n", "\tioc_type=hostname\n", "\tioc_type=ipv4\n", "\tioc_type=ipv6\n", "\tioc_type=linux_path\n", "\tioc_type=md5_hash\n", "\tioc_type=sha1_hash\n", "\tioc_type=sha256_hash\n", "\tioc_type=url\n", "\tioc_type=windows_path\n" ] } ], "source": [ "display(ti_lookup.provider_status)\n", "ti_lookup.loaded_providers[\"AzSTI\"].usage()" ] }, { "cell_type": "code", "execution_count": 16, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:03.566435Z", "start_time": "2019-09-25T04:58:03.544447Z" }, "tags": [] }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Primary providers\n", "-----------------\n", "\n", "Provider class: OTX\n", "AlientVault OTX Lookup. Supported query types:\n", "\tioc_type=dns\n", "\tioc_type=dns, ioc_query_type=geo\n", "\tioc_type=dns, ioc_query_type=passivedns\n", "\tioc_type=file_hash\n", "\tioc_type=hostname\n", "\tioc_type=ipv4\n", "\tioc_type=ipv4, ioc_query_type=geo\n", "\tioc_type=ipv4, ioc_query_type=passivedns\n", "\tioc_type=ipv6\n", "\tioc_type=ipv6, ioc_query_type=geo\n", "\tioc_type=ipv6, ioc_query_type=passivedns\n", "\tioc_type=md5_hash\n", "\tioc_type=sha1_hash\n", "\tioc_type=sha256_hash\n", "\tioc_type=url\n", "\n", "Provider class: OPR\n", "Open PageRank Lookup. Supported query types:\n", "\tioc_type=dns\n", "\n", "Provider class: Tor\n", "Tor Exit Nodes Lookup. Supported query types:\n", "\tioc_type=ipv4\n", "\n", "Provider class: VirusTotal\n", "VirusTotal Lookup. Supported query types:\n", "\tioc_type=dns\n", "\tioc_type=file_hash\n", "\tioc_type=ipv4\n", "\tioc_type=md5_hash\n", "\tioc_type=sha1_hash\n", "\tioc_type=sha256_hash\n", "\tioc_type=url\n", "\n", "Provider class: XForce\n", "IBM XForce Lookup. Supported query types:\n", "\tioc_type=dns\n", "\tioc_type=dns, ioc_query_type=malware\n", "\tioc_type=dns, ioc_query_type=passivedns\n", "\tioc_type=dns, ioc_query_type=whois\n", "\tioc_type=file_hash\n", "\tioc_type=hostname, ioc_query_type=whois\n", "\tioc_type=ipv4\n", "\tioc_type=ipv4, ioc_query_type=malware\n", "\tioc_type=ipv4, ioc_query_type=passivedns\n", "\tioc_type=ipv4, ioc_query_type=rep\n", "\tioc_type=ipv4, ioc_query_type=whois\n", "\tioc_type=ipv6\n", "\tioc_type=ipv6, ioc_query_type=malware\n", "\tioc_type=ipv6, ioc_query_type=passivedns\n", "\tioc_type=ipv6, ioc_query_type=rep\n", "\tioc_type=ipv6, ioc_query_type=whois\n", "\tioc_type=md5_hash\n", "\tioc_type=sha1_hash\n", "\tioc_type=sha256_hash\n", "\tioc_type=url\n", "\tioc_type=url, ioc_query_type=malware\n", "\n", "Secondary providers\n", "-------------------\n", "\n", "Provider class: AzSTI\n", "Azure Sentinel TI provider class. Supported query types:\n", "\tioc_type=dns\n", "\tioc_type=file_hash\n", "\tioc_type=hostname\n", "\tioc_type=ipv4\n", "\tioc_type=ipv6\n", "\tioc_type=linux_path\n", "\tioc_type=md5_hash\n", "\tioc_type=sha1_hash\n", "\tioc_type=sha256_hash\n", "\tioc_type=url\n", "\tioc_type=windows_path\n" ] } ], "source": [ "ti_lookup.provider_usage()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Use to do a passive DNS lookup" ] }, { "cell_type": "code", "execution_count": 17, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:04.168465Z", "start_time": "2019-09-25T04:58:03.567435Z" }, "tags": [] }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "(True, [('XForce', LookupResult(ioc='38.75.137.9', ioc_type='ipv4', safe_ioc='38.75.137.9', query_subtype='passivedns', provider='XForce', result=True, severity='information', details={'records': 1}, raw_result={'Passive': {'query': '0x00000000000000000000ffff264b8909', 'records': []}, 'RDNS': ['9-137-75-38.clients.gthost.com'], 'total_rows': 1}, reference='https://api.xforce.ibmcloud.com/resolve/38.75.137.9', status=0))])\n", "\n", "Provider result:\n" ] }, { "data": { "text/plain": [ "{'Passive': {'query': '0x00000000000000000000ffff264b8909', 'records': []},\n", " 'RDNS': ['9-137-75-38.clients.gthost.com'],\n", " 'total_rows': 1}" ] }, "execution_count": 17, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result = ti_lookup.lookup_ioc(observable=\"38.75.137.9\", ico_type=\"ipv4\", ioc_query_type=\"passivedns\", providers=[\"XForce\"])\n", "print(result)\n", "print(\"\\nProvider result:\")\n", "result[1][0][1].raw_result" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Use to do a GeoIP lookup" ] }, { "cell_type": "code", "execution_count": 18, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:04.287394Z", "start_time": "2019-09-25T04:58:04.169440Z" }, "tags": [] }, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "(True, [('OTX', LookupResult(ioc='38.75.137.9', ioc_type='ipv4', safe_ioc='38.75.137.9', query_subtype='geo', provider='OTX', result=True, severity='information', details={}, raw_result={'city_data': True, 'accuracy_radius': 1000, 'area_code': 0, 'continent_code': 'NA', 'country_name': 'United States of America', 'postal_code': '90017', 'dma_code': 803, 'country_code': 'US', 'flag_url': '/assets/images/flags/us.png', 'asn': 'AS63023 AS-GLOBALTELEHOST', 'city': 'Los Angeles', 'subdivision': 'CA', 'region': 'CA', 'charset': 0, 'longitude': -118.278, 'country_code3': 'USA', 'country_code2': 'US', 'latitude': 34.0584, 'flag_title': 'United States of America'}, reference='https://otx.alienvault.com/api/v1/indicators/IPv4/38.75.137.9/geo', status=0))])\n", "\n", "Provider result:\n" ] }, { "data": { "text/plain": [ "{'city_data': True,\n", " 'accuracy_radius': 1000,\n", " 'area_code': 0,\n", " 'continent_code': 'NA',\n", " 'country_name': 'United States of America',\n", " 'postal_code': '90017',\n", " 'dma_code': 803,\n", " 'country_code': 'US',\n", " 'flag_url': '/assets/images/flags/us.png',\n", " 'asn': 'AS63023 AS-GLOBALTELEHOST',\n", " 'city': 'Los Angeles',\n", " 'subdivision': 'CA',\n", " 'region': 'CA',\n", " 'charset': 0,\n", " 'longitude': -118.278,\n", " 'country_code3': 'USA',\n", " 'country_code2': 'US',\n", " 'latitude': 34.0584,\n", " 'flag_title': 'United States of America'}" ] }, "execution_count": 18, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result = ti_lookup.lookup_ioc(observable=\"38.75.137.9\", ico_type=\"ipv4\", ioc_query_type=\"geo\", providers=[\"OTX\"])\n", "print(result)\n", "print(\"\\nProvider result:\")\n", "result[1][0][1].raw_result" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Inferring IoC Type vs. Specifying explicity\n", "If you do a lookup without specifying a type, TILookup will try to infer the type by matching regexes. There are patterns for all supported types but there are some caveats:\n", "\n", "- The match is not 100% foolproof - e.g. some URLs and hash types may be misidentified.\n", "- The inference adds an overhead to each lookup.\n", "\n", "If you know the type that you want to look up, it is always better to explicitly include it.\n", "- For single IoC lookup, use the `ioc_type` parameter.\n", "- For multiple IoC lookups (see below), supply either:\n", " - a DataFrame with a column that specifies the type for each entry\n", " - a dictionary of the form `{ioc_observable: ioc_type}`" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Looking up Multiple IoCs" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### lookup_iocs\n", "```\n", "Signature:\n", "ti_lookup.lookup_iocs(\n", " data: Union[pandas.core.frame.DataFrame, Mapping[str, str], Iterable[str]],\n", " obs_col: str = None,\n", " ioc_type_col: str = None,\n", " ioc_query_type: str = None,\n", " providers: List[str] = None,\n", " prov_scope: str = 'primary',\n", " **kwargs,\n", ") -> pandas.core.frame.DataFrame\n", "\n", "Lookup a collection of IoCs.\n", "\n", "Parameters\n", "----------\n", "data : Union[pd.DataFrame, Mapping[str, str], Iterable[str]]\n", " Data input in one of three formats:\n", " 1. Pandas dataframe (you must supply the column name in\n", " `obs_col` parameter)\n", " 2. Mapping (e.g. a dict) of [observable, IoCType]\n", " 3. Iterable of observables - IoCTypes will be inferred\n", "obs_col : str, optional\n", " DataFrame column to use for observables, by default None\n", "ioc_type_col : str, optional\n", " DataFrame column to use for IoCTypes, by default None\n", "ioc_query_type: str, optional\n", " The ioc query type (e.g. rep, info, malware)\n", "providers: List[str]\n", " Explicit list of providers to use\n", "prov_scope : str, optional\n", " Use primary, secondary or all providers, by default \"primary\"\n", "kwargs :\n", " Additional arguments passed to the underlying provider(s)\n", "\n", "Returns\n", "-------\n", "pd.DataFrame\n", " DataFrame of results\n", "```" ] }, { "cell_type": "code", "execution_count": 19, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:04.290371Z", "start_time": "2019-09-25T04:58:04.288371Z" } }, "outputs": [], "source": [ "# Uncomment this and run to see the document string\n", "# ti_lookup.lookup_iocs?" ] }, { "cell_type": "markdown", "metadata": { "ExecuteTime": { "end_time": "2019-09-19T01:36:31.215275Z", "start_time": "2019-09-19T01:36:31.200284Z" } }, "source": [ "### Multiple IP Lookup from single provider" ] }, { "cell_type": "code", "execution_count": 20, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:07.304839Z", "start_time": "2019-09-25T04:58:04.293368Z" }, "scrolled": true }, "outputs": [ { "data": { "application/javascript": [ "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
IocIocTypeQuerySubtypeReferenceResultDetailsStatusSeverityProvider
051.75.29.61ipv4NoneThreatIntelligenceIndicator | where TimeGenerated >= datetime(2020-06-09T22:21:31.328494Z) | w...FalseNot found.00AzSTI
113.91.229.209ipv4NoneThreatIntelligenceIndicator | where TimeGenerated >= datetime(2020-06-09T22:21:31.328494Z) | w...FalseNot found.00AzSTI
252.167.223.49ipv4NoneThreatIntelligenceIndicator | where TimeGenerated >= datetime(2020-06-09T22:21:31.328494Z) | w...FalseNot found.00AzSTI
31.2.3.4ipv4NoneThreatIntelligenceIndicator | where TimeGenerated >= datetime(2020-06-09T22:21:31.328494Z) | w...FalseNot found.00AzSTI
41.2.3.5ipv4NoneThreatIntelligenceIndicator | where TimeGenerated >= datetime(2020-06-09T22:21:31.328494Z) | w...FalseNot found.00AzSTI
\n", "
" ], "text/plain": [ " Ioc IocType QuerySubtype \\\n", "0 51.75.29.61 ipv4 None \n", "1 13.91.229.209 ipv4 None \n", "2 52.167.223.49 ipv4 None \n", "3 1.2.3.4 ipv4 None \n", "4 1.2.3.5 ipv4 None \n", "\n", " Reference \\\n", "0 ThreatIntelligenceIndicator | where TimeGenerated >= datetime(2020-06-09T22:21:31.328494Z) | w... \n", "1 ThreatIntelligenceIndicator | where TimeGenerated >= datetime(2020-06-09T22:21:31.328494Z) | w... \n", "2 ThreatIntelligenceIndicator | where TimeGenerated >= datetime(2020-06-09T22:21:31.328494Z) | w... \n", "3 ThreatIntelligenceIndicator | where TimeGenerated >= datetime(2020-06-09T22:21:31.328494Z) | w... \n", "4 ThreatIntelligenceIndicator | where TimeGenerated >= datetime(2020-06-09T22:21:31.328494Z) | w... \n", "\n", " Result Details Status Severity Provider \n", "0 False Not found. 0 0 AzSTI \n", "1 False Not found. 0 0 AzSTI \n", "2 False Not found. 0 0 AzSTI \n", "3 False Not found. 0 0 AzSTI \n", "4 False Not found. 0 0 AzSTI " ] }, "execution_count": 20, "metadata": {}, "output_type": "execute_result" } ], "source": [ "\n", "ioc_ips = [\n", " \"51.75.29.61\",\n", " \"33.44.55.66\"\n", " \"52.183.120.194\",\n", " \"13.91.229.209\",\n", " \"1.2.3.4\",\n", " \"52.167.223.49\",\n", " \"1.2.3.5\",\n", "]\n", "\n", "ti_lookup.lookup_iocs(data=ioc_ips, providers=\"AzSTI\")" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Multiple IoCs using all providers\n", "Output sorted by IoC\n", "\n", "Note that these URLs were picked randomly from the TI databases of the three providers used. In most cases the IoC is found by only that provider, which " ] }, { "cell_type": "code", "execution_count": 21, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:17.054530Z", "start_time": "2019-09-25T04:58:07.306811Z" } }, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
IocIocTypeSafeIocQuerySubtypeProviderResultSeverityDetailsRawResultReferenceStatus
5http://104.248.196.145/apache2urlhttp://104.248.196.145/apache2NoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
5http://104.248.196.145/apache2urlhttp://104.248.196.145/apache2NoneXForceFalseinformationNot found.<Response [404]>https://api.xforce.ibmcloud.com/url/http://104.248.196.145/apache2404
5http://104.248.196.145/apache2urlhttp%3A%2F%2F104.248.196.145%2Fapache2NoneOTXTrueinformation{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}{'indicator': 'http://104.248.196.145/apache2', 'alexa': '', 'whois': '', 'sections': ['general'...https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2F104.248.196.145%2Fapache2/general0
6http://ajaraheritage.ge/g7cbervurlhttp://ajaraheritage.ge/g7cbervNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '...https://api.xforce.ibmcloud.com/url/http://ajaraheritage.ge/g7cberv0
6http://ajaraheritage.ge/g7cbervurlhttp%3A%2F%2Fajaraheritage.ge%2Fg7cbervNoneOTXTruehigh{'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ...{'indicator': 'http://ajaraheritage.ge/g7cberv', 'alexa': 'http://www.alexa.com/siteinfo/ajarahe...https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fajaraheritage.ge%2Fg7cberv/general0
6http://ajaraheritage.ge/g7cbervurlhttp://ajaraheritage.ge/g7cbervNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
4http://append.pl/srh9xszurlhttp%3A%2F%2Fappend.pl%2Fsrh9xszNoneOTXTruewarning{'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],...{'indicator': 'http://append.pl/srh9xsz', 'alexa': 'http://www.alexa.com/siteinfo/append.pl', 'w...https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fappend.pl%2Fsrh9xsz/general0
4http://append.pl/srh9xszurlhttp://append.pl/srh9xszNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'append.pl', 'cats': {'Software / Hardware': True}, 'score': 1, 'categoryDesc...https://api.xforce.ibmcloud.com/url/http://append.pl/srh9xsz0
4http://append.pl/srh9xszurlhttp://append.pl/srh9xszNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
3http://businesstobuy.neturlhttp%3A%2F%2Fbusinesstobuy.netNoneOTXTrueinformation{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}{'indicator': 'http://businesstobuy.net', 'alexa': 'http://www.alexa.com/siteinfo/businesstobuy....https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fbusinesstobuy.net/general0
3http://businesstobuy.neturlhttp://businesstobuy.netNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'businesstobuy.net', 'cats': {'Phishing URLs': True}, 'score': 10, 'categoryD...https://api.xforce.ibmcloud.com/url/http://businesstobuy.net0
3http://businesstobuy.neturlhttp://businesstobuy.netNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
0http://cheapshirts.us/zVnMrG.phpurlhttp://cheapshirts.us/zVnMrG.phpNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'cheapshirts.us', 'cats': {'Shopping': True, 'Auctions / Classified Ads': Tru...https://api.xforce.ibmcloud.com/url/http://cheapshirts.us/zVnMrG.php0
0http://cheapshirts.us/zVnMrG.phpurlhttp%3A%2F%2Fcheapshirts.us%2FzVnMrG.phpNoneOTXTruehigh{'pulse_count': 7, 'names': ['CryptoWall Ransomware C2 URL blocklist (CW_C2_URLBL)', 'CryptoWall...{'indicator': 'http://cheapshirts.us/zVnMrG.php', 'alexa': 'http://www.alexa.com/siteinfo/cheaps...https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcheapshirts.us%2FzVnMrG.php/general0
0http://cheapshirts.us/zVnMrG.phpurlhttp://cheapshirts.us/zVnMrG.phpNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
1http://chinasymbolic.com/i9jnrcurlhttp://chinasymbolic.com/i9jnrcNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
1http://chinasymbolic.com/i9jnrcurlhttp%3A%2F%2Fchinasymbolic.com%2Fi9jnrcNoneOTXTruehigh{'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ...{'indicator': 'http://chinasymbolic.com/i9jnrc', 'alexa': 'http://www.alexa.com/siteinfo/chinasy...https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fchinasymbolic.com%2Fi9jnrc/general0
1http://chinasymbolic.com/i9jnrcurlhttp://chinasymbolic.com/i9jnrcNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'chinasymbolic.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, ...https://api.xforce.ibmcloud.com/url/http://chinasymbolic.com/i9jnrc0
7http://cic-integration.com/hjy93JNBasdasurlhttp://cic-integration.com/hjy93JNBasdasNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
7http://cic-integration.com/hjy93JNBasdasurlhttp%3A%2F%2Fcic-integration.com%2Fhjy93JNBasdasNoneOTXTruewarning{'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],...{'indicator': 'http://cic-integration.com/hjy93JNBasdas', 'alexa': 'http://www.alexa.com/siteinf...https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasda...0
7http://cic-integration.com/hjy93JNBasdasurlhttp://cic-integration.com/hjy93JNBasdasNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'cic-integration.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}...https://api.xforce.ibmcloud.com/url/http://cic-integration.com/hjy93JNBasdas0
8https://google.comurlhttps://google.comNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
8https://google.comurlhttps%3A%2F%2Fgoogle.comNoneOTXTrueinformation{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}{'indicator': 'https://google.com', 'alexa': 'http://www.alexa.com/siteinfo/google.com', 'whois'...https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fgoogle.com/general0
8https://google.comurlhttps://google.comNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'https://google.com', 'cats': {'Search Engines / Web Catalogues / Portals': T...https://api.xforce.ibmcloud.com/url/https://google.com0
2https://hotel-bristol.lu/dlry/MAnJIPnY/urlhttps://hotel-bristol.lu/dlry/MAnJIPnY/NoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
2https://hotel-bristol.lu/dlry/MAnJIPnY/urlhttps://hotel-bristol.lu/dlry/MAnJIPnY/NoneXForceFalseinformationNot found.<Response [404]>https://api.xforce.ibmcloud.com/url/https://hotel-bristol.lu/dlry/MAnJIPnY/404
2https://hotel-bristol.lu/dlry/MAnJIPnY/urlhttps%3A%2F%2Fhotel-bristol.lu%2Fdlry%2FMAnJIPnY%2FNoneOTXTrueinformation{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}{'indicator': 'https://hotel-bristol.lu/dlry/MAnJIPnY', 'alexa': 'http://www.alexa.com/siteinfo/...https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fhotel-bristol.lu%2Fdlry%2FMAnJIPn...0
9https://microsoft.comurlhttps://microsoft.comNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
9https://microsoft.comurlhttps%3A%2F%2Fmicrosoft.comNoneOTXTrueinformation{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}{'indicator': 'https://microsoft.com', 'alexa': 'http://www.alexa.com/siteinfo/microsoft.com', '...https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fmicrosoft.com/general0
9https://microsoft.comurlhttps://microsoft.comNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'microsoft.com', 'cats': {'Software / Hardware': True, 'General Business': Tr...https://api.xforce.ibmcloud.com/url/https://microsoft.com0
10https://python.orgurlhttps://python.orgNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
10https://python.orgurlhttps%3A%2F%2Fpython.orgNoneOTXTrueinformation{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}{'indicator': 'https://python.org', 'alexa': 'http://www.alexa.com/siteinfo/python.org', 'whois'...https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fpython.org/general0
10https://python.orgurlhttps://python.orgNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'python.org', 'cats': {'Software / Hardware': True}, 'score': 1, 'application...https://api.xforce.ibmcloud.com/url/https://python.org0
\n", "
" ], "text/plain": [ " Ioc IocType \\\n", "5 http://104.248.196.145/apache2 url \n", "5 http://104.248.196.145/apache2 url \n", "5 http://104.248.196.145/apache2 url \n", "6 http://ajaraheritage.ge/g7cberv url \n", "6 http://ajaraheritage.ge/g7cberv url \n", "6 http://ajaraheritage.ge/g7cberv url \n", "4 http://append.pl/srh9xsz url \n", "4 http://append.pl/srh9xsz url \n", "4 http://append.pl/srh9xsz url \n", "3 http://businesstobuy.net url \n", "3 http://businesstobuy.net url \n", "3 http://businesstobuy.net url \n", "0 http://cheapshirts.us/zVnMrG.php url \n", "0 http://cheapshirts.us/zVnMrG.php url \n", "0 http://cheapshirts.us/zVnMrG.php url \n", "1 http://chinasymbolic.com/i9jnrc url \n", "1 http://chinasymbolic.com/i9jnrc url \n", "1 http://chinasymbolic.com/i9jnrc url \n", "7 http://cic-integration.com/hjy93JNBasdas url \n", "7 http://cic-integration.com/hjy93JNBasdas url \n", "7 http://cic-integration.com/hjy93JNBasdas url \n", "8 https://google.com url \n", "8 https://google.com url \n", "8 https://google.com url \n", "2 https://hotel-bristol.lu/dlry/MAnJIPnY/ url \n", "2 https://hotel-bristol.lu/dlry/MAnJIPnY/ url \n", "2 https://hotel-bristol.lu/dlry/MAnJIPnY/ url \n", "9 https://microsoft.com url \n", "9 https://microsoft.com url \n", "9 https://microsoft.com url \n", "10 https://python.org url \n", "10 https://python.org url \n", "10 https://python.org url \n", "\n", " SafeIoc QuerySubtype \\\n", "5 http://104.248.196.145/apache2 None \n", "5 http://104.248.196.145/apache2 None \n", "5 http%3A%2F%2F104.248.196.145%2Fapache2 None \n", "6 http://ajaraheritage.ge/g7cberv None \n", "6 http%3A%2F%2Fajaraheritage.ge%2Fg7cberv None \n", "6 http://ajaraheritage.ge/g7cberv None \n", "4 http%3A%2F%2Fappend.pl%2Fsrh9xsz None \n", "4 http://append.pl/srh9xsz None \n", "4 http://append.pl/srh9xsz None \n", "3 http%3A%2F%2Fbusinesstobuy.net None \n", "3 http://businesstobuy.net None \n", "3 http://businesstobuy.net None \n", "0 http://cheapshirts.us/zVnMrG.php None \n", "0 http%3A%2F%2Fcheapshirts.us%2FzVnMrG.php None \n", "0 http://cheapshirts.us/zVnMrG.php None \n", "1 http://chinasymbolic.com/i9jnrc None \n", "1 http%3A%2F%2Fchinasymbolic.com%2Fi9jnrc None \n", "1 http://chinasymbolic.com/i9jnrc None \n", "7 http://cic-integration.com/hjy93JNBasdas None \n", "7 http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasdas None \n", "7 http://cic-integration.com/hjy93JNBasdas None \n", "8 https://google.com None \n", "8 https%3A%2F%2Fgoogle.com None \n", "8 https://google.com None \n", "2 https://hotel-bristol.lu/dlry/MAnJIPnY/ None \n", "2 https://hotel-bristol.lu/dlry/MAnJIPnY/ None \n", "2 https%3A%2F%2Fhotel-bristol.lu%2Fdlry%2FMAnJIPnY%2F None \n", "9 https://microsoft.com None \n", "9 https%3A%2F%2Fmicrosoft.com None \n", "9 https://microsoft.com None \n", "10 https://python.org None \n", "10 https%3A%2F%2Fpython.org None \n", "10 https://python.org None \n", "\n", " Provider Result Severity \\\n", "5 VirusTotal False information \n", "5 XForce False information \n", "5 OTX True information \n", "6 XForce True information \n", "6 OTX True high \n", "6 VirusTotal False information \n", "4 OTX True warning \n", "4 XForce True information \n", "4 VirusTotal False information \n", "3 OTX True information \n", "3 XForce True information \n", "3 VirusTotal False information \n", "0 XForce True information \n", "0 OTX True high \n", "0 VirusTotal False information \n", "1 VirusTotal False information \n", "1 OTX True high \n", "1 XForce True information \n", "7 VirusTotal False information \n", "7 OTX True warning \n", "7 XForce True information \n", "8 VirusTotal False information \n", "8 OTX True information \n", "8 XForce True information \n", "2 VirusTotal False information \n", "2 XForce False information \n", "2 OTX True information \n", "9 VirusTotal False information \n", "9 OTX True information \n", "9 XForce True information \n", "10 VirusTotal False information \n", "10 OTX True information \n", "10 XForce True information \n", "\n", " Details \\\n", "5 Request forbidden. Allowed query rate may have been exceeded. \n", "5 Not found. \n", "5 {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']} \n", "6 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "6 {'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ... \n", "6 Request forbidden. Allowed query rate may have been exceeded. \n", "4 {'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],... \n", "4 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "4 Request forbidden. Allowed query rate may have been exceeded. \n", "3 {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']} \n", "3 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "3 Request forbidden. Allowed query rate may have been exceeded. \n", "0 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "0 {'pulse_count': 7, 'names': ['CryptoWall Ransomware C2 URL blocklist (CW_C2_URLBL)', 'CryptoWall... \n", "0 Request forbidden. Allowed query rate may have been exceeded. \n", "1 Request forbidden. Allowed query rate may have been exceeded. \n", "1 {'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ... \n", "1 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "7 Request forbidden. Allowed query rate may have been exceeded. \n", "7 {'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],... \n", "7 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "8 Request forbidden. Allowed query rate may have been exceeded. \n", "8 {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']} \n", "8 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "2 Request forbidden. Allowed query rate may have been exceeded. \n", "2 Not found. \n", "2 {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']} \n", "9 Request forbidden. Allowed query rate may have been exceeded. \n", "9 {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']} \n", "9 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "10 Request forbidden. Allowed query rate may have been exceeded. \n", "10 {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']} \n", "10 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "\n", " RawResult \\\n", "5 \n", "5 \n", "5 {'indicator': 'http://104.248.196.145/apache2', 'alexa': '', 'whois': '', 'sections': ['general'... \n", "6 {'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '... \n", "6 {'indicator': 'http://ajaraheritage.ge/g7cberv', 'alexa': 'http://www.alexa.com/siteinfo/ajarahe... \n", "6 \n", "4 {'indicator': 'http://append.pl/srh9xsz', 'alexa': 'http://www.alexa.com/siteinfo/append.pl', 'w... \n", "4 {'result': {'url': 'append.pl', 'cats': {'Software / Hardware': True}, 'score': 1, 'categoryDesc... \n", "4 \n", "3 {'indicator': 'http://businesstobuy.net', 'alexa': 'http://www.alexa.com/siteinfo/businesstobuy.... \n", "3 {'result': {'url': 'businesstobuy.net', 'cats': {'Phishing URLs': True}, 'score': 10, 'categoryD... \n", "3 \n", "0 {'result': {'url': 'cheapshirts.us', 'cats': {'Shopping': True, 'Auctions / Classified Ads': Tru... \n", "0 {'indicator': 'http://cheapshirts.us/zVnMrG.php', 'alexa': 'http://www.alexa.com/siteinfo/cheaps... \n", "0 \n", "1 \n", "1 {'indicator': 'http://chinasymbolic.com/i9jnrc', 'alexa': 'http://www.alexa.com/siteinfo/chinasy... \n", "1 {'result': {'url': 'chinasymbolic.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, ... \n", "7 \n", "7 {'indicator': 'http://cic-integration.com/hjy93JNBasdas', 'alexa': 'http://www.alexa.com/siteinf... \n", "7 {'result': {'url': 'cic-integration.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}... \n", "8 \n", "8 {'indicator': 'https://google.com', 'alexa': 'http://www.alexa.com/siteinfo/google.com', 'whois'... \n", "8 {'result': {'url': 'https://google.com', 'cats': {'Search Engines / Web Catalogues / Portals': T... \n", "2 \n", "2 \n", "2 {'indicator': 'https://hotel-bristol.lu/dlry/MAnJIPnY', 'alexa': 'http://www.alexa.com/siteinfo/... \n", "9 \n", "9 {'indicator': 'https://microsoft.com', 'alexa': 'http://www.alexa.com/siteinfo/microsoft.com', '... \n", "9 {'result': {'url': 'microsoft.com', 'cats': {'Software / Hardware': True, 'General Business': Tr... \n", "10 \n", "10 {'indicator': 'https://python.org', 'alexa': 'http://www.alexa.com/siteinfo/python.org', 'whois'... \n", "10 {'result': {'url': 'python.org', 'cats': {'Software / Hardware': True}, 'score': 1, 'application... \n", "\n", " Reference \\\n", "5 https://www.virustotal.com/vtapi/v2/url/report \n", "5 https://api.xforce.ibmcloud.com/url/http://104.248.196.145/apache2 \n", "5 https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2F104.248.196.145%2Fapache2/general \n", "6 https://api.xforce.ibmcloud.com/url/http://ajaraheritage.ge/g7cberv \n", "6 https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fajaraheritage.ge%2Fg7cberv/general \n", "6 https://www.virustotal.com/vtapi/v2/url/report \n", "4 https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fappend.pl%2Fsrh9xsz/general \n", "4 https://api.xforce.ibmcloud.com/url/http://append.pl/srh9xsz \n", "4 https://www.virustotal.com/vtapi/v2/url/report \n", "3 https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fbusinesstobuy.net/general \n", "3 https://api.xforce.ibmcloud.com/url/http://businesstobuy.net \n", "3 https://www.virustotal.com/vtapi/v2/url/report \n", "0 https://api.xforce.ibmcloud.com/url/http://cheapshirts.us/zVnMrG.php \n", "0 https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcheapshirts.us%2FzVnMrG.php/general \n", "0 https://www.virustotal.com/vtapi/v2/url/report \n", "1 https://www.virustotal.com/vtapi/v2/url/report \n", "1 https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fchinasymbolic.com%2Fi9jnrc/general \n", "1 https://api.xforce.ibmcloud.com/url/http://chinasymbolic.com/i9jnrc \n", "7 https://www.virustotal.com/vtapi/v2/url/report \n", "7 https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasda... \n", "7 https://api.xforce.ibmcloud.com/url/http://cic-integration.com/hjy93JNBasdas \n", "8 https://www.virustotal.com/vtapi/v2/url/report \n", "8 https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fgoogle.com/general \n", "8 https://api.xforce.ibmcloud.com/url/https://google.com \n", "2 https://www.virustotal.com/vtapi/v2/url/report \n", "2 https://api.xforce.ibmcloud.com/url/https://hotel-bristol.lu/dlry/MAnJIPnY/ \n", "2 https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fhotel-bristol.lu%2Fdlry%2FMAnJIPn... \n", "9 https://www.virustotal.com/vtapi/v2/url/report \n", "9 https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fmicrosoft.com/general \n", "9 https://api.xforce.ibmcloud.com/url/https://microsoft.com \n", "10 https://www.virustotal.com/vtapi/v2/url/report \n", "10 https://otx.alienvault.com/api/v1/indicators/url/https%3A%2F%2Fpython.org/general \n", "10 https://api.xforce.ibmcloud.com/url/https://python.org \n", "\n", " Status \n", "5 403 \n", "5 404 \n", "5 0 \n", "6 0 \n", "6 0 \n", "6 403 \n", "4 0 \n", "4 0 \n", "4 403 \n", "3 0 \n", "3 0 \n", "3 403 \n", "0 0 \n", "0 0 \n", "0 403 \n", "1 403 \n", "1 0 \n", "1 0 \n", "7 403 \n", "7 0 \n", "7 0 \n", "8 403 \n", "8 0 \n", "8 0 \n", "2 403 \n", "2 404 \n", "2 0 \n", "9 403 \n", "9 0 \n", "9 0 \n", "10 403 \n", "10 0 \n", "10 0 " ] }, "execution_count": 21, "metadata": {}, "output_type": "execute_result" } ], "source": [ "ioc_urls = [\n", " \"http://cheapshirts.us/zVnMrG.php\",\n", " \"http://chinasymbolic.com/i9jnrc\",\n", " \"https://hotel-bristol.lu/dlry/MAnJIPnY/\",\n", " \"http://businesstobuy.net\",\n", " \"http://append.pl/srh9xsz\",\n", " \"http://104.248.196.145/apache2\",\n", " \"http://ajaraheritage.ge/g7cberv\",\n", " \"http://cic-integration.com/hjy93JNBasdas\",\n", " \"https://google.com\", # benign\n", " \"https://microsoft.com\", # benign\n", " \"https://python.org\", # benign\n", "]\n", "results = ti_lookup.lookup_iocs(data=ioc_urls)\n", "results.sort_values(\"Ioc\")" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Multiple Mixed IoC Types" ] }, { "cell_type": "code", "execution_count": 22, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:34.221945Z", "start_time": "2019-09-25T04:58:17.055505Z" } }, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
IocIocTypeSafeIocQuerySubtypeProviderResultSeverityDetailsRawResultReferenceStatus
0http://104.248.196.145/apache2urlhttp%3A%2F%2F104.248.196.145%2Fapache2NoneOTXTrueinformation{'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']}{'indicator': 'http://104.248.196.145/apache2', 'alexa': '', 'whois': '', 'sections': ['general'...https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2F104.248.196.145%2Fapache2/general0
1http://ajaraheritage.ge/g7cbervurlhttp%3A%2F%2Fajaraheritage.ge%2Fg7cbervNoneOTXTruehigh{'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ...{'indicator': 'http://ajaraheritage.ge/g7cberv', 'alexa': 'http://www.alexa.com/siteinfo/ajarahe...https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fajaraheritage.ge%2Fg7cberv/general0
2http://cic-integration.com/hjy93JNBasdasurlhttp%3A%2F%2Fcic-integration.com%2Fhjy93JNBasdasNoneOTXTruewarning{'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],...{'indicator': 'http://cic-integration.com/hjy93JNBasdas', 'alexa': 'http://www.alexa.com/siteinf...https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasda...0
351.75.29.61ipv451.75.29.61NoneOTXTruehigh{'pulse_count': 49, 'names': ['CYBSEC-TIA Bad IPs', '2020-07-02 Fail2ban b3478ecb-279e-4ad8-864b...{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...https://otx.alienvault.com/api/v1/indicators/IPv4/51.75.29.61/general0
433.44.55.66ipv433.44.55.66NoneOTXTrueinformation{'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d...{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...https://otx.alienvault.com/api/v1/indicators/IPv4/33.44.55.66/general0
552.183.120.194ipv452.183.120.194NoneOTXTrueinformation{'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d...{'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',...https://otx.alienvault.com/api/v1/indicators/IPv4/52.183.120.194/general0
6f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092sha256_hashf8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092NoneOTXTruehigh{'pulse_count': 3, 'names': ['Emotet IOCs 2/4/2019', 'Emotet IOCs 2/1/2019', 'Emotet IOCs 1/31/2...{'indicator': 'f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092', 'sections': ['...https://otx.alienvault.com/api/v1/indicators/file/f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5...0
7cc2db822f652ca67038ba7cca8a8bde3md5_hashcc2db822f652ca67038ba7cca8a8bde3NoneOTXTrueinformation{'pulse_count': 0, 'sections_available': ['general', 'analysis']}{'indicator': 'cc2db822f652ca67038ba7cca8a8bde3', 'sections': ['general', 'analysis'], 'pulse_in...https://otx.alienvault.com/api/v1/indicators/file/cc2db822f652ca67038ba7cca8a8bde3/general0
8ajaraheritage.gednsajaraheritage.geNoneOTXTruehigh{'pulse_count': 22, 'names': ['Blah', 'Blah', 'Blah', 'IOCs - 2020272054 - Huge Upload', 'IOCs -...{'indicator': 'ajaraheritage.ge', 'alexa': 'http://www.alexa.com/siteinfo/ajaraheritage.ge', 'wh...https://otx.alienvault.com/api/v1/indicators/domain/ajaraheritage.ge/general0
0ajaraheritage.gednsNoneOPRTrueinformation{'rank': '4421759', 'page_rank': 3.18, 'error': ''}{'status_code': 200, 'error': '', 'page_rank_integer': 3, 'page_rank_decimal': 3.18, 'rank': '44...https://openpagerank.com/api/v1.0/getPageRank?domains[0]=ajaraheritage.ge0
351.75.29.61ipv451.75.29.61NoneTorTrueinformationNot found.Nonehttps://check.torproject.org/exit-addresses0
433.44.55.66ipv433.44.55.66NoneTorTrueinformationNot found.Nonehttps://check.torproject.org/exit-addresses0
552.183.120.194ipv452.183.120.194NoneTorTrueinformationNot found.Nonehttps://check.torproject.org/exit-addresses0
0http://104.248.196.145/apache2urlhttp://104.248.196.145/apache2NoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
1http://ajaraheritage.ge/g7cbervurlhttp://ajaraheritage.ge/g7cbervNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
2http://cic-integration.com/hjy93JNBasdasurlhttp://cic-integration.com/hjy93JNBasdasNoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/url/report403
351.75.29.61ipv451.75.29.61NoneVirusTotalTrueinformation{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': ['http://51.75.29....{'https_certificate_date': 1593601749, 'undetected_downloaded_samples': [{'date': '2020-07-02 20...https://www.virustotal.com/vtapi/v2/ip-address/report0
433.44.55.66ipv433.44.55.66NoneVirusTotalTrueinformation{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0...{'undetected_urls': [['http://33.44.55.66/77/77.66.66-55-55-44', '27bf8e5c90a431fb1c078f16949a83...https://www.virustotal.com/vtapi/v2/ip-address/report0
552.183.120.194ipv452.183.120.194NoneVirusTotalTrueinformation{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0}{'https_certificate_date': 1569589456, 'whois': 'NetRange: 52.145.0.0 - 52.191.255.255\n", "CIDR: 52....https://www.virustotal.com/vtapi/v2/ip-address/report0
6f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092sha256_hashf8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092NoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/file/report403
7cc2db822f652ca67038ba7cca8a8bde3md5_hashcc2db822f652ca67038ba7cca8a8bde3NoneVirusTotalFalseinformationRequest forbidden. Allowed query rate may have been exceeded.<Response [403]>https://www.virustotal.com/vtapi/v2/file/report403
8ajaraheritage.gednsajaraheritage.geNoneVirusTotalFalseinformationNo Content<Response [204]>https://www.virustotal.com/vtapi/v2/domain/report204
0http://104.248.196.145/apache2urlhttp://104.248.196.145/apache2NoneXForceFalseinformationNot found.<Response [404]>https://api.xforce.ibmcloud.com/url/http://104.248.196.145/apache2404
1http://ajaraheritage.ge/g7cbervurlhttp://ajaraheritage.ge/g7cbervNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '...https://api.xforce.ibmcloud.com/url/http://ajaraheritage.ge/g7cberv0
2http://cic-integration.com/hjy93JNBasdasurlhttp://cic-integration.com/hjy93JNBasdasNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'cic-integration.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}...https://api.xforce.ibmcloud.com/url/http://cic-integration.com/hjy93JNBasdas0
351.75.29.61ipv451.75.29.61NoneXForceTruewarning{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...{'ip': '51.75.29.61', 'history': [{'created': '2012-06-20T07:03:00.000Z', 'reason': 'Regional In...https://api.xforce.ibmcloud.com/ipr/51.75.29.610
433.44.55.66ipv433.44.55.66NoneXForceTruewarning{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...{'ip': '33.44.55.66', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In...https://api.xforce.ibmcloud.com/ipr/33.44.55.660
552.183.120.194ipv452.183.120.194NoneXForceTruewarning{'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're...{'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional...https://api.xforce.ibmcloud.com/ipr/52.183.120.1940
6f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092sha256_hashf8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092NoneXForceTruehigh{'risk': 'high', 'family': None, 'reasonDescription': 0}{'malware': {'origins': {'external': {'source': 'reversingLabs', 'firstSeen': '2019-01-31T17:30:...https://api.xforce.ibmcloud.com/malware/f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf31...0
7cc2db822f652ca67038ba7cca8a8bde3md5_hashcc2db822f652ca67038ba7cca8a8bde3NoneXForceTruehigh{'risk': 'high', 'family': None, 'reasonDescription': 0}{'malware': {'origins': {'external': {'source': 'reversingLabs', 'firstSeen': '2019-01-22T11:37:...https://api.xforce.ibmcloud.com/malware/cc2db822f652ca67038ba7cca8a8bde30
8ajaraheritage.gednsajaraheritage.geNoneXForceTrueinformation{'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,...{'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '...https://api.xforce.ibmcloud.com/url/ajaraheritage.ge0
\n", "
" ], "text/plain": [ " Ioc \\\n", "0 http://104.248.196.145/apache2 \n", "1 http://ajaraheritage.ge/g7cberv \n", "2 http://cic-integration.com/hjy93JNBasdas \n", "3 51.75.29.61 \n", "4 33.44.55.66 \n", "5 52.183.120.194 \n", "6 f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092 \n", "7 cc2db822f652ca67038ba7cca8a8bde3 \n", "8 ajaraheritage.ge \n", "0 ajaraheritage.ge \n", "3 51.75.29.61 \n", "4 33.44.55.66 \n", "5 52.183.120.194 \n", "0 http://104.248.196.145/apache2 \n", "1 http://ajaraheritage.ge/g7cberv \n", "2 http://cic-integration.com/hjy93JNBasdas \n", "3 51.75.29.61 \n", "4 33.44.55.66 \n", "5 52.183.120.194 \n", "6 f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092 \n", "7 cc2db822f652ca67038ba7cca8a8bde3 \n", "8 ajaraheritage.ge \n", "0 http://104.248.196.145/apache2 \n", "1 http://ajaraheritage.ge/g7cberv \n", "2 http://cic-integration.com/hjy93JNBasdas \n", "3 51.75.29.61 \n", "4 33.44.55.66 \n", "5 52.183.120.194 \n", "6 f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092 \n", "7 cc2db822f652ca67038ba7cca8a8bde3 \n", "8 ajaraheritage.ge \n", "\n", " IocType \\\n", "0 url \n", "1 url \n", "2 url \n", "3 ipv4 \n", "4 ipv4 \n", "5 ipv4 \n", "6 sha256_hash \n", "7 md5_hash \n", "8 dns \n", "0 dns \n", "3 ipv4 \n", "4 ipv4 \n", "5 ipv4 \n", "0 url \n", "1 url \n", "2 url \n", "3 ipv4 \n", "4 ipv4 \n", "5 ipv4 \n", "6 sha256_hash \n", "7 md5_hash \n", "8 dns \n", "0 url \n", "1 url \n", "2 url \n", "3 ipv4 \n", "4 ipv4 \n", "5 ipv4 \n", "6 sha256_hash \n", "7 md5_hash \n", "8 dns \n", "\n", " SafeIoc \\\n", "0 http%3A%2F%2F104.248.196.145%2Fapache2 \n", "1 http%3A%2F%2Fajaraheritage.ge%2Fg7cberv \n", "2 http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasdas \n", "3 51.75.29.61 \n", "4 33.44.55.66 \n", "5 52.183.120.194 \n", "6 f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092 \n", "7 cc2db822f652ca67038ba7cca8a8bde3 \n", "8 ajaraheritage.ge \n", "0 \n", "3 51.75.29.61 \n", "4 33.44.55.66 \n", "5 52.183.120.194 \n", "0 http://104.248.196.145/apache2 \n", "1 http://ajaraheritage.ge/g7cberv \n", "2 http://cic-integration.com/hjy93JNBasdas \n", "3 51.75.29.61 \n", "4 33.44.55.66 \n", "5 52.183.120.194 \n", "6 f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092 \n", "7 cc2db822f652ca67038ba7cca8a8bde3 \n", "8 ajaraheritage.ge \n", "0 http://104.248.196.145/apache2 \n", "1 http://ajaraheritage.ge/g7cberv \n", "2 http://cic-integration.com/hjy93JNBasdas \n", "3 51.75.29.61 \n", "4 33.44.55.66 \n", "5 52.183.120.194 \n", "6 f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092 \n", "7 cc2db822f652ca67038ba7cca8a8bde3 \n", "8 ajaraheritage.ge \n", "\n", " QuerySubtype Provider Result Severity \\\n", "0 None OTX True information \n", "1 None OTX True high \n", "2 None OTX True warning \n", "3 None OTX True high \n", "4 None OTX True information \n", "5 None OTX True information \n", "6 None OTX True high \n", "7 None OTX True information \n", "8 None OTX True high \n", "0 None OPR True information \n", "3 None Tor True information \n", "4 None Tor True information \n", "5 None Tor True information \n", "0 None VirusTotal False information \n", "1 None VirusTotal False information \n", "2 None VirusTotal False information \n", "3 None VirusTotal True information \n", "4 None VirusTotal True information \n", "5 None VirusTotal True information \n", "6 None VirusTotal False information \n", "7 None VirusTotal False information \n", "8 None VirusTotal False information \n", "0 None XForce False information \n", "1 None XForce True information \n", "2 None XForce True information \n", "3 None XForce True warning \n", "4 None XForce True warning \n", "5 None XForce True warning \n", "6 None XForce True high \n", "7 None XForce True high \n", "8 None XForce True information \n", "\n", " Details \\\n", "0 {'pulse_count': 0, 'sections_available': ['general', 'url_list', 'http_scans', 'screenshot']} \n", "1 {'pulse_count': 2, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)', ... \n", "2 {'pulse_count': 1, 'names': ['Locky Ransomware Distribution Sites URL blocklist (LY_DS_URLBL)'],... \n", "3 {'pulse_count': 49, 'names': ['CYBSEC-TIA Bad IPs', '2020-07-02 Fail2ban b3478ecb-279e-4ad8-864b... \n", "4 {'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d... \n", "5 {'pulse_count': 0, 'sections_available': ['general', 'geo', 'reputation', 'url_list', 'passive_d... \n", "6 {'pulse_count': 3, 'names': ['Emotet IOCs 2/4/2019', 'Emotet IOCs 2/1/2019', 'Emotet IOCs 1/31/2... \n", "7 {'pulse_count': 0, 'sections_available': ['general', 'analysis']} \n", "8 {'pulse_count': 22, 'names': ['Blah', 'Blah', 'Blah', 'IOCs - 2020272054 - Huge Upload', 'IOCs -... \n", "0 {'rank': '4421759', 'page_rank': 3.18, 'error': ''} \n", "3 Not found. \n", "4 Not found. \n", "5 Not found. \n", "0 Request forbidden. Allowed query rate may have been exceeded. \n", "1 Request forbidden. Allowed query rate may have been exceeded. \n", "2 Request forbidden. Allowed query rate may have been exceeded. \n", "3 {'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': ['http://51.75.29.... \n", "4 {'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0... \n", "5 {'verbose_msg': 'IP address in dataset', 'response_code': 1, 'detected_urls': [], 'positives': 0} \n", "6 Request forbidden. Allowed query rate may have been exceeded. \n", "7 Request forbidden. Allowed query rate may have been exceeded. \n", "8 No Content \n", "0 Not found. \n", "1 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "2 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "3 {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... \n", "4 {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... \n", "5 {'score': 1, 'cats': {}, 'categoryDescriptions': {}, 'reason': 'Regional Internet Registry', 're... \n", "6 {'risk': 'high', 'family': None, 'reasonDescription': 0} \n", "7 {'risk': 'high', 'family': None, 'reasonDescription': 0} \n", "8 {'score': 0, 'cats': None, 'categoryDescriptions': None, 'reason': None, 'reasonDescription': 0,... \n", "\n", " RawResult \\\n", "0 {'indicator': 'http://104.248.196.145/apache2', 'alexa': '', 'whois': '', 'sections': ['general'... \n", "1 {'indicator': 'http://ajaraheritage.ge/g7cberv', 'alexa': 'http://www.alexa.com/siteinfo/ajarahe... \n", "2 {'indicator': 'http://cic-integration.com/hjy93JNBasdas', 'alexa': 'http://www.alexa.com/siteinf... \n", "3 {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... \n", "4 {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... \n", "5 {'sections': ['general', 'geo', 'reputation', 'url_list', 'passive_dns', 'malware', 'nids_list',... \n", "6 {'indicator': 'f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092', 'sections': ['... \n", "7 {'indicator': 'cc2db822f652ca67038ba7cca8a8bde3', 'sections': ['general', 'analysis'], 'pulse_in... \n", "8 {'indicator': 'ajaraheritage.ge', 'alexa': 'http://www.alexa.com/siteinfo/ajaraheritage.ge', 'wh... \n", "0 {'status_code': 200, 'error': '', 'page_rank_integer': 3, 'page_rank_decimal': 3.18, 'rank': '44... \n", "3 None \n", "4 None \n", "5 None \n", "0 \n", "1 \n", "2 \n", "3 {'https_certificate_date': 1593601749, 'undetected_downloaded_samples': [{'date': '2020-07-02 20... \n", "4 {'undetected_urls': [['http://33.44.55.66/77/77.66.66-55-55-44', '27bf8e5c90a431fb1c078f16949a83... \n", "5 {'https_certificate_date': 1569589456, 'whois': 'NetRange: 52.145.0.0 - 52.191.255.255\n", "CIDR: 52.... \n", "6 \n", "7 \n", "8 \n", "0 \n", "1 {'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '... \n", "2 {'result': {'url': 'cic-integration.com', 'cats': {}, 'score': None, 'categoryDescriptions': {}}... \n", "3 {'ip': '51.75.29.61', 'history': [{'created': '2012-06-20T07:03:00.000Z', 'reason': 'Regional In... \n", "4 {'ip': '33.44.55.66', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional In... \n", "5 {'ip': '52.183.120.194', 'history': [{'created': '2012-03-22T07:26:00.000Z', 'reason': 'Regional... \n", "6 {'malware': {'origins': {'external': {'source': 'reversingLabs', 'firstSeen': '2019-01-31T17:30:... \n", "7 {'malware': {'origins': {'external': {'source': 'reversingLabs', 'firstSeen': '2019-01-22T11:37:... \n", "8 {'result': {'url': 'ajaraheritage.ge', 'cats': {}, 'score': None, 'categoryDescriptions': {}}, '... \n", "\n", " Reference \\\n", "0 https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2F104.248.196.145%2Fapache2/general \n", "1 https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fajaraheritage.ge%2Fg7cberv/general \n", "2 https://otx.alienvault.com/api/v1/indicators/url/http%3A%2F%2Fcic-integration.com%2Fhjy93JNBasda... \n", "3 https://otx.alienvault.com/api/v1/indicators/IPv4/51.75.29.61/general \n", "4 https://otx.alienvault.com/api/v1/indicators/IPv4/33.44.55.66/general \n", "5 https://otx.alienvault.com/api/v1/indicators/IPv4/52.183.120.194/general \n", "6 https://otx.alienvault.com/api/v1/indicators/file/f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5... \n", "7 https://otx.alienvault.com/api/v1/indicators/file/cc2db822f652ca67038ba7cca8a8bde3/general \n", "8 https://otx.alienvault.com/api/v1/indicators/domain/ajaraheritage.ge/general \n", "0 https://openpagerank.com/api/v1.0/getPageRank?domains[0]=ajaraheritage.ge \n", "3 https://check.torproject.org/exit-addresses \n", "4 https://check.torproject.org/exit-addresses \n", "5 https://check.torproject.org/exit-addresses \n", "0 https://www.virustotal.com/vtapi/v2/url/report \n", "1 https://www.virustotal.com/vtapi/v2/url/report \n", "2 https://www.virustotal.com/vtapi/v2/url/report \n", "3 https://www.virustotal.com/vtapi/v2/ip-address/report \n", "4 https://www.virustotal.com/vtapi/v2/ip-address/report \n", "5 https://www.virustotal.com/vtapi/v2/ip-address/report \n", "6 https://www.virustotal.com/vtapi/v2/file/report \n", "7 https://www.virustotal.com/vtapi/v2/file/report \n", "8 https://www.virustotal.com/vtapi/v2/domain/report \n", "0 https://api.xforce.ibmcloud.com/url/http://104.248.196.145/apache2 \n", "1 https://api.xforce.ibmcloud.com/url/http://ajaraheritage.ge/g7cberv \n", "2 https://api.xforce.ibmcloud.com/url/http://cic-integration.com/hjy93JNBasdas \n", "3 https://api.xforce.ibmcloud.com/ipr/51.75.29.61 \n", "4 https://api.xforce.ibmcloud.com/ipr/33.44.55.66 \n", "5 https://api.xforce.ibmcloud.com/ipr/52.183.120.194 \n", "6 https://api.xforce.ibmcloud.com/malware/f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf31... \n", "7 https://api.xforce.ibmcloud.com/malware/cc2db822f652ca67038ba7cca8a8bde3 \n", "8 https://api.xforce.ibmcloud.com/url/ajaraheritage.ge \n", "\n", " Status \n", "0 0 \n", "1 0 \n", "2 0 \n", "3 0 \n", "4 0 \n", "5 0 \n", "6 0 \n", "7 0 \n", "8 0 \n", "0 0 \n", "3 0 \n", "4 0 \n", "5 0 \n", "0 403 \n", "1 403 \n", "2 403 \n", "3 0 \n", "4 0 \n", "5 0 \n", "6 403 \n", "7 403 \n", "8 204 \n", "0 404 \n", "1 0 \n", "2 0 \n", "3 0 \n", "4 0 \n", "5 0 \n", "6 0 \n", "7 0 \n", "8 0 " ] }, "execution_count": 22, "metadata": {}, "output_type": "execute_result" } ], "source": [ "ioc_mixed = [\n", " \"http://104.248.196.145/apache2\",\n", " \"http://ajaraheritage.ge/g7cberv\",\n", " \"http://cic-integration.com/hjy93JNBasdas\",\n", " \"51.75.29.61\",\n", " \"33.44.55.66\",\n", " \"52.183.120.194\",\n", " \"f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092\",\n", " \"cc2db822f652ca67038ba7cca8a8bde3\",\n", " \"ajaraheritage.ge\",\n", "]\n", "results = ti_lookup.lookup_iocs(data=ioc_mixed)\n", "results" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Browsing TI Results\n", "To make it easier to walk through the returned results there is a browser. \n", "This shows you results aggregated by the IoC value (e.g. an individual IP \n", "Address or URL) for all providers.\n", "\n", "For each provider that returns a result for an IoC, the summarized details \n", "will be shown in a table below the browse list.\n", "Click on `Raw results from provider...` to see all returned data.\n", "\n", "> **Note**: the reference URL may not work if you have not authenticated\n", "> to the service\n", "\n", "The value of the selected IoC entry is available as `ti_selector.value`\n", "\n", "You can match this back to the original results DataFrame as follows:\n", "```\n", "results[results[\"Ioc\"] == ti_selector.value[0]]\n", "```" ] }, { "cell_type": "code", "execution_count": 31, "metadata": {}, "outputs": [ { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "56ab970fdbd04eccb795ac7a05c5939c", "version_major": 2, "version_minor": 0 }, "text/plain": [ "VBox(children=(Text(value='', description='Filter:', style=DescriptionStyle(description_width='initial')), Sel…" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "
" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": [ "

33.44.55.66

Type: 'ipv4', Provider: XForce, severity: warning

Details

\n", "\n", "
XForce
score1
cats
categoryDescriptions
reasonRegional Internet Registry
reasonDescriptionOne of the five RIRs announced a (new) location mapping of the IP.
tags[]

Reference:

https://api.xforce.ibmcloud.com/ipr/33.44.55.66

Raw Results

\n", "
\n", " Raw results from provider...\n", " 
{'categoryDescriptions': {},
 'cats': {},
 'geo': {'country': 'United States', 'countrycode': 'US'},
 'history': [{'categoryDescriptions': {},
              'cats': {},
              'created': '2012-03-22T07:26:00.000Z',
              'geo': {'country': 'United States', 'countrycode': 'US'},
              'ip': '33.0.0.0/8',
              'reason': 'Regional Internet Registry',
              'reasonDescription': 'One of the five RIRs announced a (new) '
                                   'location mapping of the IP.',
              'score': 1}],
 'ip': '33.44.55.66',
 'reason': 'Regional Internet Registry',
 'reasonDescription': 'One of the five RIRs announced a (new) location mapping '
                      'of the IP.',
 'score': 1,
 'subnets': [{'categoryDescriptions': {},
              'cats': {},
              'created': '2012-03-22T07:26:00.000Z',
              'geo': {'country': 'United States', 'countrycode': 'US'},
              'ip': '33.0.0.0',
              'reason': 'Regional Internet Registry',
              'reasonDescription': 'One of the five RIRs announced a (new) '
                                   'location mapping of the IP.',
              'score': 1,
              'subnet': '33.0.0.0/8'}],
 'tags': []}
\n", "
\n", " " ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "from msticpy.nbtools.ti_browser import browse_results\n", "ti_selector = browse_results(data=results, height=\"200px\")\n", "ti_selector" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Specifying Time Ranges\n", "Some providers (currently only AzSTI) support time ranges so that you can specify specific periods to search for.\n", "\n", "If a provider does not support time ranges, the parameters will be ignored" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:34.263895Z", "start_time": "2019-09-25T04:58:34.222919Z" }, "execution_event_id": "dd3239aa-89dc-46de-9ce2-75a23e53f5bd", "last_executed_text": "q_times = nbwidgets.QueryTime(units=\"day\", auto_display=True)", "persistent_id": "26b9e886-3fc7-4985-9873-7fa7c3a00cef" }, "outputs": [], "source": [ "from datetime import datetime\n", "search_origin = datetime(2019, 8, 5)\n", "q_times = nbwidgets.QueryTime(units=\"hour\", auto_display=True, origin_time=search_origin, max_after=24, max_before=24)" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:36.693199Z", "start_time": "2019-09-25T04:58:34.264895Z" } }, "outputs": [], "source": [ "# Using this data range returned no results\n", "ti_lookup.lookup_iocs(data=ioc_ips, providers=\"AzSTI\", start=q_times.start, end=q_times.end).head()" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:36.734209Z", "start_time": "2019-09-25T04:58:36.694198Z" }, "execution_event_id": "dd3239aa-89dc-46de-9ce2-75a23e53f5bd", "last_executed_text": "q_times = nbwidgets.QueryTime(units=\"day\", auto_display=True)", "persistent_id": "26b9e886-3fc7-4985-9873-7fa7c3a00cef" }, "outputs": [], "source": [ "from datetime import datetime\n", "search_origin = datetime(2019, 8, 5)\n", "q_times = nbwidgets.QueryTime(units=\"day\", auto_display=True, origin_time=search_origin, max_after=24, max_before=24)" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "ExecuteTime": { "end_time": "2019-09-25T04:58:39.213273Z", "start_time": "2019-09-25T04:58:36.735175Z" } }, "outputs": [], "source": [ "# Using a wider ranges produces results\n", "ti_lookup.lookup_iocs(data=ioc_ips, providers=\"AzSTI\", start=q_times.start, end=q_times.end)" ] } ], "metadata": { "celltoolbar": "Tags", "hide_input": false, "history": [ { "cell": { "executionCount": 1, "executionEventId": "70a7d32e-f312-4f33-b41c-566918af9ea8", "hasError": false, "id": "9dd0697a-24e3-4283-b634-83da0179b04b", "outputs": [ { "data": { "text/html": "\nThis product includes GeoLite2 data created by MaxMind, available from\nhttps://www.maxmind.com.\n", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\nThis library uses services provided by ipstack.\nhttps://ipstack.com", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "249a5400-e20e-452e-8d0d-2c65a8856bdf", "text": "# Imports\nimport sys\nimport warnings\n\nfrom msticpy.common.utility import check_py_version\nMIN_REQ_PYTHON = (3,6)\ncheck_py_version(MIN_REQ_PYTHON)\n\nfrom IPython import get_ipython\nfrom IPython.display import display, HTML, Markdown\nimport ipywidgets as widgets\n\nimport matplotlib.pyplot as plt\nimport seaborn as sns\nsns.set()\nimport networkx as nx\n\nimport pandas as pd\npd.set_option('display.max_rows', 100)\npd.set_option('display.max_columns', 50)\npd.set_option('display.max_colwidth', 100)\n\nfrom msticpy.data import QueryProvider\nfrom msticpy.nbtools import *\nfrom msticpy.sectools import *\nfrom msticpy.nbtools.foliummap import FoliumMap\n\nWIDGET_DEFAULTS = {'layout': widgets.Layout(width='95%'),\n 'style': {'description_width': 'initial'}}\n\n# Some of our dependencies (networkx) still use deprecated Matplotlib\n# APIs - we can't do anything about it so suppress them from view\nfrom matplotlib import MatplotlibDeprecationWarning\nwarnings.simplefilter(\"ignore\", category=MatplotlibDeprecationWarning)\n\n" }, "executionTime": "2019-08-15T21:01:17.410Z" }, { "cell": { "executionCount": 2, "executionEventId": "51099a77-e76d-4cf3-b9d8-c2111dda63c5", "hasError": false, "id": "5a08a12b-9087-455e-a574-f6a99beb9e6e", "outputs": [ { "name": "stdout", "output_type": "stream", "text": "Please wait. Loading Kqlmagic extension...\n" }, { "data": { "text/html": "\n \n \n \n \n
\n
\n
\n

Kql Query Language, aka kql, is the query language for advanced analytics on Azure Monitor resources. The current supported data sources are \n Azure Data Explorer (Kusto), Log Analytics and Application Insights. To get more information execute '%kql --help \"kql\"'

\n

• kql reference: Click on 'Help' tab > and Select 'kql reference' or execute '%kql --help \"kql\"'
\n • Kqlmagic configuration: execute '%config Kqlmagic'
\n • Kqlmagic usage: execute '%kql --usage'
\n

\n
\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n \n \n \n \n

Kqlmagic package is updated frequently. Run '!pip install Kqlmagic --no-cache-dir --upgrade' to use the latest version.
Kqlmagic version: 0.1.101, source: https://github.com/Microsoft/jupyter-Kqlmagic

\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "try {IPython.notebook.kernel.reconnect();} catch(err) {;}", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n \n\n \n\n \n\n \n\n \n\n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n \n\n \n\n \n\n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "9026887c-7e4b-4bea-9dbb-28b7445cdd2e", "text": "# Authentication\nfrom msticpy.common.wsconfig import WorkspaceConfig\nws_config = WorkspaceConfig('config.json')\nWORKSPACE_ID = \"a927809c-8142-43e1-96b3-4ad87cfe95a3\"\nTENANT_ID = \"69d28fd7-42a5-48bc-a619-af56397b9f28\"\n\nqry_prov = QueryProvider(data_environment='LogAnalytics')\nla_connection_string = f'loganalytics://code().tenant(\"{TENANT_ID}\").workspace(\"{WORKSPACE_ID}\")'\nqry_prov.connect(connection_str=la_connection_string)" }, "executionTime": "2019-08-15T21:14:25.224Z" }, { "cell": { "executionCount": 3, "executionEventId": "6b8bfbf2-667c-4d24-829f-69d5319c79c2", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql" }, "executionTime": "2019-08-15T21:14:37.174Z" }, { "cell": { "executionCount": 4, "executionEventId": "964b3603-7862-4a5a-9c4a-a1d4e0d24481", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n \n \n \n \n

 * a927809c-8142-43e1-96b3-4ad87cfe95a3@loganalytics

\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n \n \n \n \n

['{"error":{"message":"The request had some invalid properties","code":"BadArgumentError","innererror":{"code":"SemanticError","message":"A semantic error occurred.","innererror":{"code":"SEM0100","message":"\\'\\' operator: Failed to resolve table or column or scalar expression named \\'connection\\'"}}}}']

\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql connection" }, "executionTime": "2019-08-15T21:14:53.582Z" }, { "cell": { "executionCount": 5, "executionEventId": "f857cb88-b1bc-4d2c-a4c6-55ddb40983c4", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/html": "

Overview

\n

Help command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: %kql --help \"topic\"

\n

Topics

\n
    \n
  • \n

    usage - How to use the Kqlmagic.
    \n

    \n
    • \n
  • \n

    conn - Lists the available connection string variation, and how their are used to authenticatie to data sources.
    \n

    \n
    • \n
  • \n

    query / kql - Reference to resources Kusto Queru language, aka kql, documentation
    \n

    \n
    • \n
  • \n

    options - Lists the available options, and their behavior impact on the submit query command.
    \n

    \n
    • \n
  • \n

    commands - Lists the available commands, and what they do.
    \n

    \n
    • \n
  • \n

    faq - Lists frequently asked quetions and answers.
    \n

    \n
    • \n
  • \n

    help - This help.
    \n

    \n
    • \n
  • \n

    AzureMonitor- Reference to resources Azure Monitor tools
    \nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n

    \n
    • \n
  • \n

    AzureDataExplorer / kusto- Reference to resources Azure Data Explorer (kusto) service
    \nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n

    \n
    • \n
  • \n

    LogAnalytics- Reference to resources Log Analytics service
    \nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n

    \n
    • \n
  • \n

    ApplicationInsights / AppInsights- Reference to resources Application Insights service
    \nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n

    \n
    • \n
\n

Need Support?

\n
    \n
  • Have a feature request for Kqlmagic? Please post it on User Voice to help us prioritize
    • \n
  • Have a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"
    • \n
  • Need Support? Every customer with an active Azure subscription has access to support with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team
    • \n
  • Found a bug? Please help us fix it by thoroughly documenting it and filing an issue.
    • \n
", "text/markdown": "## Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: ```%kql --help \"topic\"```
\n\n## Topics\n- **usage** - How to use the Kqlmagic.
\n
\n\n- **conn** - Lists the available connection string variation, and how their are used to authenticatie to data sources.
\n
\n\n- **query** / **kql** - [Reference to resources Kusto Queru language, aka kql, documentation](http://aka.ms/kdocs)
\n
\n\n- **options** - Lists the available options, and their behavior impact on the submit query command.
\n
\n\n- **commands** - Lists the available commands, and what they do.
\n
\n\n- **faq** - Lists frequently asked quetions and answers.
\n
\n\n- **help** - This help.
\n
\n\n- **AzureMonitor**- [Reference to resources Azure Monitor tools](https://docs.microsoft.com/en-us/azure/azure-monitor/)
\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n
\n\n- **AzureDataExplorer** / **kusto**- [Reference to resources Azure Data Explorer (kusto) service](https://docs.microsoft.com/en-us/azure/data-explorer/)
\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n
\n\n- **LogAnalytics**- [Reference to resources Log Analytics service](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-queries?toc=/azure/azure-monitor/toc.json)
\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n
\n\n- **ApplicationInsights** / **AppInsights**- [Reference to resources Application Insights service](https://docs.microsoft.com/en-us/azure/application-insights/app-insights-overview?toc=/azure/azure-monitor/toc.json)
\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n
\n\n\n## Need Support?\n- **Have a feature request for Kqlmagic?** Please post it on [User Voice](https://feedback.azure.com/forums/913690-azure-monitor) to help us prioritize\n- **Have a technical question?** Ask on [Stack Overflow with tag \"Kqlmagic\"](https://stackoverflow.com/questions/tagged/Kqlmagic)\n- **Need Support?** Every customer with an active Azure subscription has access to [support](https://docs.microsoft.com/en-us/azure/azure-supportability/how-to-create-azure-support-request) with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team\n- **Found a bug?** Please help us fix it by thoroughly documenting it and [filing an issue](https://github.com/Microsoft/jupyter-Kqlmagic/issues/new).\n", "text/plain": "Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: %kql --help \"topic\"\nTopics\n\n\nusage - How to use the Kqlmagic.\n\n\n\nconn - Lists the available connection string variation, and how their are used to authenticatie to data sources.\n\n\n\nquery / kql - Reference to resources Kusto Queru language, aka kql, documentation\n\n\n\noptions - Lists the available options, and their behavior impact on the submit query command.\n\n\n\ncommands - Lists the available commands, and what they do.\n\n\n\nfaq - Lists frequently asked quetions and answers.\n\n\n\nhelp - This help.\n\n\n\nAzureMonitor- Reference to resources Azure Monitor tools\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n\n\n\nAzureDataExplorer / kusto- Reference to resources Azure Data Explorer (kusto) service\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n\n\n\nLogAnalytics- Reference to resources Log Analytics service\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n\n\n\nApplicationInsights / AppInsights- Reference to resources Application Insights service\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n\n\n\nNeed Support?\n\nHave a feature request for Kqlmagic? Please post it on User Voice to help us prioritize\nHave a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"\nNeed Support? Every customer with an active Azure subscription has access to support with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team\nFound a bug? Please help us fix it by thoroughly documenting it and filing an issue." }, "execution_count": 5, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql --help" }, "executionTime": "2019-08-15T21:15:04.512Z" }, { "cell": { "executionCount": 6, "executionEventId": "0cc68306-40c8-4bd7-8b5a-b394a80025b6", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n \n \n \n \n

 * a927809c-8142-43e1-96b3-4ad87cfe95a3@loganalytics

\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n \n \n \n \n

['{"error":{"message":"The request had some invalid properties","code":"BadArgumentError","innererror":{"code":"SemanticError","message":"A semantic error occurred.","innererror":{"code":"SEM0100","message":"\\'\\' operator: Failed to resolve table or column or scalar expression named \\'conn\\'"}}}}']

\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql conn" }, "executionTime": "2019-08-15T21:15:14.239Z" }, { "cell": { "executionCount": 7, "executionEventId": "ab95c6dc-b626-428c-a242-16e39b600bb4", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/html": "\n \n \n \n \n

unknown command --conn

\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql --conn" }, "executionTime": "2019-08-15T21:15:19.309Z" }, { "cell": { "executionCount": 8, "executionEventId": "1cde5d5f-c7b3-4f1b-ad3f-03b2b024d021", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/html": "

Overview

\n

Help command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: %kql --help \"topic\"

\n

Topics

\n
    \n
  • \n

    usage - How to use the Kqlmagic.
    \n

    \n
    • \n
  • \n

    conn - Lists the available connection string variation, and how their are used to authenticatie to data sources.
    \n

    \n
    • \n
  • \n

    query / kql - Reference to resources Kusto Queru language, aka kql, documentation
    \n

    \n
    • \n
  • \n

    options - Lists the available options, and their behavior impact on the submit query command.
    \n

    \n
    • \n
  • \n

    commands - Lists the available commands, and what they do.
    \n

    \n
    • \n
  • \n

    faq - Lists frequently asked quetions and answers.
    \n

    \n
    • \n
  • \n

    help - This help.
    \n

    \n
    • \n
  • \n

    AzureMonitor- Reference to resources Azure Monitor tools
    \nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n

    \n
    • \n
  • \n

    AzureDataExplorer / kusto- Reference to resources Azure Data Explorer (kusto) service
    \nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n

    \n
    • \n
  • \n

    LogAnalytics- Reference to resources Log Analytics service
    \nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n

    \n
    • \n
  • \n

    ApplicationInsights / AppInsights- Reference to resources Application Insights service
    \nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n

    \n
    • \n
\n

Need Support?

\n
    \n
  • Have a feature request for Kqlmagic? Please post it on User Voice to help us prioritize
    • \n
  • Have a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"
    • \n
  • Need Support? Every customer with an active Azure subscription has access to support with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team
    • \n
  • Found a bug? Please help us fix it by thoroughly documenting it and filing an issue.
    • \n
", "text/markdown": "## Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: ```%kql --help \"topic\"```
\n\n## Topics\n- **usage** - How to use the Kqlmagic.
\n
\n\n- **conn** - Lists the available connection string variation, and how their are used to authenticatie to data sources.
\n
\n\n- **query** / **kql** - [Reference to resources Kusto Queru language, aka kql, documentation](http://aka.ms/kdocs)
\n
\n\n- **options** - Lists the available options, and their behavior impact on the submit query command.
\n
\n\n- **commands** - Lists the available commands, and what they do.
\n
\n\n- **faq** - Lists frequently asked quetions and answers.
\n
\n\n- **help** - This help.
\n
\n\n- **AzureMonitor**- [Reference to resources Azure Monitor tools](https://docs.microsoft.com/en-us/azure/azure-monitor/)
\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n
\n\n- **AzureDataExplorer** / **kusto**- [Reference to resources Azure Data Explorer (kusto) service](https://docs.microsoft.com/en-us/azure/data-explorer/)
\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n
\n\n- **LogAnalytics**- [Reference to resources Log Analytics service](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-queries?toc=/azure/azure-monitor/toc.json)
\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n
\n\n- **ApplicationInsights** / **AppInsights**- [Reference to resources Application Insights service](https://docs.microsoft.com/en-us/azure/application-insights/app-insights-overview?toc=/azure/azure-monitor/toc.json)
\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n
\n\n\n## Need Support?\n- **Have a feature request for Kqlmagic?** Please post it on [User Voice](https://feedback.azure.com/forums/913690-azure-monitor) to help us prioritize\n- **Have a technical question?** Ask on [Stack Overflow with tag \"Kqlmagic\"](https://stackoverflow.com/questions/tagged/Kqlmagic)\n- **Need Support?** Every customer with an active Azure subscription has access to [support](https://docs.microsoft.com/en-us/azure/azure-supportability/how-to-create-azure-support-request) with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team\n- **Found a bug?** Please help us fix it by thoroughly documenting it and [filing an issue](https://github.com/Microsoft/jupyter-Kqlmagic/issues/new).\n", "text/plain": "Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: %kql --help \"topic\"\nTopics\n\n\nusage - How to use the Kqlmagic.\n\n\n\nconn - Lists the available connection string variation, and how their are used to authenticatie to data sources.\n\n\n\nquery / kql - Reference to resources Kusto Queru language, aka kql, documentation\n\n\n\noptions - Lists the available options, and their behavior impact on the submit query command.\n\n\n\ncommands - Lists the available commands, and what they do.\n\n\n\nfaq - Lists frequently asked quetions and answers.\n\n\n\nhelp - This help.\n\n\n\nAzureMonitor- Reference to resources Azure Monitor tools\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n\n\n\nAzureDataExplorer / kusto- Reference to resources Azure Data Explorer (kusto) service\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n\n\n\nLogAnalytics- Reference to resources Log Analytics service\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n\n\n\nApplicationInsights / AppInsights- Reference to resources Application Insights service\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n\n\n\nNeed Support?\n\nHave a feature request for Kqlmagic? Please post it on User Voice to help us prioritize\nHave a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"\nNeed Support? Every customer with an active Azure subscription has access to support with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team\nFound a bug? Please help us fix it by thoroughly documenting it and filing an issue." }, "execution_count": 8, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql --help" }, "executionTime": "2019-08-15T21:15:27.059Z" }, { "cell": { "executionCount": 9, "executionEventId": "fd04bf25-85eb-4bb6-812d-d6fb720ceafb", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/html": "\n \n \n \n \n

failed to set --help, due to invalid str value commands.

\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql --help commands" }, "executionTime": "2019-08-15T21:15:41.968Z" }, { "cell": { "executionCount": 10, "executionEventId": "ba02115b-9fdb-4944-b471-d4df1c9bf669", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/html": "\n \n \n \n \n

unknown command --commands

\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql --commands" }, "executionTime": "2019-08-15T21:15:56.180Z" }, { "cell": { "executionCount": 11, "executionEventId": "e1650986-d280-40f1-9539-478d0c30d660", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/html": "

Overview

\n

Help command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: %kql --help \"topic\"

\n

Topics

\n
    \n
  • \n

    usage - How to use the Kqlmagic.
    \n

    \n
    • \n
  • \n

    conn - Lists the available connection string variation, and how their are used to authenticatie to data sources.
    \n

    \n
    • \n
  • \n

    query / kql - Reference to resources Kusto Queru language, aka kql, documentation
    \n

    \n
    • \n
  • \n

    options - Lists the available options, and their behavior impact on the submit query command.
    \n

    \n
    • \n
  • \n

    commands - Lists the available commands, and what they do.
    \n

    \n
    • \n
  • \n

    faq - Lists frequently asked quetions and answers.
    \n

    \n
    • \n
  • \n

    help - This help.
    \n

    \n
    • \n
  • \n

    AzureMonitor- Reference to resources Azure Monitor tools
    \nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n

    \n
    • \n
  • \n

    AzureDataExplorer / kusto- Reference to resources Azure Data Explorer (kusto) service
    \nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n

    \n
    • \n
  • \n

    LogAnalytics- Reference to resources Log Analytics service
    \nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n

    \n
    • \n
  • \n

    ApplicationInsights / AppInsights- Reference to resources Application Insights service
    \nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n

    \n
    • \n
\n

Need Support?

\n
    \n
  • Have a feature request for Kqlmagic? Please post it on User Voice to help us prioritize
    • \n
  • Have a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"
    • \n
  • Need Support? Every customer with an active Azure subscription has access to support with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team
    • \n
  • Found a bug? Please help us fix it by thoroughly documenting it and filing an issue.
    • \n
", "text/markdown": "## Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: ```%kql --help \"topic\"```
\n\n## Topics\n- **usage** - How to use the Kqlmagic.
\n
\n\n- **conn** - Lists the available connection string variation, and how their are used to authenticatie to data sources.
\n
\n\n- **query** / **kql** - [Reference to resources Kusto Queru language, aka kql, documentation](http://aka.ms/kdocs)
\n
\n\n- **options** - Lists the available options, and their behavior impact on the submit query command.
\n
\n\n- **commands** - Lists the available commands, and what they do.
\n
\n\n- **faq** - Lists frequently asked quetions and answers.
\n
\n\n- **help** - This help.
\n
\n\n- **AzureMonitor**- [Reference to resources Azure Monitor tools](https://docs.microsoft.com/en-us/azure/azure-monitor/)
\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n
\n\n- **AzureDataExplorer** / **kusto**- [Reference to resources Azure Data Explorer (kusto) service](https://docs.microsoft.com/en-us/azure/data-explorer/)
\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n
\n\n- **LogAnalytics**- [Reference to resources Log Analytics service](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-queries?toc=/azure/azure-monitor/toc.json)
\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n
\n\n- **ApplicationInsights** / **AppInsights**- [Reference to resources Application Insights service](https://docs.microsoft.com/en-us/azure/application-insights/app-insights-overview?toc=/azure/azure-monitor/toc.json)
\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n
\n\n\n## Need Support?\n- **Have a feature request for Kqlmagic?** Please post it on [User Voice](https://feedback.azure.com/forums/913690-azure-monitor) to help us prioritize\n- **Have a technical question?** Ask on [Stack Overflow with tag \"Kqlmagic\"](https://stackoverflow.com/questions/tagged/Kqlmagic)\n- **Need Support?** Every customer with an active Azure subscription has access to [support](https://docs.microsoft.com/en-us/azure/azure-supportability/how-to-create-azure-support-request) with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team\n- **Found a bug?** Please help us fix it by thoroughly documenting it and [filing an issue](https://github.com/Microsoft/jupyter-Kqlmagic/issues/new).\n", "text/plain": "Overview\nHelp command is a tool to get more information on a topics that are relevant to Kqlmagic.\nt\nusage: %kql --help \"topic\"\nTopics\n\n\nusage - How to use the Kqlmagic.\n\n\n\nconn - Lists the available connection string variation, and how their are used to authenticatie to data sources.\n\n\n\nquery / kql - Reference to resources Kusto Queru language, aka kql, documentation\n\n\n\noptions - Lists the available options, and their behavior impact on the submit query command.\n\n\n\ncommands - Lists the available commands, and what they do.\n\n\n\nfaq - Lists frequently asked quetions and answers.\n\n\n\nhelp - This help.\n\n\n\nAzureMonitor- Reference to resources Azure Monitor tools\nAzure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.\n\n\n\nAzureDataExplorer / kusto- Reference to resources Azure Data Explorer (kusto) service\nAzure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. It helps you handle the many data streams emitted by modern software, so you can collect, store, and analyze data. Azure Data Explorer is ideal for analyzing large volumes of diverse data from any data source, such as websites, applications, IoT devices, and more.\n\n\n\nLogAnalytics- Reference to resources Log Analytics service\nLog data collected by Azure Monitor is stored in Log Analytics which collects telemetry and other data from a variety of sources and provides a query language for advanced analytics.\n\n\n\nApplicationInsights / AppInsights- Reference to resources Application Insights service\nApplication Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and J2EE, hosted on-premises or in the cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.\n\n\n\nNeed Support?\n\nHave a feature request for Kqlmagic? Please post it on User Voice to help us prioritize\nHave a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"\nNeed Support? Every customer with an active Azure subscription has access to support with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team\nFound a bug? Please help us fix it by thoroughly documenting it and filing an issue." }, "execution_count": 11, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql --help" }, "executionTime": "2019-08-15T21:16:04.370Z" }, { "cell": { "executionCount": 12, "executionEventId": "42f289e2-0dfb-4dc5-8462-9b691081ca95", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/html": "

Overview

\n
    \n
  • To get data from Azure Monitor data resources, the user need to authenticate itself, and if it has the right permission, \nhe would be able to query that data resource.
    • \n
  • The current supported data sources are: Azure Data Explorer (kusto) clusters, Application Insights, Log Analytics and Cache.
    • \n
  • \n

    Cache data source is not a real data source, it retrieves query results that were cached, but it can only retreive results queries that were executed before, new queries or modified queries won't work.\nto get more information on cache data source, execute help \"cache\"

    \n
    • \n
  • \n

    The user can connect to multiple data resources.

    \n
    • \n
  • Once a connection to a data resource is established, it gets a name of the form @.
    • \n
  • \n

    Reference to a data resource can be by connection string, connection name, or current connection (last connection used).

    \n
      \n
    • If connection is not specified, current connection (last connection used) will be used.
      • \n
    • To submit queries, at least one connection to a data resource must be established.
      • \n
    \n
    • \n
  • \n

    When a connection is specified, and it is a new connection string, the authentication and authorization is validated authomatically, by submiting \na validation query range c from 1 to 10 step 1 | count, and if the correct result returns, the connection is established.

    \n
    • \n
  • \n

    An initial connection can be specified as an environment variable.

    \n
      \n
    • if specified it will be established when Kqlmagic loads.
      • \n
    • The variable name is KQLMAGIC_CONNECTION_STR
      • \n
    \n
    • \n
\n

Authentication methods:

\n
    \n
  • AAD Username/password - Provide your AAD username and password.
    • \n
  • AAD application - Provide your AAD tenant ID, AAD app ID and app secret.
    • \n
  • AAD code - Provide only your AAD username, and authenticate yourself using a code, generated by ADAL.
    • \n
  • certificate - Provide your AAD tenant ID, AAD app ID, certificate and certificate-thumbprint (supported only with Azure Data Explorer)
    • \n
  • appid/appkey - Provide you application insight appid, and appkey (supported only with Application Insights)
    • \n
  • anonymous - No authentication. For the case that you run your data source locally.
    • \n
\n

Connect to Azure Data Explorer (kusto) data resource <database or alias>@<cluster>

\n

Few options to authenticate with Azure Data Explorer (Kusto) data resources:
\n%kql azuredataexplorer://code;cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'

\n%kql azuredataexplorer://tenant='<tenant-id>';clientid='<aad-appid>';clientsecret='<aad-appkey>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'

\n%kql azuredataexplorer://tenant='<tenant-id>';certificate='<certificate>';certificate_thumbprint='<thumbprint>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'

\n%kql azuredataexplorer://tenant='<tenant-id>';certificate_pem_file='<pem_filename>';certificate_thumbprint='<thumbprint>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'

\n%kql azuredataexplorer://username='<username>';password='<password>';cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'

\n%kql azuredataexplorer://anonymous;cluster='<cluster-name>';database='<database-name>';alias='<database-friendly-name>'

\n

Notes:
\n- username/password works only on corporate network.
\n- alias is optional.
\n- if credentials are missing, and a previous connection was established the credentials will be inherited.
\n- if secret (password / clientsecret / thumbprint) is missing, user will be prompted to provide it.
\n- if cluster is missing, and a previous connection was established the cluster will be inherited.
\n- if tenant is missing, and a previous connection was established the tenant will be inherited.
\n- if only the database change, a new connection can be set as follow: \n<new-database-name>@<cluster-name>
\n- a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string

\n

Connect to Log Analytics data resources <workspace or alias>@loganalytics

\n

Few options to authenticate with Log Analytics:
\n%kql loganalytics://code;workspace='<workspace-id>';alias='<workspace-friendly-name>'

\n%kql loganalytics://tenant='<tenant-id>';clientid='<aad-appid>';clientsecret='<aad-appkey>';workspace='<workspace-id>';alias='<workspace-friendly-name>'

\n%kql loganalytics://username='<username>';password='<password>';workspace='<workspace-id>';alias='<workspace-friendly-name>'

\n%kql loganalytics://anonymous;workspace='<workspace-id>';alias='<workspace-friendly-name>'

\n

Notes:
\n- authentication with appkey works only for the demo.
\n- username/password works only on corporate network.
\n- alias is optional.
\n- if credentials are missing, and a previous connection was established the credentials will be inherited.
\n- if secret (password / clientsecret) is missing, user will be prompted to provide it.
\n- if tenant is missing, and a previous connection was established the tenant will be inherited.
\n- a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string

\n

Connect to Application Insights data resources <appid or alias>@appinsights

\n

Few options to authenticate with Apllication Insights:

\n%kql appinsights://appid='<app-id>';appkey='<app-key>';alias='<appid-friendly-name>'

\n%kql appinsights://code;appid='<app-id>';alias='<appid-friendly-name>'

\n%kql appinsights://tenant='<tenant-id>';clientid='<aad-appid>';clientsecret='<aad-appkey>';appid='<app-id>';alias='<appid-friendly-name>'

\n%kql appinsights://username='<username>';password='<password>';appid='<app-id>';alias='<appid-friendly-name>'

\n%kql appinsights://anonymous;appid='<app-id>';alias='<appid-friendly-name>'

\n

Notes:
\n- username/password works only on corporate network.
\n- alias is optional.
\n- if credentials are missing, and a previous connection was established the credentials will be inherited.
\n- if secret (password / clientsecret / appkey) is missing, user will be prompted to provide it.
\n- if tenant is missing, and a previous connection was established the tenant will be inherited.
\n- a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string

\n

Need Support?

\n
    \n
  • Have a feature request for Kqlmagic? Please post it on User Voice to help us prioritize
    • \n
  • Have a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"
    • \n
  • Need Support? Every customer with an active Azure subscription has access to support with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team
    • \n
  • Found a bug? Please help us fix it by thoroughly documenting it and filing an issue.
    • \n
", "text/markdown": "## Overview\n- To get data from Azure Monitor data resources, the user need to authenticate itself, and if it has the right permission, \nhe would be able to query that data resource.\n- The current supported data sources are: Azure Data Explorer (kusto) clusters, Application Insights, Log Analytics and Cache.\n- Cache data source is not a real data source, it retrieves query results that were cached, but it can only retreive results queries that were executed before, new queries or modified queries won't work.\nto get more information on cache data source, execute ```help \"cache\"```\n\n- The user can connect to multiple data resources.\n- Once a connection to a data resource is established, it gets a name of the form @.\n- Reference to a data resource can be by connection string, connection name, or current connection (last connection used).\n - If connection is not specified, current connection (last connection used) will be used.\n - To submit queries, at least one connection to a data resource must be established.\n\n- When a connection is specified, and it is a new connection string, the authentication and authorization is validated authomatically, by submiting \na validation query ```range c from 1 to 10 step 1 | count```, and if the correct result returns, the connection is established.\n\n- An initial connection can be specified as an environment variable.\n - if specified it will be established when Kqlmagic loads.\n - The variable name is ```KQLMAGIC_CONNECTION_STR```\n\n## Authentication methods:\n\n* AAD Username/password - Provide your AAD username and password.\n* AAD application - Provide your AAD tenant ID, AAD app ID and app secret.\n* AAD code - Provide only your AAD username, and authenticate yourself using a code, generated by ADAL.\n* certificate - Provide your AAD tenant ID, AAD app ID, certificate and certificate-thumbprint (supported only with Azure Data Explorer)\n* appid/appkey - Provide you application insight appid, and appkey (supported only with Application Insights)\n* anonymous - No authentication. For the case that you run your data source locally.\n\n## Connect to Azure Data Explorer (kusto) data resource ```@```\nFew options to authenticate with Azure Data Explorer (Kusto) data resources:
\n```%kql azuredataexplorer://code;cluster='';database='';alias=''```

\n```%kql azuredataexplorer://tenant='';clientid='';clientsecret='';cluster='';database='';alias=''```

\n```%kql azuredataexplorer://tenant='';certificate='';certificate_thumbprint='';cluster='';database='';alias=''```

\n```%kql azuredataexplorer://tenant='';certificate_pem_file='';certificate_thumbprint='';cluster='';database='';alias=''```

\n```%kql azuredataexplorer://username='';password='';cluster='';database='';alias=''```

\n```%kql azuredataexplorer://anonymous;cluster='';database='';alias=''```

\n\nNotes:
\n- username/password works only on corporate network.
\n- alias is optional.
\n- if credentials are missing, and a previous connection was established the credentials will be inherited.
\n- if secret (password / clientsecret / thumbprint) is missing, user will be prompted to provide it.
\n- if cluster is missing, and a previous connection was established the cluster will be inherited.
\n- if tenant is missing, and a previous connection was established the tenant will be inherited.
\n- if only the database change, a new connection can be set as follow: \n```@```
\n- **a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string** \n\n## Connect to Log Analytics data resources ```@loganalytics```\nFew options to authenticate with Log Analytics:
\n```%kql loganalytics://code;workspace='';alias=''```

\n```%kql loganalytics://tenant='';clientid='';clientsecret='';workspace='';alias=''```

\n```%kql loganalytics://username='';password='';workspace='';alias=''```

\n```%kql loganalytics://anonymous;workspace='';alias=''```

\n\nNotes:
\n- authentication with appkey works only for the demo.
\n- username/password works only on corporate network.
\n- alias is optional.
\n- if credentials are missing, and a previous connection was established the credentials will be inherited.
\n- if secret (password / clientsecret) is missing, user will be prompted to provide it.
\n- if tenant is missing, and a previous connection was established the tenant will be inherited.
\n- **a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string**\n\n\n## Connect to Application Insights data resources ```@appinsights```\nFew options to authenticate with Apllication Insights:

\n```%kql appinsights://appid='';appkey='';alias=''```

\n```%kql appinsights://code;appid='';alias=''```

\n```%kql appinsights://tenant='';clientid='';clientsecret='';appid='';alias=''```

\n```%kql appinsights://username='';password='';appid='';alias=''```

\n```%kql appinsights://anonymous;appid='';alias=''```

\n\nNotes:
\n- username/password works only on corporate network.
\n- alias is optional.
\n- if credentials are missing, and a previous connection was established the credentials will be inherited.
\n- if secret (password / clientsecret / appkey) is missing, user will be prompted to provide it.
\n- if tenant is missing, and a previous connection was established the tenant will be inherited.
\n- **a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string**\n\n\n## Need Support?\n- **Have a feature request for Kqlmagic?** Please post it on [User Voice](https://feedback.azure.com/forums/913690-azure-monitor) to help us prioritize\n- **Have a technical question?** Ask on [Stack Overflow with tag \"Kqlmagic\"](https://stackoverflow.com/questions/tagged/Kqlmagic)\n- **Need Support?** Every customer with an active Azure subscription has access to [support](https://docs.microsoft.com/en-us/azure/azure-supportability/how-to-create-azure-support-request) with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team\n- **Found a bug?** Please help us fix it by thoroughly documenting it and [filing an issue](https://github.com/Microsoft/jupyter-Kqlmagic/issues/new).\n", "text/plain": "Overview\n\nTo get data from Azure Monitor data resources, the user need to authenticate itself, and if it has the right permission, \nhe would be able to query that data resource.\nThe current supported data sources are: Azure Data Explorer (kusto) clusters, Application Insights, Log Analytics and Cache.\n\nCache data source is not a real data source, it retrieves query results that were cached, but it can only retreive results queries that were executed before, new queries or modified queries won't work.\nto get more information on cache data source, execute help \"cache\"\n\n\nThe user can connect to multiple data resources.\n\nOnce a connection to a data resource is established, it gets a name of the form @.\n\nReference to a data resource can be by connection string, connection name, or current connection (last connection used).\n\nIf connection is not specified, current connection (last connection used) will be used.\nTo submit queries, at least one connection to a data resource must be established.\n\n\n\nWhen a connection is specified, and it is a new connection string, the authentication and authorization is validated authomatically, by submiting \na validation query range c from 1 to 10 step 1 | count, and if the correct result returns, the connection is established.\n\n\nAn initial connection can be specified as an environment variable.\n\nif specified it will be established when Kqlmagic loads.\nThe variable name is KQLMAGIC_CONNECTION_STR\n\n\n\nAuthentication methods:\n\nAAD Username/password - Provide your AAD username and password.\nAAD application - Provide your AAD tenant ID, AAD app ID and app secret.\nAAD code - Provide only your AAD username, and authenticate yourself using a code, generated by ADAL.\ncertificate - Provide your AAD tenant ID, AAD app ID, certificate and certificate-thumbprint (supported only with Azure Data Explorer)\nappid/appkey - Provide you application insight appid, and appkey (supported only with Application Insights)\nanonymous - No authentication. For the case that you run your data source locally.\n\nConnect to Azure Data Explorer (kusto) data resource @\nFew options to authenticate with Azure Data Explorer (Kusto) data resources:\n%kql azuredataexplorer://code;cluster='';database='';alias=''\n%kql azuredataexplorer://tenant='';clientid='';clientsecret='';cluster='';database='';alias=''\n%kql azuredataexplorer://tenant='';certificate='';certificate_thumbprint='';cluster='';database='';alias=''\n%kql azuredataexplorer://tenant='';certificate_pem_file='';certificate_thumbprint='';cluster='';database='';alias=''\n%kql azuredataexplorer://username='';password='';cluster='';database='';alias=''\n%kql azuredataexplorer://anonymous;cluster='';database='';alias=''\nNotes:\n- username/password works only on corporate network.\n- alias is optional.\n- if credentials are missing, and a previous connection was established the credentials will be inherited.\n- if secret (password / clientsecret / thumbprint) is missing, user will be prompted to provide it.\n- if cluster is missing, and a previous connection was established the cluster will be inherited.\n- if tenant is missing, and a previous connection was established the tenant will be inherited.\n- if only the database change, a new connection can be set as follow: \n@\n- a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string \nConnect to Log Analytics data resources @loganalytics\nFew options to authenticate with Log Analytics:\n%kql loganalytics://code;workspace='';alias=''\n%kql loganalytics://tenant='';clientid='';clientsecret='';workspace='';alias=''\n%kql loganalytics://username='';password='';workspace='';alias=''\n%kql loganalytics://anonymous;workspace='';alias=''\nNotes:\n- authentication with appkey works only for the demo.\n- username/password works only on corporate network.\n- alias is optional.\n- if credentials are missing, and a previous connection was established the credentials will be inherited.\n- if secret (password / clientsecret) is missing, user will be prompted to provide it.\n- if tenant is missing, and a previous connection was established the tenant will be inherited.\n- a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string\nConnect to Application Insights data resources @appinsights\nFew options to authenticate with Apllication Insights:\n%kql appinsights://appid='';appkey='';alias=''\n%kql appinsights://code;appid='';alias=''\n%kql appinsights://tenant='';clientid='';clientsecret='';appid='';alias=''\n%kql appinsights://username='';password='';appid='';alias=''\n%kql appinsights://anonymous;appid='';alias=''\nNotes:\n- username/password works only on corporate network.\n- alias is optional.\n- if credentials are missing, and a previous connection was established the credentials will be inherited.\n- if secret (password / clientsecret / appkey) is missing, user will be prompted to provide it.\n- if tenant is missing, and a previous connection was established the tenant will be inherited.\n- a not quoted value, is a python expression, that is evaluated and its result is used as the value. This is how you can parametrize the connection string\nNeed Support?\n\nHave a feature request for Kqlmagic? Please post it on User Voice to help us prioritize\nHave a technical question? Ask on Stack Overflow with tag \"Kqlmagic\"\nNeed Support? Every customer with an active Azure subscription has access to support with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team\nFound a bug? Please help us fix it by thoroughly documenting it and filing an issue." }, "execution_count": 12, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql --help \"conn\"" }, "executionTime": "2019-08-15T21:16:11.940Z" }, { "cell": { "executionCount": 13, "executionEventId": "19b502f1-d4fd-4baa-8f35-4b41840eed95", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/html": "

Overview

\n

Except submitting kql queries, few other commands are included that may help using the Kqlmagic.
\n- Only one command can be executed per magic transaction.
\n- A command must start with a double hyphen-minus --
\n- If command is not specified, the default command \"submit\" is assumed, that submits the query.

\n

Commands

\n

The following commands are supported:
\n- submit - Execute the query and return result.
\n - Options can be used to customize the behavior of the transaction.
\n - The query can parametrized.
\n - This is the default command.
\n

\n
    \n
  • \n

    version - Displays the current version string.
    \n

    \n
    • \n
  • \n

    usage - Displays usage of Kqlmagic.
    \n

    \n
    • \n
  • \n

    help \"topic\" - Displays information about the topic.

    \n
      \n
    • To get the list of all the topics, execute %kql --help \"help\"
      \n
      • \n
    \n
    • \n
  • \n

    **palette - Display information about the current or other named color palette.

    \n
      \n
    • The behaviour of this command will change based on the specified option:
      • \n
    • -palette_name, -palette_colors, palette_reverse, -palette_desaturation, execute %kql --palette -palette_name \"Reds\"
      \n
      • \n
    \n
    • \n
  • \n

    **palettes - Display information about all available palettes.

    \n
      \n
    • The behaviour of this command will change based on the specified option:
      • \n
    • -palette_colors, palette_reverse, -palette_desaturation, execute %kql --palettes -palette_desaturation 0.75
      \n
      • \n
    \n
    • \n
  • \n

    schema \"database\" - Returns the database schema as a python dict (displayed as a json format).

    \n
      \n
    • To get Azure Data Explorer database schema: %kql --schema \"databasename@clustername\"
      • \n
    • To get application insights app schema: %kql --schema \"appname@applicationinsights\"
      • \n
    • To get log analytics workspace schema: %kql --schema \"workspacename@loganalytics\"
      • \n
    • To get current connection database schema %kql --schema
      • \n
    • If -conn option is sepcified it will override the database value.
      \n
      • \n
    \n
    • \n
  • \n

    **cache - Enables caching query results to a cache folder, or disbale.

    \n
      \n
    • To enable caching to folder XXX, execute: %kql --cache \"XXX\"
      • \n
    • To disable caching, execute: %kql --cache None
      • \n
    • Once results are cached, the results can be used by enabling the use of the cache, with the --use_cache command.
      \n
      • \n
    \n
    • \n
  • \n

    **use_cache - Enables use of cached results from a cache folder.

    \n
      \n
    • To enable use of cache from folder XXX, execute: %kql --use_cache \"XXX\"
      • \n
    • To disable use of cache, execute: %kql --use_cache None
      • \n
    • Once enabled, intead of quering the data source, the results are retreived from the cache.
      \n
      • \n
    \n
    • \n
\n

Examples:

\n

%kql --version

\n%kql --usage

\n%kql --help \"help\"

\n%kql --help \"options\"

\n%kql --help \"conn\"

\n%kql --palette -palette_name \"Reds\"

\n%kql --schema 'DEMO_APP@applicationinsights'

\n%kql --cache \"XXX\"

\n%kql --use_cache None

\n%kql --submit appinsights://appid='DEMO_APP';appkey='DEMO_KEY' pageViews | count

\n%kql --palettes -palette_desaturation 0.75\n%kql pageViews | count

", "text/markdown": "## Overview\nExcept submitting kql queries, few other commands are included that may help using the Kqlmagic.
\n- Only one command can be executed per magic transaction.
\n- A command must start with a double hyphen-minus ```--```
\n- If command is not specified, the default command ```\"submit\"``` is assumed, that submits the query.
\n\n## Commands\nThe following commands are supported:
\n- **submit** - Execute the query and return result.
\n - Options can be used to customize the behavior of the transaction.
\n - The query can parametrized.
\n - This is the default command.
\n
\n\n- **version** - Displays the current version string.
\n
\n\n- **usage** - Displays usage of Kqlmagic.
\n
\n\n- **help \"topic\"** - Displays information about the topic.
\n - To get the list of all the topics, execute ```%kql --help \"help\"```
\n
\n\n- **palette - Display information about the current or other named color palette.
\n - The behaviour of this command will change based on the specified option:\n - -palette_name, -palette_colors, palette_reverse, -palette_desaturation, execute ```%kql --palette -palette_name \"Reds\"```
\n
\n\n- **palettes - Display information about all available palettes.
\n - The behaviour of this command will change based on the specified option:\n - -palette_colors, palette_reverse, -palette_desaturation, execute ```%kql --palettes -palette_desaturation 0.75```
\n
\n\n- **schema \"database\"** - Returns the database schema as a python dict (displayed as a json format).
\n - To get Azure Data Explorer database schema: ```%kql --schema \"databasename@clustername\"```
\n - To get application insights app schema: ```%kql --schema \"appname@applicationinsights\"```
\n - To get log analytics workspace schema: ```%kql --schema \"workspacename@loganalytics\"```
\n - To get current connection database schema ```%kql --schema```
\n - If -conn option is sepcified it will override the database value.
\n
\n\n- **cache - Enables caching query results to a cache folder, or disbale.
\n - To enable caching to folder XXX, execute: ```%kql --cache \"XXX\"```
\n - To disable caching, execute: ```%kql --cache None```
\n - Once results are cached, the results can be used by enabling the use of the cache, with the --use_cache command.
\n
\n\n- **use_cache - Enables use of cached results from a cache folder.
\n - To enable use of cache from folder XXX, execute: ```%kql --use_cache \"XXX\"```
\n - To disable use of cache, execute: ```%kql --use_cache None```
\n - Once enabled, intead of quering the data source, the results are retreived from the cache.
\n
\n\n## Examples:\n```%kql --version```

\n```%kql --usage```

\n```%kql --help \"help\"```

\n```%kql --help \"options\"```

\n```%kql --help \"conn\"```

\n```%kql --palette -palette_name \"Reds\"```

\n```%kql --schema 'DEMO_APP@applicationinsights'```

\n```%kql --cache \"XXX\"```

\n```%kql --use_cache None```

\n```%kql --submit appinsights://appid='DEMO_APP';appkey='DEMO_KEY' pageViews | count```

\n```%kql --palettes -palette_desaturation 0.75```\n```%kql pageViews | count```\n", "text/plain": "Overview\nExcept submitting kql queries, few other commands are included that may help using the Kqlmagic.\n- Only one command can be executed per magic transaction.\n- A command must start with a double hyphen-minus --\n- If command is not specified, the default command \"submit\" is assumed, that submits the query.\nCommands\nThe following commands are supported:\n- submit - Execute the query and return result. \n - Options can be used to customize the behavior of the transaction.\n - The query can parametrized.\n - This is the default command.\n\n\n\nversion - Displays the current version string.\n\n\n\nusage - Displays usage of Kqlmagic.\n\n\n\nhelp \"topic\" - Displays information about the topic.\n\nTo get the list of all the topics, execute %kql --help \"help\"\n\n\n\n\n**palette - Display information about the current or other named color palette.\n\nThe behaviour of this command will change based on the specified option:\n-palette_name, -palette_colors, palette_reverse, -palette_desaturation, execute %kql --palette -palette_name \"Reds\"\n\n\n\n\n**palettes - Display information about all available palettes.\n\nThe behaviour of this command will change based on the specified option:\n-palette_colors, palette_reverse, -palette_desaturation, execute %kql --palettes -palette_desaturation 0.75\n\n\n\n\nschema \"database\" - Returns the database schema as a python dict (displayed as a json format). \n\nTo get Azure Data Explorer database schema: %kql --schema \"databasename@clustername\"\nTo get application insights app schema: %kql --schema \"appname@applicationinsights\"\nTo get log analytics workspace schema: %kql --schema \"workspacename@loganalytics\"\nTo get current connection database schema %kql --schema\nIf -conn option is sepcified it will override the database value.\n\n\n\n\n**cache - Enables caching query results to a cache folder, or disbale. \n\nTo enable caching to folder XXX, execute: %kql --cache \"XXX\"\nTo disable caching, execute: %kql --cache None\nOnce results are cached, the results can be used by enabling the use of the cache, with the --use_cache command.\n\n\n\n\n**use_cache - Enables use of cached results from a cache folder. \n\nTo enable use of cache from folder XXX, execute: %kql --use_cache \"XXX\"\nTo disable use of cache, execute: %kql --use_cache None\nOnce enabled, intead of quering the data source, the results are retreived from the cache.\n\n\n\n\nExamples:\n%kql --version\n%kql --usage\n%kql --help \"help\"\n%kql --help \"options\"\n%kql --help \"conn\"\n%kql --palette -palette_name \"Reds\"\n%kql --schema 'DEMO_APP@applicationinsights'\n%kql --cache \"XXX\"\n%kql --use_cache None\n%kql --submit appinsights://appid='DEMO_APP';appkey='DEMO_KEY' pageViews | count\n%kql --palettes -palette_desaturation 0.75\n%kql pageViews | count" }, "execution_count": 13, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql --help \"commands\"" }, "executionTime": "2019-08-15T21:16:59.019Z" }, { "cell": { "executionCount": 14, "executionEventId": "4d635d06-f9aa-462b-967e-2ed7628175ea", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/plain": "{\n \u001b[94m\"AADDomainServicesAccountLogon\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertIssuerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertSerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertThumbprint\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureCode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MappedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MappingBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PreAuthType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TicketOptions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesAccountManagement\"\u001b[39;49;00m: {\n \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerAccountChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DnsHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupTypeChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MembershipExpirationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"NewTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServicePrincipalNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesDirectoryServiceAccess\"\u001b[39;49;00m: {\n \u001b[94m\"AppCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AttributeLDAPDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AttributeSyntaxOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AttributeValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectGUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TreeDelete\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesLogonLogoff\"\u001b[39;49;00m: {\n \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ImpersonationLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TdoSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesPolicyChange\"\u001b[39;49;00m: {\n \u001b[94m\"AccessGranted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccessRemoved\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CollisionTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CollisionTargetType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CrashOnAuditFailValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DisabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DnsName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EnabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EntryType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ForestRoot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ForestRootSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KerberosPolicyChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetbiosName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidFilteringEnabled\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TdoAttributes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TdoDirection\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TdoType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TopLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesPrivilegeUse\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewState\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceManager\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TransactionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesSystemSecurity\"\u001b[39;49;00m: {\n \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ADFActivityRun\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityIterationCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ActivityName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EffectiveIntegrationRuntime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Error\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Input\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LinkedServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Output\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PipelineRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ADFPipelineRun\"\u001b[39;49;00m: {\n \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Predecessors\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ADFTriggerRun\"\u001b[39;49;00m: {\n \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TriggerEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerFailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AWSCloudTrail\"\u001b[39;49;00m: {\n \u001b[94m\"APIVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AWSRegion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalEventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AwsEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AwsRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementEvent\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReadOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"RecipientAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resources\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResponseElements\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceEventDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionCreationDate\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerPrincipalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionMfaAuthenticated\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SharedEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityAccessKeyId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityInvokedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityPrincipalid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VpcEndpointId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Alert\"\u001b[39;49;00m: {\n \u001b[94m\"AlertContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertError\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertPriority\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertRuleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertRuleInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AlertTypeDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertTypeNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AlertValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Comments\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom10\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Expression\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastModifiedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LinkToSearchResults\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PriorityNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Query\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QueryExecutionEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"QueryExecutionStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"RemediationJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemediationRunbookName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RepeatCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ResolvedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RootObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskConnectionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskWorkItemLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskWorkItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StateType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StatusDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThresholdOperator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThresholdValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeLastModified\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeRaised\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeResolved\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ValueDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ValueFlags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ValueFlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AppCenterError\"\u001b[39;49;00m: {\n \u001b[94m\"Annotation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ErrorClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorFile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorLine\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ErrorMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"JailBreak\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"LastErrorAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Model\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Oem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OsVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SchemaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SymbolicatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AuditLogs\"\u001b[39;49;00m: {\n \u001b[94m\"AADOperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ActivityDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InitiatedBy\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LoggedByService\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetResources\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AutoscaleEvaluationsLog\"\u001b[39;49;00m: {\n \u001b[94m\"AutoscaleMetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AvailabilitySet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CloudServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CloudServiceRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CoolDown\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DefaultInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeploymentSlot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EstimateScaleResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EvaluationResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"InstanceUpdateReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastScaleActionTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"MaximumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"MetricData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MetricEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"MetricNamespace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MetricStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"MetricTimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinimumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ObservedValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Operator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Profile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProfileEvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ProfileSelected\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"Projection\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SelectedAutoscaleProfile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServerFarm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ShouldUpdateInstance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SkipCurrentAutoscaleEvaluation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SkipRuleEvaluationForCooldown\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Threshold\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"TimeAggregationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGrainStatistic\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Webspace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AutoscaleScaleActionsLog\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedAsyncScaleActionJob\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"CreatedAsyncScaleActionJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleActionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AzureActivity\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivitySubstatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AzureDiagnostics\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RawData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_schema_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"correlation_actionTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"correlation_clientTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"correlation_clientTrackingId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"endTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"error_code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"error_message_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_actionName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_location_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_originRunId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_resourceGroupName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_runId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_subscriptionId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_triggerName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_workflowId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_workflowName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"startTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"status_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"tags_LogicAppsCategory_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"workflowId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AzureMetrics\"\u001b[39;49;00m: {\n \u001b[94m\"Average\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Count\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Maximum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"MetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Minimum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Total\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UnitName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"CommonSecurityLog\"\u001b[39;49;00m: {\n \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalExtensions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationProtocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CommunicationDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestinationProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestinationProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestinationUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint1\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint2\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint3\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint4\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber3\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString5Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString6Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceEventClassID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceExternalID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceFacility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceInboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceMacAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceNtDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceOutboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DevicePayloadId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceProduct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceTimeZone\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceVendor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ExternalID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OldFileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OriginalLogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Protocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReceiptTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReceivedBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestClientApplication\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestCookies\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SentBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"SimplifiedDeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ThreatConfidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThreatDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ComputerGroup\"\u001b[39;49;00m: {\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ContainerRegistryLoginEvents\"\u001b[39;49;00m: {\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"JwtId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ContainerRegistryRepositoryEvents\"\u001b[39;49;00m: {\n \u001b[94m\"ArtifactType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Digest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MediaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Repository\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Size\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tag\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksAccounts\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksClusters\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksDBFS\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksJobs\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksNotebook\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksSQLPermissions\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksSSH\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksSecrets\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksTables\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksWorkspace\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ETWEvent\"\u001b[39;49;00m: {\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Event\"\u001b[39;49;00m: {\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventCategory\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventLog\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ParameterXml\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RenderedDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Heartbeat\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsGatewayInstalled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSMajorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSMinorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SCAgentChannel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Solutions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VMUUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Version\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"HuntingBookmark\"\u001b[39;49;00m: {\n \u001b[94m\"BookmarkId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"BookmarkName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"BookmarkType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"LastUpdatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Notes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QueryResultRow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QueryText\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SoftDeleted\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UpdatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"IntuneAuditLogs\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"IntuneOperationalLogs\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"LinuxAuditLog\"\u001b[39;49;00m: {\n \u001b[94m\"AuditID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExternalAgentIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RawRecord\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeUploaded\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a0\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"acct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"addr\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"arch\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"argc\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"audit_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"auid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"cmd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"comm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"cwd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"effective_group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"effective_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"egid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"euid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"exe\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"exit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"family\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"filetype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"gid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"hostname\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"icmptype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"key\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"node\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"op\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"path\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"pid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"ppid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"res\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ses\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"success\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"syscall\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"terminal\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"tty\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"uid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"vm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"McasShadowItReporting\"\u001b[39;49;00m: {\n \u001b[94m\"AppCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppScore\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AppTags\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"BlockedEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DownloadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EnrichedUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StreamName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TotalBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TotalEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UploadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Microservices4SpringApplicationLogs\"\u001b[39;49;00m: {\n \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Log\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Stream\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftInsightsAzureActivityLog\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Claims\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventDataId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebApplicationLog\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CustomLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Logger\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Method\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Stacktrace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WebSiteInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebFunctionExecutionLogs\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FunctionInvocationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FunctionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebStdOutStdErrLog\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebW3CLog\"\u001b[39;49;00m: {\n \u001b[94m\"CIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CsHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CsMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CsUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"OfficeActivity\"\u001b[39;49;00m: {\n \u001b[94m\"AADTarget\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Actor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActorContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActorIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AffectedItems\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Application\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureActiveDirectory_EventType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Client\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientInfoString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Client_IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CrossMailboxOperations\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"CustomEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DataCenterSecurityEventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestFolder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EffectiveOrganization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationApprovedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ElevationApprover\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationDuration\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ElevationRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Event_Data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExternalAccess\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Folder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Folders\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GenericInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InterSystemsId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InternalLogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"IntraSystemId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Item\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LoginStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"LogonUserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Logon_Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineDomainInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ModifiedObjectResolvedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ModifiedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeObjectId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeWorkload\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Operation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OrganizationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OrganizationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OriginatingServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendAsUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendAsUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendOnBehalfOfUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendonBehalfOfUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SharingType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Site_\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Site_Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Source_Name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start_Time\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"SupportTicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserSharedWith\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Operation\"\u001b[39;49;00m: {\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Detail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HelpLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Perf\"\u001b[39;49;00m: {\n \u001b[94m\"BucketEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"BucketStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CounterName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CounterPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CounterValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Max\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Min\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SampleCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StandardDeviation\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ReservedAzureCommonFields\"\u001b[39;49;00m: {\n \u001b[94m\"Caller_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientIP_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientInfo_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientPort_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Direction_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailedRequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HttpMethod_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HttpStatusCode_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HttpStatus_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HttpVersion_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Id_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InstanceId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"JobId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Latency_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"MacAddress_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MatchedConnections_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Priority_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ReceivedBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RequestQuery_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestUri_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RuleName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RunbookName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SentBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SslEnabled_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StreamType_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubnetPrefix_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Throughput_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeTaken_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UnHealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VnetResourceGuid_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ReservedCommonFields\"\u001b[39;49;00m: {\n \u001b[94m\"CallerIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"SecurityAlert\"\u001b[39;49;00m: {\n \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConfidenceLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Entities\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedLinks\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsIncident\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"ProcessingEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ProductComponentName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProductName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProviderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemediationSteps\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"SystemAlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VendorName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VendorOriginalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkspaceResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkspaceSubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"SecurityEvent\"\u001b[39;49;00m: {\n \u001b[94m\"AccessMask\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Account\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalInfo2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Attributes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationService\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CACertificateHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CAPublicKeyHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CalledStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallingStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertificateDatabaseHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Channel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClassId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClassName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CommandLine\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CompatibleIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DCDNSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Disposition\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EAPType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedQuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePathNoUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Filter\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Fqbn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FullyQualifiedSubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FullyQualifiedSubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupMembership\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HardwareIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InterfaceUuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LocationInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LoggingResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"LogonTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineInventory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineLogon\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MandatoryLabel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASIPv4Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASIPv6Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASPortType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectValueName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ParentProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PreviousDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PreviousTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrivateKeyUsageCount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Process\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProtocolSequence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProxyPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineHelpURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineSessionID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineSystemHealthResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RelativeTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Requester\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RowsDeleted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SecurityDescriptor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceStartType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ServiceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ShareLocalPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ShareName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Subject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectKeyIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectMachineSID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TableId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Task\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TemplateContent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateDSObjectFQDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateInternalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateSchemaVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TokenElevationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VendorIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ServiceFabricOperationalEvent\"\u001b[39;49;00m: {\n \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UpgradeDomains\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ServiceFabricReliableActorEvent\"\u001b[39;49;00m: {\n \u001b[94m\"ActorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActorIdKind\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ActorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CountOfWaitingMethodCalls\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsStateful\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MethodExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"MethodName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MethodSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NodeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"ReplicaOrInstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SaveStateExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ServiceFabricReliableServiceEvent\"\u001b[39;49;00m: {\n \u001b[94m\"ActualCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SlowCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WasCanceled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m\n },\n \u001b[94m\"SigninLogs\"\u001b[39;49;00m: {\n \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientAppUsed\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConditionalAccessPolicies\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"ConditionalAccessStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"DeviceDetail\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsRisky\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LocationDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OriginalRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskDetail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskEventTypes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskLevelAggregated\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskLevelDuringSignIn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Syslog\"\u001b[39;49;00m: {\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Facility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SeverityLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SyslogMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ThreatIntelligenceIndicator\"\u001b[39;49;00m: {\n \u001b[94m\"Action\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Active\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"ActivityGroupNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DiamondModel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailEncoding\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailLanguage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailRecipient\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSenderAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSenderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSourceDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSubject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailXMailer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExpirationDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ExternalIndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileCompileDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"FileCreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"FileHashType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileHashValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileMutexName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePacker\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KillChainActions\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainC2\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainDelivery\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainExploitation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainReconnaissance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainWeaponization\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KnownFalsePositives\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MalwareNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkProtocol\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourceAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourceCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"PassiveOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TrafficLightProtocolLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Usage\"\u001b[39;49;00m: {\n \u001b[94m\"AvgLatencyInSeconds\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"BatchesCapped\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"BatchesOutsideSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"BatchesWithinSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DataType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"IsBillable\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"LinkedMeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LinkedResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Quantity\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"QuantityUnit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TotalBatches\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"W3CIISLog\"\u001b[39;49;00m: {\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RoleInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeTaken\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"cIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"csCookie\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csReferer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUriQuery\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"sIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"sPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"sSiteName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"scBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"scStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"scSubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"scWin32Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n }\n}" }, "execution_count": 14, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql --schema" }, "executionTime": "2019-08-15T21:17:38.587Z" }, { "cell": { "executionCount": 15, "executionEventId": "88dc76b5-a442-4015-8e5d-a019c1138e1d", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/html": "\n \n \n \n \n

unknown option

\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql sch << --schema" }, "executionTime": "2019-08-15T21:18:02.466Z" }, { "cell": { "executionCount": 16, "executionEventId": "33796ba2-ad58-407d-bcc5-0e713f4916f5", "hasError": false, "id": "c591dfa1-6746-4363-ad43-da0e669ecb0b", "outputs": [ { "data": { "text/plain": "{\n \u001b[94m\"AADDomainServicesAccountLogon\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertIssuerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertSerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertThumbprint\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureCode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MappedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MappingBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PreAuthType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TicketOptions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesAccountManagement\"\u001b[39;49;00m: {\n \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerAccountChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DnsHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupTypeChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MembershipExpirationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"NewTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServicePrincipalNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesDirectoryServiceAccess\"\u001b[39;49;00m: {\n \u001b[94m\"AppCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AttributeLDAPDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AttributeSyntaxOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AttributeValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectGUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TreeDelete\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesLogonLogoff\"\u001b[39;49;00m: {\n \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ImpersonationLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TdoSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesPolicyChange\"\u001b[39;49;00m: {\n \u001b[94m\"AccessGranted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccessRemoved\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CollisionTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CollisionTargetType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CrashOnAuditFailValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DisabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DnsName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EnabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EntryType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ForestRoot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ForestRootSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KerberosPolicyChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetbiosName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidFilteringEnabled\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TdoAttributes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TdoDirection\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TdoType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TopLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesPrivilegeUse\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewState\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceManager\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TransactionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesSystemSecurity\"\u001b[39;49;00m: {\n \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ADFActivityRun\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityIterationCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ActivityName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EffectiveIntegrationRuntime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Error\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Input\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LinkedServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Output\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PipelineRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ADFPipelineRun\"\u001b[39;49;00m: {\n \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Predecessors\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ADFTriggerRun\"\u001b[39;49;00m: {\n \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TriggerEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerFailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AWSCloudTrail\"\u001b[39;49;00m: {\n \u001b[94m\"APIVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AWSRegion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalEventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AwsEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AwsRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementEvent\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReadOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"RecipientAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resources\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResponseElements\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceEventDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionCreationDate\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerPrincipalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionMfaAuthenticated\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SharedEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityAccessKeyId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityInvokedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityPrincipalid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VpcEndpointId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Alert\"\u001b[39;49;00m: {\n \u001b[94m\"AlertContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertError\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertPriority\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertRuleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertRuleInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AlertTypeDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertTypeNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AlertValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Comments\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom10\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Expression\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastModifiedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LinkToSearchResults\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PriorityNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Query\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QueryExecutionEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"QueryExecutionStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"RemediationJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemediationRunbookName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RepeatCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ResolvedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RootObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskConnectionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskWorkItemLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskWorkItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StateType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StatusDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThresholdOperator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThresholdValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeLastModified\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeRaised\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeResolved\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ValueDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ValueFlags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ValueFlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AppCenterError\"\u001b[39;49;00m: {\n \u001b[94m\"Annotation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ErrorClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorFile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorLine\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ErrorMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"JailBreak\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"LastErrorAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Model\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Oem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OsVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SchemaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SymbolicatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AuditLogs\"\u001b[39;49;00m: {\n \u001b[94m\"AADOperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ActivityDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InitiatedBy\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LoggedByService\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetResources\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AutoscaleEvaluationsLog\"\u001b[39;49;00m: {\n \u001b[94m\"AutoscaleMetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AvailabilitySet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CloudServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CloudServiceRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CoolDown\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DefaultInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeploymentSlot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EstimateScaleResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EvaluationResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"InstanceUpdateReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastScaleActionTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"MaximumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"MetricData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MetricEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"MetricNamespace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MetricStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"MetricTimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinimumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ObservedValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Operator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Profile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProfileEvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ProfileSelected\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"Projection\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SelectedAutoscaleProfile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServerFarm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ShouldUpdateInstance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SkipCurrentAutoscaleEvaluation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SkipRuleEvaluationForCooldown\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Threshold\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"TimeAggregationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGrainStatistic\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Webspace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AutoscaleScaleActionsLog\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedAsyncScaleActionJob\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"CreatedAsyncScaleActionJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleActionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AzureActivity\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivitySubstatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AzureDiagnostics\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RawData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_schema_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"correlation_actionTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"correlation_clientTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"correlation_clientTrackingId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"endTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"error_code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"error_message_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_actionName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_location_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_originRunId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_resourceGroupName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_runId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_subscriptionId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_triggerName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_workflowId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_workflowName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"startTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"status_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"tags_LogicAppsCategory_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"workflowId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AzureMetrics\"\u001b[39;49;00m: {\n \u001b[94m\"Average\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Count\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Maximum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"MetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Minimum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Total\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UnitName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"CommonSecurityLog\"\u001b[39;49;00m: {\n \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalExtensions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationProtocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CommunicationDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestinationProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestinationProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestinationUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint1\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint2\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint3\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint4\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber3\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString5Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString6Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceEventClassID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceExternalID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceFacility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceInboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceMacAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceNtDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceOutboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DevicePayloadId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceProduct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceTimeZone\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceVendor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ExternalID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OldFileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OriginalLogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Protocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReceiptTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReceivedBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestClientApplication\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestCookies\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SentBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"SimplifiedDeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ThreatConfidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThreatDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ComputerGroup\"\u001b[39;49;00m: {\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ContainerRegistryLoginEvents\"\u001b[39;49;00m: {\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"JwtId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ContainerRegistryRepositoryEvents\"\u001b[39;49;00m: {\n \u001b[94m\"ArtifactType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Digest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MediaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Repository\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Size\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tag\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksAccounts\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksClusters\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksDBFS\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksJobs\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksNotebook\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksSQLPermissions\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksSSH\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksSecrets\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksTables\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksWorkspace\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ETWEvent\"\u001b[39;49;00m: {\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Event\"\u001b[39;49;00m: {\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventCategory\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventLog\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ParameterXml\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RenderedDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Heartbeat\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsGatewayInstalled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSMajorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSMinorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SCAgentChannel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Solutions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VMUUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Version\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"HuntingBookmark\"\u001b[39;49;00m: {\n \u001b[94m\"BookmarkId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"BookmarkName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"BookmarkType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"LastUpdatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Notes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QueryResultRow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QueryText\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SoftDeleted\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UpdatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"IntuneAuditLogs\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"IntuneOperationalLogs\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"LinuxAuditLog\"\u001b[39;49;00m: {\n \u001b[94m\"AuditID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExternalAgentIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RawRecord\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeUploaded\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a0\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"acct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"addr\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"arch\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"argc\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"audit_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"auid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"cmd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"comm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"cwd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"effective_group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"effective_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"egid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"euid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"exe\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"exit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"family\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"filetype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"gid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"hostname\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"icmptype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"key\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"node\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"op\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"path\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"pid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"ppid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"res\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ses\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"success\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"syscall\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"terminal\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"tty\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"uid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"vm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"McasShadowItReporting\"\u001b[39;49;00m: {\n \u001b[94m\"AppCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppScore\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AppTags\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"BlockedEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DownloadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EnrichedUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StreamName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TotalBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TotalEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UploadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Microservices4SpringApplicationLogs\"\u001b[39;49;00m: {\n \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Log\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Stream\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftInsightsAzureActivityLog\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Claims\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventDataId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebApplicationLog\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CustomLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Logger\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Method\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Stacktrace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WebSiteInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebFunctionExecutionLogs\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FunctionInvocationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FunctionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebStdOutStdErrLog\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebW3CLog\"\u001b[39;49;00m: {\n \u001b[94m\"CIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CsHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CsMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CsUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"OfficeActivity\"\u001b[39;49;00m: {\n \u001b[94m\"AADTarget\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Actor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActorContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActorIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AffectedItems\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Application\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureActiveDirectory_EventType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Client\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientInfoString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Client_IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CrossMailboxOperations\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"CustomEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DataCenterSecurityEventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestFolder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EffectiveOrganization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationApprovedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ElevationApprover\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationDuration\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ElevationRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Event_Data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExternalAccess\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Folder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Folders\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GenericInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InterSystemsId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InternalLogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"IntraSystemId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Item\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LoginStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"LogonUserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Logon_Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineDomainInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ModifiedObjectResolvedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ModifiedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeObjectId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeWorkload\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Operation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OrganizationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OrganizationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OriginatingServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendAsUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendAsUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendOnBehalfOfUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendonBehalfOfUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SharingType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Site_\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Site_Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Source_Name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start_Time\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"SupportTicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserSharedWith\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Operation\"\u001b[39;49;00m: {\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Detail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HelpLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Perf\"\u001b[39;49;00m: {\n \u001b[94m\"BucketEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"BucketStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CounterName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CounterPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CounterValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Max\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Min\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SampleCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StandardDeviation\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ReservedAzureCommonFields\"\u001b[39;49;00m: {\n \u001b[94m\"Caller_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientIP_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientInfo_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientPort_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Direction_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailedRequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HttpMethod_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HttpStatusCode_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HttpStatus_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HttpVersion_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Id_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InstanceId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"JobId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Latency_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"MacAddress_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MatchedConnections_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Priority_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ReceivedBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RequestQuery_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestUri_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RuleName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RunbookName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SentBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SslEnabled_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StreamType_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubnetPrefix_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Throughput_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeTaken_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UnHealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VnetResourceGuid_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ReservedCommonFields\"\u001b[39;49;00m: {\n \u001b[94m\"CallerIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"SecurityAlert\"\u001b[39;49;00m: {\n \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConfidenceLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Entities\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedLinks\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsIncident\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"ProcessingEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ProductComponentName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProductName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProviderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemediationSteps\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"SystemAlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VendorName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VendorOriginalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkspaceResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkspaceSubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"SecurityEvent\"\u001b[39;49;00m: {\n \u001b[94m\"AccessMask\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Account\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalInfo2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Attributes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationService\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CACertificateHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CAPublicKeyHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CalledStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallingStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertificateDatabaseHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Channel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClassId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClassName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CommandLine\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CompatibleIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DCDNSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Disposition\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EAPType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedQuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePathNoUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Filter\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Fqbn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FullyQualifiedSubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FullyQualifiedSubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupMembership\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HardwareIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InterfaceUuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LocationInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LoggingResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"LogonTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineInventory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineLogon\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MandatoryLabel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASIPv4Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASIPv6Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASPortType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectValueName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ParentProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PreviousDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PreviousTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrivateKeyUsageCount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Process\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProtocolSequence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProxyPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineHelpURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineSessionID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineSystemHealthResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RelativeTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Requester\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RowsDeleted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SecurityDescriptor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceStartType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ServiceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ShareLocalPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ShareName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Subject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectKeyIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectMachineSID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TableId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Task\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TemplateContent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateDSObjectFQDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateInternalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateSchemaVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TokenElevationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VendorIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ServiceFabricOperationalEvent\"\u001b[39;49;00m: {\n \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UpgradeDomains\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ServiceFabricReliableActorEvent\"\u001b[39;49;00m: {\n \u001b[94m\"ActorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActorIdKind\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ActorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CountOfWaitingMethodCalls\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsStateful\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MethodExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"MethodName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MethodSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NodeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"ReplicaOrInstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SaveStateExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ServiceFabricReliableServiceEvent\"\u001b[39;49;00m: {\n \u001b[94m\"ActualCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SlowCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WasCanceled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m\n },\n \u001b[94m\"SigninLogs\"\u001b[39;49;00m: {\n \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientAppUsed\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConditionalAccessPolicies\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"ConditionalAccessStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"DeviceDetail\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsRisky\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LocationDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OriginalRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskDetail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskEventTypes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskLevelAggregated\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskLevelDuringSignIn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Syslog\"\u001b[39;49;00m: {\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Facility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SeverityLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SyslogMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ThreatIntelligenceIndicator\"\u001b[39;49;00m: {\n \u001b[94m\"Action\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Active\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"ActivityGroupNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DiamondModel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailEncoding\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailLanguage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailRecipient\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSenderAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSenderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSourceDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSubject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailXMailer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExpirationDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ExternalIndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileCompileDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"FileCreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"FileHashType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileHashValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileMutexName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePacker\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KillChainActions\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainC2\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainDelivery\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainExploitation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainReconnaissance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainWeaponization\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KnownFalsePositives\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MalwareNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkProtocol\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourceAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourceCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"PassiveOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TrafficLightProtocolLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Usage\"\u001b[39;49;00m: {\n \u001b[94m\"AvgLatencyInSeconds\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"BatchesCapped\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"BatchesOutsideSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"BatchesWithinSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DataType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"IsBillable\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"LinkedMeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LinkedResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Quantity\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"QuantityUnit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TotalBatches\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"W3CIISLog\"\u001b[39;49;00m: {\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RoleInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeTaken\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"cIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"csCookie\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csReferer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUriQuery\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"sIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"sPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"sSiteName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"scBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"scStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"scSubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"scWin32Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n }\n}" }, "execution_count": 16, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "53af05b4-61af-4e19-9720-f03ca043969e", "text": "%kql --schema" }, "executionTime": "2019-08-15T21:18:22.961Z" }, { "cell": { "executionCount": 17, "executionEventId": "6b017dc4-d5db-44f1-a55c-4048520f31e5", "hasError": false, "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c", "outputs": [], "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac", "text": "k_schema = _" }, "executionTime": "2019-08-15T21:18:35.691Z" }, { "cell": { "executionCount": 18, "executionEventId": "33087003-f376-4bf0-a982-dccf838a2a52", "hasError": false, "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c", "outputs": [ { "data": { "text/plain": "Kqlmagic.display.FormattedJsonDict" }, "execution_count": 18, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac", "text": "type(k_schema)" }, "executionTime": "2019-08-15T21:18:50.476Z" }, { "cell": { "executionCount": 19, "executionEventId": "fcb424f4-498b-42d3-b972-7a266bdcbd21", "hasError": true, "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c", "outputs": [ { "ename": "SyntaxError", "evalue": "unexpected EOF while parsing (, line 3)", "output_type": "error", "traceback": [ "\u001b[1;36m File \u001b[1;32m\"\"\u001b[1;36m, line \u001b[1;32m3\u001b[0m\n\u001b[1;33m (json.loads(str(k_schema))\u001b[0m\n\u001b[1;37m ^\u001b[0m\n\u001b[1;31mSyntaxError\u001b[0m\u001b[1;31m:\u001b[0m unexpected EOF while parsing\n" ] } ], "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac", "text": "import json\n\n(json.loads(str(k_schema))" }, "executionTime": "2019-08-15T21:19:30.874Z" }, { "cell": { "executionCount": 20, "executionEventId": "07593d26-77e1-4e8d-8215-611538f357a1", "hasError": true, "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c", "outputs": [ { "ename": "JSONDecodeError", "evalue": "Expecting property name enclosed in double quotes: line 2 column 5 (char 6)", "output_type": "error", "traceback": [ "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m", "\u001b[1;31mJSONDecodeError\u001b[0m Traceback (most recent call last)", "\u001b[1;32m\u001b[0m in \u001b[0;36m\u001b[1;34m\u001b[0m\n\u001b[0;32m 1\u001b[0m \u001b[1;32mimport\u001b[0m \u001b[0mjson\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m 2\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m----> 3\u001b[1;33m \u001b[0mjson\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mloads\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mstr\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mk_schema\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m", "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\envs\\condadev\\lib\\json\\__init__.py\u001b[0m in \u001b[0;36mloads\u001b[1;34m(s, encoding, cls, object_hook, parse_float, parse_int, parse_constant, object_pairs_hook, **kw)\u001b[0m\n\u001b[0;32m 346\u001b[0m \u001b[0mparse_int\u001b[0m \u001b[1;32mis\u001b[0m \u001b[1;32mNone\u001b[0m \u001b[1;32mand\u001b[0m \u001b[0mparse_float\u001b[0m \u001b[1;32mis\u001b[0m \u001b[1;32mNone\u001b[0m \u001b[1;32mand\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m 347\u001b[0m parse_constant is None and object_pairs_hook is None and not kw):\n\u001b[1;32m--> 348\u001b[1;33m \u001b[1;32mreturn\u001b[0m \u001b[0m_default_decoder\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mdecode\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m 349\u001b[0m \u001b[1;32mif\u001b[0m \u001b[0mcls\u001b[0m \u001b[1;32mis\u001b[0m \u001b[1;32mNone\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m 350\u001b[0m \u001b[0mcls\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mJSONDecoder\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n", "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\envs\\condadev\\lib\\json\\decoder.py\u001b[0m in \u001b[0;36mdecode\u001b[1;34m(self, s, _w)\u001b[0m\n\u001b[0;32m 335\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m 336\u001b[0m \"\"\"\n\u001b[1;32m--> 337\u001b[1;33m \u001b[0mobj\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mend\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mraw_decode\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0midx\u001b[0m\u001b[1;33m=\u001b[0m\u001b[0m_w\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m,\u001b[0m \u001b[1;36m0\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mend\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m 338\u001b[0m \u001b[0mend\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0m_w\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mend\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mend\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m 339\u001b[0m \u001b[1;32mif\u001b[0m \u001b[0mend\u001b[0m \u001b[1;33m!=\u001b[0m \u001b[0mlen\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n", "\u001b[1;32m~\\AppData\\Local\\Continuum\\anaconda3\\envs\\condadev\\lib\\json\\decoder.py\u001b[0m in \u001b[0;36mraw_decode\u001b[1;34m(self, s, idx)\u001b[0m\n\u001b[0;32m 351\u001b[0m \"\"\"\n\u001b[0;32m 352\u001b[0m \u001b[1;32mtry\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 353\u001b[1;33m \u001b[0mobj\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0mend\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mself\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mscan_once\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0ms\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0midx\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m 354\u001b[0m \u001b[1;32mexcept\u001b[0m \u001b[0mStopIteration\u001b[0m \u001b[1;32mas\u001b[0m \u001b[0merr\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m 355\u001b[0m \u001b[1;32mraise\u001b[0m \u001b[0mJSONDecodeError\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;34m\"Expecting value\"\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0ms\u001b[0m\u001b[1;33m,\u001b[0m \u001b[0merr\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mvalue\u001b[0m\u001b[1;33m)\u001b[0m \u001b[1;32mfrom\u001b[0m \u001b[1;32mNone\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n", "\u001b[1;31mJSONDecodeError\u001b[0m: Expecting property name enclosed in double quotes: line 2 column 5 (char 6)" ] } ], "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac", "text": "import json\n\njson.loads(str(k_schema))" }, "executionTime": "2019-08-15T21:19:39.300Z" }, { "cell": { "executionCount": 21, "executionEventId": "52fe5d86-7e51-4ada-b2f0-dee95f64cc35", "hasError": false, "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c", "outputs": [ { "data": { "text/plain": "{\n \u001b[94m\"AADDomainServicesAccountLogon\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertIssuerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertSerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertThumbprint\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureCode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MappedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MappingBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PreAuthType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TicketOptions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesAccountManagement\"\u001b[39;49;00m: {\n \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerAccountChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DnsHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupTypeChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MembershipExpirationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"NewTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldTargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServicePrincipalNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesDirectoryServiceAccess\"\u001b[39;49;00m: {\n \u001b[94m\"AppCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AttributeLDAPDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AttributeSyntaxOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AttributeValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectGUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldObjectDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpCorrelationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TreeDelete\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesLogonLogoff\"\u001b[39;49;00m: {\n \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ImpersonationLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TdoSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesPolicyChange\"\u001b[39;49;00m: {\n \u001b[94m\"AccessGranted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccessRemoved\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CollisionTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CollisionTargetType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CrashOnAuditFailValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DisabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DnsName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EnabledPrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EntryType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ForestRoot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ForestRootSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KerberosPolicyChange\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetbiosName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldSd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidFilteringEnabled\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TdoAttributes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TdoDirection\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TdoType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TopLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesPrivilegeUse\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewState\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceManager\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TransactionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AADDomainServicesSystemSecurity\"\u001b[39;49;00m: {\n \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ADFActivityRun\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityIterationCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ActivityName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EffectiveIntegrationRuntime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Error\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Input\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LinkedServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Output\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PipelineRunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ADFPipelineRun\"\u001b[39;49;00m: {\n \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"End\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PipelineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Predecessors\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RunId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ADFTriggerRun\"\u001b[39;49;00m: {\n \u001b[94m\"Annotations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SystemParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TriggerEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerFailureType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TriggerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AWSCloudTrail\"\u001b[39;49;00m: {\n \u001b[94m\"APIVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AWSRegion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalEventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AwsEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AwsRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ErrorMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementEvent\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReadOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"RecipientAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resources\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResponseElements\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceEventDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionCreationDate\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerPrincipalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionIssuerUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionMfaAuthenticated\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SharedEventId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityAccessKeyId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityAccountId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityArn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityInvokedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityPrincipalid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserIdentityUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VpcEndpointId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Alert\"\u001b[39;49;00m: {\n \u001b[94m\"AlertContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertError\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertPriority\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertRuleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertRuleInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AlertTypeDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertTypeNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AlertValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Comments\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom10\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Custom9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Expression\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Flags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastModifiedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LinkToSearchResults\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PriorityNumber\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Query\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QueryExecutionEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"QueryExecutionStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"RemediationJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemediationRunbookName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RepeatCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ResolvedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RootObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskConnectionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskWorkItemLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceDeskWorkItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StateType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StatusDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThresholdOperator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThresholdValue\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeLastModified\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeRaised\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeResolved\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TriggerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ValueDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ValueFlags\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ValueFlagsDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AppCenterError\"\u001b[39;49;00m: {\n \u001b[94m\"Annotation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ErrorClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorFile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorLine\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ErrorMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"JailBreak\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"LastErrorAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Model\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Oem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OsVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SchemaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SymbolicatedAt\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AuditLogs\"\u001b[39;49;00m: {\n \u001b[94m\"AADOperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ActivityDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InitiatedBy\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LoggedByService\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetResources\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AutoscaleEvaluationsLog\"\u001b[39;49;00m: {\n \u001b[94m\"AutoscaleMetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AvailabilitySet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CloudServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CloudServiceRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CoolDown\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DefaultInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeploymentSlot\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EstimateScaleResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EvaluationResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"InstanceUpdateReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastScaleActionTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"MaximumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"MetricData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MetricEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"MetricNamespace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MetricStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"MetricTimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinimumInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ObservedValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Operator\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Profile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProfileEvaluationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ProfileSelected\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"Projection\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SelectedAutoscaleProfile\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServerFarm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ShouldUpdateInstance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SkipCurrentAutoscaleEvaluation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SkipRuleEvaluationForCooldown\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Threshold\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"TimeAggregationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGrainStatistic\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Webspace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AutoscaleScaleActionsLog\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedAsyncScaleActionJob\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"CreatedAsyncScaleActionJobId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CurrentInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NewInstanceCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleActionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleActionOperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleActionOperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScaleDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AzureActivity\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivitySubstatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AzureDiagnostics\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RawData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_schema_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"correlation_actionTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"correlation_clientTrackingId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"correlation_clientTrackingId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"endTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"error_code_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"error_message_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_actionName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_location_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_originRunId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_resourceGroupName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_runId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_subscriptionId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_triggerName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_workflowId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"resource_workflowName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"startTime_t\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"status_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"tags_LogicAppsCategory_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"workflowId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"AzureMetrics\"\u001b[39;49;00m: {\n \u001b[94m\"Average\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Count\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Maximum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"MetricName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Minimum\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGrain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Total\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UnitName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"CommonSecurityLog\"\u001b[39;49;00m: {\n \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalExtensions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationProtocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CommunicationDirection\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestinationProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestinationProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestinationUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomDate2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint1\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint2\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint3\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint4\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomFloatingPoint4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomIPv6Address4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber3\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomNumber3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString3Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString4Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString5Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceCustomString6Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceEventClassID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceExternalID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceFacility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceInboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceMacAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceNtDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceOutboundInterface\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DevicePayloadId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceProduct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceTimeZone\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceVendor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ExternalID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexDate1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexDate1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber1\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber2\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FlexNumber2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString1Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FlexString2Label\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileCreateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileModificationTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFilePermission\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldFileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"OldFileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OriginalLogSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Protocol\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReceiptTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReceivedBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestClientApplication\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestContext\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestCookies\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SentBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"SimplifiedDeviceAction\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceDnsDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceHostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceMACAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceNTDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceProcessId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceTranslatedAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceTranslatedPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceUserPrivileges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ThreatConfidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThreatDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ComputerGroup\"\u001b[39;49;00m: {\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupFullName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ContainerRegistryLoginEvents\"\u001b[39;49;00m: {\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"JwtId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ContainerRegistryRepositoryEvents\"\u001b[39;49;00m: {\n \u001b[94m\"ArtifactType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Digest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MediaType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Region\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Repository\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Size\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tag\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksAccounts\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksClusters\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksDBFS\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksJobs\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksNotebook\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksSQLPermissions\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksSSH\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksSecrets\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksTables\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"DatabricksWorkspace\"\u001b[39;49;00m: {\n \u001b[94m\"ActionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestParams\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Response\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ETWEvent\"\u001b[39;49;00m: {\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Event\"\u001b[39;49;00m: {\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventCategory\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventLevelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventLog\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ParameterXml\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RenderedDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Heartbeat\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsGatewayInstalled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSMajorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSMinorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OSType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SCAgentChannel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Solutions\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VMUUID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Version\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"HuntingBookmark\"\u001b[39;49;00m: {\n \u001b[94m\"BookmarkId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"BookmarkName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"BookmarkType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"LastUpdatedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Notes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QueryResultRow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QueryText\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SoftDeleted\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UpdatedBy\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"IntuneAuditLogs\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"IntuneOperationalLogs\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"LinuxAuditLog\"\u001b[39;49;00m: {\n \u001b[94m\"AuditID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ComputerEnvironment\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExternalAgentIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RawRecord\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SerialNumber\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeUploaded\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a0\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a1\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a3\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a4\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a5\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a6\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a7\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a8\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"a9\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"acct\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"addr\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"arch\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"argc\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"audit_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"auid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"cmd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"comm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"cwd\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"effective_group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"effective_user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"egid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"euid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"exe\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"exit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"family\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"filetype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"gid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"group\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"hostname\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"icmptype\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"key\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"node\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"op\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"path\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"pid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"ppid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"res\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ses\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"success\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"syscall\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"terminal\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"tty\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"uid\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"user\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"vm\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"McasShadowItReporting\"\u001b[39;49;00m: {\n \u001b[94m\"AppCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppScore\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AppTags\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"BlockedEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DownloadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EnrichedUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StreamName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TotalBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TotalEvents\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UploadedBytes\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"UserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Microservices4SpringApplicationLogs\"\u001b[39;49;00m: {\n \u001b[94m\"AppName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Log\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Stream\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftInsightsAzureActivityLog\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityStatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActivitySubstatusValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Authorization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Caller\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Claims\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventDataId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSubmissionTimestamp\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"HTTPRequest\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationNameValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProviderValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebApplicationLog\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CustomLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionClass\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Logger\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Method\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Source\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Stacktrace\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WebSiteInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebFunctionExecutionLogs\"\u001b[39;49;00m: {\n \u001b[94m\"ActivityId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionDetails\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExceptionType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FunctionInvocationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FunctionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostInstanceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebStdOutStdErrLog\"\u001b[39;49;00m: {\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Host\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"MicrosoftWebW3CLog\"\u001b[39;49;00m: {\n \u001b[94m\"CIp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CsHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CsMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CsUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Result\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"OfficeActivity\"\u001b[39;49;00m: {\n \u001b[94m\"AADTarget\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Actor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActorContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActorIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AffectedItems\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Application\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureActiveDirectory_EventType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Client\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientInfoString\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Client_IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CrossMailboxOperations\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"CustomEvent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DataCenterSecurityEventType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"DestFolder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestMailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DestinationRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EffectiveOrganization\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationApprovedTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ElevationApprover\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationDuration\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ElevationRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationRole\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevationTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"EventSource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Event_Data\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExternalAccess\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Folder\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Folders\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GenericInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InterSystemsId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InternalLogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"IntraSystemId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Item\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ItemType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LoginStatus\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"LogonUserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Logon_Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineDomainInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxOwnerMasterAccountSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxOwnerSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MailboxOwnerUPN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ModifiedObjectResolvedName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ModifiedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeObjectId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OfficeWorkload\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Operation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OrganizationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OrganizationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OriginatingServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Parameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RecordType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendAsUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendAsUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendOnBehalfOfUserSmtp\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SendonBehalfOfUserMailboxGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SharingType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Site_\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Site_Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceFileExtension\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceRelativeUrl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Source_Name\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Start_Time\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"SupportTicketId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetContextId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserSharedWith\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Operation\"\u001b[39;49;00m: {\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Detail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HelpLink\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationCategory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationKey\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Perf\"\u001b[39;49;00m: {\n \u001b[94m\"BucketEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"BucketStartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CounterName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CounterPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CounterValue\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"InstanceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Max\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Min\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SampleCount\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StandardDeviation\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ReservedAzureCommonFields\"\u001b[39;49;00m: {\n \u001b[94m\"Caller_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientIP_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientInfo_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientPort_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Direction_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailedRequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HttpMethod_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HttpStatusCode_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HttpStatus_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"HttpVersion_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Id_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InstanceId_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"JobId_g\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Latency_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"MacAddress_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MatchedConnections_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Priority_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ReceivedBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RequestCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RequestQuery_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestUri_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RuleName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RunbookName_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SentBytes_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SslEnabled_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StreamType_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubnetPrefix_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Throughput_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeTaken_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UnHealthyHostCount_d\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VnetResourceGuid_s\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ReservedCommonFields\"\u001b[39;49;00m: {\n \u001b[94m\"CallerIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Message\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"SecurityAlert\"\u001b[39;49;00m: {\n \u001b[94m\"AlertName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AlertSeverity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConfidenceLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Entities\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedLinks\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsIncident\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"ProcessingEndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ProductComponentName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProductName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProviderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemediationSteps\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"SystemAlertId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VendorName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VendorOriginalId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkspaceResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkspaceSubscriptionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"SecurityEvent\"\u001b[39;49;00m: {\n \u001b[94m\"AccessMask\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Account\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountExpires\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AccountType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Activity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalInfo2\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AllowedToDelegateTo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Attributes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditPolicyChanges\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuditsDiscarded\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationLevel\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationService\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"AuthenticationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CACertificateHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CAPublicKeyHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CalledStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallerProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CallingStationID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CertificateDatabaseHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Channel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClassId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClassName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientIPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CommandLine\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CompatibleIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DCDNSName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DeviceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Disposition\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainBehaviorVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainPolicyChanged\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EAPType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ElevatedToken\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ErrorCode\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventData\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExtendedQuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FailureReason\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileHash\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePathNoUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Filter\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ForceLogoff\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Fqbn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FullyQualifiedSubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FullyQualifiedSubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"GroupMembership\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HandleId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HardwareIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomeDirectory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HomePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InterfaceUuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IpPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeyLength\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LmPackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LocationInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutDuration\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutObservationWindow\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LockoutThreshold\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LoggingResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonHours\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LogonType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"LogonTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineAccountQuota\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineInventory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MachineLogon\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MandatoryLabel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaxPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MemberSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordAge\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MinPasswordLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MixedDomainMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASIPv4Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASIPv6Address\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASPort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NASPortType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NewValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectServer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ObjectValueName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OemInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldMaxUsers\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldRemark\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldShareFlags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldUacValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OldValueType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PackageName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ParentProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordHistoryLength\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordLastSet\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PasswordProperties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PreviousDate\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PreviousTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrimaryGroupId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrivateKeyUsageCount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PrivilegeList\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Process\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProfilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Properties\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProtocolSequence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProxyPolicyName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineHelpURL\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineSessionID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineSessionIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"QuarantineSystemHealthResult\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RelativeTargetName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemotePort\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Requester\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RestrictedAdminMode\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RowsDeleted\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SamAccountName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ScriptPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SecurityDescriptor\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceFileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceStartType\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ServiceType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SessionName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ShareLocalPath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ShareName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SidHistory\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceComputerId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubcategoryId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Subject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectKeyIdentifier\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectMachineName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectMachineSID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SubjectUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TableId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetInfo\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLinkedLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetLogonId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundDomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetOutboundUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetServerName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUser\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TargetUserSid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Task\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TemplateContent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateDSObjectFQDN\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateInternalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateOID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateSchemaVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TemplateVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TokenElevationType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TransmittedServices\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAccountControl\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserParameters\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserWorkstations\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VendorIds\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"VirtualAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Workstation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WorkstationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ServiceFabricOperationalEvent\"\u001b[39;49;00m: {\n \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UpgradeDomains\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ServiceFabricReliableActorEvent\"\u001b[39;49;00m: {\n \u001b[94m\"ActorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ActorIdKind\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ActorType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CountOfWaitingMethodCalls\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsStateful\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MethodExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"MethodName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MethodSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NodeId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"ReplicaOrInstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SaveStateExecutionTimeTicks\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ServiceFabricReliableServiceEvent\"\u001b[39;49;00m: {\n \u001b[94m\"ActualCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ApplicationTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ChannelName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventId\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"EventMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventSourceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Exception\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"InstanceId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"KeywordName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OpcodeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"PartitionId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Pid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProviderGuid\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ReplicaId\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ServiceTypeName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SlowCancellationTimeMillis\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TaskName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Tid\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"WasCanceled\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m\n },\n \u001b[94m\"SigninLogs\"\u001b[39;49;00m: {\n \u001b[94m\"AADTenantId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AppId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Category\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ClientAppUsed\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConditionalAccessPolicies\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"ConditionalAccessStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CorrelationId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"CreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"DeviceDetail\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"DurationMs\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"IPAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Id\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Identity\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsRisky\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"Level\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Location\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LocationDetails\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"OperationName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OperationVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"OriginalRequestId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Resource\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceGroup\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceProvider\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultDescription\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultSignature\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResultType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskDetail\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskEventTypes\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskLevelAggregated\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskLevelDuringSignIn\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RiskState\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Status\"\u001b[39;49;00m: \u001b[33m\"dynamic\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserDisplayName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserPrincipalName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Syslog\"\u001b[39;49;00m: {\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EventTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Facility\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"HostName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ProcessID\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ProcessName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SeverityLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SyslogMessage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"ThreatIntelligenceIndicator\"\u001b[39;49;00m: {\n \u001b[94m\"Action\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Active\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"ActivityGroupNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"AdditionalInformation\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ConfidenceScore\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DiamondModel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DomainName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailEncoding\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailLanguage\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailRecipient\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSenderAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSenderName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSourceDomain\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSourceIpAddress\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailSubject\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EmailXMailer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ExpirationDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"ExternalIndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileCompileDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"FileCreatedDateTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"FileHashType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileHashValue\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileMutexName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePacker\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FilePath\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FileSize\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"FileType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"KillChainActions\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainC2\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainDelivery\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainExploitation\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainReconnaissance\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KillChainWeaponization\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"KnownFalsePositives\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MalwareNames\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkDestinationPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkProtocol\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourceAsn\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourceCidrBlock\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourceIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"NetworkSourcePort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"PassiveOnly\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"Tags\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ThreatSeverity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"ThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TrafficLightProtocolLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Url\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"UserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"Usage\"\u001b[39;49;00m: {\n \u001b[94m\"AvgLatencyInSeconds\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"BatchesCapped\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"BatchesOutsideSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"BatchesWithinSla\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"DataType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"EndTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"IsBillable\"\u001b[39;49;00m: \u001b[33m\"bool\"\u001b[39;49;00m,\n \u001b[94m\"LinkedMeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LinkedResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MeterId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Quantity\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"QuantityUnit\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ResourceUri\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Solution\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StartTime\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TotalBatches\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n },\n \u001b[94m\"W3CIISLog\"\u001b[39;49;00m: {\n \u001b[94m\"AzureDeploymentID\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Computer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Confidence\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Description\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"FirstReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IndicatorThreatType\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"IsActive\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"LastReportedDateTime\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"MaliciousIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"ManagementGroupName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPCountry\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLatitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"RemoteIPLongitude\"\u001b[39;49;00m: \u001b[33m\"real\"\u001b[39;49;00m,\n \u001b[94m\"Role\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"RoleInstance\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"Severity\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"SourceSystem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"StorageAccount\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TLPLevel\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"TimeGenerated\"\u001b[39;49;00m: \u001b[33m\"datetime\"\u001b[39;49;00m,\n \u001b[94m\"TimeTaken\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"Type\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"_ResourceId\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"cIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"csCookie\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csHost\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csMethod\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csReferer\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUriQuery\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUriStem\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUserAgent\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csUserName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"csVersion\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"sIP\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"sPort\"\u001b[39;49;00m: \u001b[33m\"int\"\u001b[39;49;00m,\n \u001b[94m\"sSiteName\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"scBytes\"\u001b[39;49;00m: \u001b[33m\"long\"\u001b[39;49;00m,\n \u001b[94m\"scStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"scSubStatus\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m,\n \u001b[94m\"scWin32Status\"\u001b[39;49;00m: \u001b[33m\"string\"\u001b[39;49;00m\n }\n}" }, "execution_count": 21, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac", "text": "k_schema" }, "executionTime": "2019-08-15T21:20:32.780Z" }, { "cell": { "executionCount": 22, "executionEventId": "c73dbca0-fd2c-4710-bd3a-47ee7e2ea511", "hasError": false, "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c", "outputs": [ { "data": { "text/plain": "dict_keys(['AADDomainServicesAccountLogon', 'AADDomainServicesAccountManagement', 'AADDomainServicesDirectoryServiceAccess', 'AADDomainServicesLogonLogoff', 'AADDomainServicesPolicyChange', 'AADDomainServicesPrivilegeUse', 'AADDomainServicesSystemSecurity', 'ADFActivityRun', 'ADFPipelineRun', 'ADFTriggerRun', 'AWSCloudTrail', 'Alert', 'AppCenterError', 'AuditLogs', 'AutoscaleEvaluationsLog', 'AutoscaleScaleActionsLog', 'AzureActivity', 'AzureDiagnostics', 'AzureMetrics', 'CommonSecurityLog', 'ComputerGroup', 'ContainerRegistryLoginEvents', 'ContainerRegistryRepositoryEvents', 'DatabricksAccounts', 'DatabricksClusters', 'DatabricksDBFS', 'DatabricksJobs', 'DatabricksNotebook', 'DatabricksSQLPermissions', 'DatabricksSSH', 'DatabricksSecrets', 'DatabricksTables', 'DatabricksWorkspace', 'ETWEvent', 'Event', 'Heartbeat', 'HuntingBookmark', 'IntuneAuditLogs', 'IntuneOperationalLogs', 'LinuxAuditLog', 'McasShadowItReporting', 'Microservices4SpringApplicationLogs', 'MicrosoftInsightsAzureActivityLog', 'MicrosoftWebApplicationLog', 'MicrosoftWebFunctionExecutionLogs', 'MicrosoftWebStdOutStdErrLog', 'MicrosoftWebW3CLog', 'OfficeActivity', 'Operation', 'Perf', 'ReservedAzureCommonFields', 'ReservedCommonFields', 'SecurityAlert', 'SecurityEvent', 'ServiceFabricOperationalEvent', 'ServiceFabricReliableActorEvent', 'ServiceFabricReliableServiceEvent', 'SigninLogs', 'Syslog', 'ThreatIntelligenceIndicator', 'Usage', 'W3CIISLog'])" }, "execution_count": 22, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac", "text": "k_schema.keys()" }, "executionTime": "2019-08-15T21:20:42.221Z" }, { "cell": { "executionCount": 23, "executionEventId": "6738f520-271d-41a1-b32d-ab0d0c58a232", "hasError": false, "id": "0f4c4710-bcbb-4c1f-a7b6-409f6abf757c", "outputs": [ { "data": { "text/plain": "['AADDomainServicesAccountLogon',\n 'AADDomainServicesAccountManagement',\n 'AADDomainServicesDirectoryServiceAccess',\n 'AADDomainServicesLogonLogoff',\n 'AADDomainServicesPolicyChange',\n 'AADDomainServicesPrivilegeUse',\n 'AADDomainServicesSystemSecurity',\n 'ADFActivityRun',\n 'ADFPipelineRun',\n 'ADFTriggerRun',\n 'AWSCloudTrail',\n 'Alert',\n 'AppCenterError',\n 'AuditLogs',\n 'AutoscaleEvaluationsLog',\n 'AutoscaleScaleActionsLog',\n 'AzureActivity',\n 'AzureDiagnostics',\n 'AzureMetrics',\n 'CommonSecurityLog',\n 'ComputerGroup',\n 'ContainerRegistryLoginEvents',\n 'ContainerRegistryRepositoryEvents',\n 'DatabricksAccounts',\n 'DatabricksClusters',\n 'DatabricksDBFS',\n 'DatabricksJobs',\n 'DatabricksNotebook',\n 'DatabricksSQLPermissions',\n 'DatabricksSSH',\n 'DatabricksSecrets',\n 'DatabricksTables',\n 'DatabricksWorkspace',\n 'ETWEvent',\n 'Event',\n 'Heartbeat',\n 'HuntingBookmark',\n 'IntuneAuditLogs',\n 'IntuneOperationalLogs',\n 'LinuxAuditLog',\n 'McasShadowItReporting',\n 'Microservices4SpringApplicationLogs',\n 'MicrosoftInsightsAzureActivityLog',\n 'MicrosoftWebApplicationLog',\n 'MicrosoftWebFunctionExecutionLogs',\n 'MicrosoftWebStdOutStdErrLog',\n 'MicrosoftWebW3CLog',\n 'OfficeActivity',\n 'Operation',\n 'Perf',\n 'ReservedAzureCommonFields',\n 'ReservedCommonFields',\n 'SecurityAlert',\n 'SecurityEvent',\n 'ServiceFabricOperationalEvent',\n 'ServiceFabricReliableActorEvent',\n 'ServiceFabricReliableServiceEvent',\n 'SigninLogs',\n 'Syslog',\n 'ThreatIntelligenceIndicator',\n 'Usage',\n 'W3CIISLog']" }, "execution_count": 23, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "eb7a9a2f-a277-426b-a95c-e1aeb03864ac", "text": "tables = list(k_schema.keys())\ntables" }, "executionTime": "2019-08-15T21:21:03.067Z" }, { "cell": { "executionCount": 24, "executionEventId": "582eb060-176d-47f4-af45-6113ef4bf405", "hasError": false, "id": "a219b96d-9209-46bf-97fb-b57f810333ee", "outputs": [ { "data": { "text/plain": "" }, "execution_count": 24, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "26056680-5fdf-454a-8fbe-81ec0b2154b5", "text": "qry_prov.ThreatIntelligence" }, "executionTime": "2019-08-15T21:22:11.283Z" }, { "cell": { "executionCount": 25, "executionEventId": "f4a33dca-7236-4bc2-a42a-e42913db9959", "hasError": false, "id": "a219b96d-9209-46bf-97fb-b57f810333ee", "outputs": [ { "data": { "text/plain": "['__class__',\n '__delattr__',\n '__dict__',\n '__dir__',\n '__doc__',\n '__eq__',\n '__format__',\n '__ge__',\n '__getattribute__',\n '__gt__',\n '__hash__',\n '__init__',\n '__init_subclass__',\n '__iter__',\n '__le__',\n '__len__',\n '__lt__',\n '__module__',\n '__ne__',\n '__new__',\n '__reduce__',\n '__reduce_ex__',\n '__repr__',\n '__setattr__',\n '__sizeof__',\n '__str__',\n '__subclasshook__',\n '__weakref__',\n 'list_indicators',\n 'list_indicators_by_domain',\n 'list_indicators_by_email',\n 'list_indicators_by_filepath',\n 'list_indicators_by_hash',\n 'list_indicators_by_ip',\n 'list_indicators_by_url']" }, "execution_count": 25, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "26056680-5fdf-454a-8fbe-81ec0b2154b5", "text": "dir(qry_prov.ThreatIntelligence)" }, "executionTime": "2019-08-15T21:22:19.564Z" }, { "cell": { "executionCount": 26, "executionEventId": "55efc129-b58c-481b-a5d0-7d6f51623173", "hasError": true, "id": "a219b96d-9209-46bf-97fb-b57f810333ee", "outputs": [ { "name": "stdout", "output_type": "stream", "text": "Query: list_indicators\nData source: LogAnalytics\nRetrieves list of all current indicators.\n\nParameters\n----------\nadd_query_items: str (optional)\n Additional query clauses\nend: datetime (optional)\n Query end time\nobservables: list\n List of observables\nquery_project: str (optional)\n Project clause to limit/change return column names\nstart: datetime (optional)\n Query start time\n (default value is: -30)\ntable: str (optional)\n Table name\n (default value is: ThreatIntelligenceIndicator)\nQuery:\n {table} {query_project} | where TimeGenerated >= datetime({start}) | where TimeGenerated <= datetime({end}) | summarize arg_max(TimeGenerated, *) by IndicatorId {add_query_items}\n" }, { "ename": "ValueError", "evalue": "No values found for these parameters: ['observables']", "output_type": "error", "traceback": [ "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m", "\u001b[1;31mValueError\u001b[0m Traceback (most recent call last)", "\u001b[1;32m\u001b[0m in \u001b[0;36m\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mqry_prov\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mThreatIntelligence\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mlist_indicators\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m", "\u001b[1;32me:\\src\\microsoft\\msticpy\\msticpy\\msticpy\\data\\data_providers.py\u001b[0m in \u001b[0;36m_execute_query\u001b[1;34m(self, *args, **kwargs)\u001b[0m\n\u001b[0;32m 245\u001b[0m \u001b[1;32mif\u001b[0m \u001b[0mmissing\u001b[0m\u001b[1;33m:\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m 246\u001b[0m \u001b[0mquery_source\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mhelp\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[1;32m--> 247\u001b[1;33m \u001b[1;32mraise\u001b[0m \u001b[0mValueError\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;34mf\"No values found for these parameters: {missing}\"\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m\u001b[0;32m 248\u001b[0m \u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0;32m 249\u001b[0m \u001b[0mquery_str\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mquery_source\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mcreate_query\u001b[0m\u001b[1;33m(\u001b[0m\u001b[1;33m**\u001b[0m\u001b[0mparams\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n", "\u001b[1;31mValueError\u001b[0m: No values found for these parameters: ['observables']" ] } ], "persistentId": "26056680-5fdf-454a-8fbe-81ec0b2154b5", "text": "qry_prov.ThreatIntelligence.list_indicators()" }, "executionTime": "2019-08-15T21:22:40.086Z" }, { "cell": { "executionCount": 1, "executionEventId": "8bb96ca5-5051-4f08-853b-3461927f2e2d", "hasError": false, "id": "7f936718-3dfa-454b-83b5-823eb4f3f3d9", "outputs": [ { "data": { "text/html": "\nThis product includes GeoLite2 data created by MaxMind, available from\nhttps://www.maxmind.com.\n", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\nThis library uses services provided by ipstack.\nhttps://ipstack.com", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "249a5400-e20e-452e-8d0d-2c65a8856bdf", "text": "# Imports\nimport sys\nimport warnings\n\nfrom msticpy.common.utility import check_py_version\nMIN_REQ_PYTHON = (3,6)\ncheck_py_version(MIN_REQ_PYTHON)\n\nfrom IPython import get_ipython\nfrom IPython.display import display, HTML, Markdown\nimport ipywidgets as widgets\n\nimport matplotlib.pyplot as plt\nimport seaborn as sns\nsns.set()\nimport networkx as nx\n\nimport pandas as pd\npd.set_option('display.max_rows', 100)\npd.set_option('display.max_columns', 50)\npd.set_option('display.max_colwidth', 100)\n\nfrom msticpy.data import QueryProvider\nfrom msticpy.nbtools import *\nfrom msticpy.sectools import *\nfrom msticpy.nbtools.foliummap import FoliumMap\n\nWIDGET_DEFAULTS = {'layout': widgets.Layout(width='95%'),\n 'style': {'description_width': 'initial'}}\n\n# Some of our dependencies (networkx) still use deprecated Matplotlib\n# APIs - we can't do anything about it so suppress them from view\nfrom matplotlib import MatplotlibDeprecationWarning\nwarnings.simplefilter(\"ignore\", category=MatplotlibDeprecationWarning)\n\n" }, "executionTime": "2019-08-15T21:31:42.502Z" }, { "cell": { "executionCount": 2, "executionEventId": "e0883897-7de4-42dc-86bb-ce94b49dad18", "hasError": false, "id": "63503871-cff8-4a4f-8907-13a087cc5338", "outputs": [ { "name": "stdout", "output_type": "stream", "text": "Please wait. Loading Kqlmagic extension...\n" }, { "data": { "text/html": "\n \n \n \n \n
\n
\n
\n

Kql Query Language, aka kql, is the query language for advanced analytics on Azure Monitor resources. The current supported data sources are \n Azure Data Explorer (Kusto), Log Analytics and Application Insights. To get more information execute '%kql --help \"kql\"'

\n

• kql reference: Click on 'Help' tab > and Select 'kql reference' or execute '%kql --help \"kql\"'
\n • Kqlmagic configuration: execute '%config Kqlmagic'
\n • Kqlmagic usage: execute '%kql --usage'
\n

\n
\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n \n \n \n \n

Kqlmagic package is updated frequently. Run '!pip install Kqlmagic --no-cache-dir --upgrade' to use the latest version.
Kqlmagic version: 0.1.101, source: https://github.com/Microsoft/jupyter-Kqlmagic

\n \n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "try {IPython.notebook.kernel.reconnect();} catch(err) {;}", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/javascript": "try {IPython.notebook.kernel.execute(\"NOTEBOOK_URL = '\" + window.location + \"'\");} catch(err) {;}", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n \n\n \n\n \n\n \n\n \n\n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" }, { "data": { "text/html": "\n \n\n \n\n \n\n ", "text/plain": "" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "9026887c-7e4b-4bea-9dbb-28b7445cdd2e", "text": "# Authentication\nfrom msticpy.common.wsconfig import WorkspaceConfig\nws_config = WorkspaceConfig('config.json')\nWORKSPACE_ID = \"a927809c-8142-43e1-96b3-4ad87cfe95a3\"\nTENANT_ID = \"69d28fd7-42a5-48bc-a619-af56397b9f28\"\n\nqry_prov = QueryProvider(data_environment='LogAnalytics')\nla_connection_string = f'loganalytics://code().tenant(\"{TENANT_ID}\").workspace(\"{WORKSPACE_ID}\")'\nqry_prov.connect(connection_str=la_connection_string)" }, "executionTime": "2019-08-15T21:37:36.751Z" }, { "cell": { "executionCount": 3, "executionEventId": "79650457-b14a-469c-8896-832eb9e97315", "hasError": false, "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87", "outputs": [ { "data": { "text/plain": "['FoliumMap',\n 'GeoLiteLookup',\n 'HTML',\n 'IPStackLookup',\n 'In',\n 'IoCExtract',\n 'MIN_REQ_PYTHON',\n 'Markdown',\n 'MatplotlibDeprecationWarning',\n 'Observations',\n 'Out',\n 'QueryProvider',\n 'SecurityAlert',\n 'SecurityEvent',\n 'TENANT_ID',\n 'TILookup',\n 'VERSION',\n 'VTLookup',\n 'WIDGET_DEFAULTS',\n 'WORKSPACE_ID',\n 'WorkspaceConfig',\n '_',\n '__',\n '___',\n '__builtin__',\n '__builtins__',\n '__doc__',\n '__loader__',\n '__name__',\n '__package__',\n '__spec__',\n '_dh',\n '_i',\n '_i1',\n '_i2',\n '_i3',\n '_ih',\n '_ii',\n '_iii',\n '_oh',\n 'add_related_alerts',\n 'base64',\n 'base64unpack',\n 'check_py_version',\n 'create_alert_graph',\n 'display',\n 'entities',\n 'entityschema',\n 'exit',\n 'geo_distance',\n 'geoip',\n 'get_ipython',\n 'iocextract',\n 'kql',\n 'la_connection_string',\n 'nbdisplay',\n 'nbwidgets',\n 'nx',\n 'observationlist',\n 'pd',\n 'pkg_config',\n 'plt',\n 'qry_prov',\n 'query_builtin_queries',\n 'query_defns',\n 'query_mgr',\n 'query_schema',\n 'quit',\n 'security_alert',\n 'security_alert_graph',\n 'security_base',\n 'security_event',\n 'sns',\n 'sys',\n 'tilookup',\n 'tiproviders',\n 'utility',\n 'utils',\n 'vtlookup',\n 'warnings',\n 'widgets',\n 'ws_config']" }, "execution_count": 3, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef", "text": "dir()" }, "executionTime": "2019-08-15T21:37:51.162Z" }, { "cell": { "executionCount": 4, "executionEventId": "7fda6933-b7f6-492c-b0bf-c982a2b5c7b4", "hasError": false, "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87", "outputs": [ { "data": { "text/plain": "['AlertSelector',\n 'Callable',\n 'Enum',\n 'GetEnvironmentKey',\n 'GetSingleAlert',\n 'JSONDecodeError',\n 'Layout',\n 'List',\n 'Lookback',\n 'Mapping',\n 'QueryParamProvider',\n 'QueryTime',\n 'SelectString',\n 'TimeUnit',\n 'VERSION',\n '__all__',\n '__author__',\n '__builtins__',\n '__cached__',\n '__doc__',\n '__file__',\n '__loader__',\n '__name__',\n '__package__',\n '__spec__',\n '__version__',\n '_parse_time_unit',\n 'datetime',\n 'display',\n 'export',\n 'json',\n 'os',\n 'pd',\n 'qry',\n 're',\n 'timedelta',\n 'widgets']" }, "execution_count": 4, "metadata": {}, "output_type": "execute_result" } ], "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef", "text": "dir(nbwidgets)" }, "executionTime": "2019-08-15T21:38:06.750Z" }, { "cell": { "executionCount": 5, "executionEventId": "16cd90e7-100a-41bb-9479-14454e477093", "hasError": false, "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87", "outputs": [], "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef", "text": "q_times = nbwidgets.QueryTime()" }, "executionTime": "2019-08-15T21:38:36.419Z" }, { "cell": { "executionCount": 6, "executionEventId": "1dfd861f-3f7e-42aa-ad74-c7f12c162a91", "hasError": true, "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87", "outputs": [ { "ename": "TypeError", "evalue": "__init__() got an unexpected keyword argument 'autodisplay'", "output_type": "error", "traceback": [ "\u001b[1;31m---------------------------------------------------------------------------\u001b[0m", "\u001b[1;31mTypeError\u001b[0m Traceback (most recent call last)", "\u001b[1;32m\u001b[0m in \u001b[0;36m\u001b[1;34m\u001b[0m\n\u001b[1;32m----> 1\u001b[1;33m \u001b[0mq_times\u001b[0m \u001b[1;33m=\u001b[0m \u001b[0mnbwidgets\u001b[0m\u001b[1;33m.\u001b[0m\u001b[0mQueryTime\u001b[0m\u001b[1;33m(\u001b[0m\u001b[0mautodisplay\u001b[0m\u001b[1;33m=\u001b[0m\u001b[1;32mTrue\u001b[0m\u001b[1;33m)\u001b[0m\u001b[1;33m\u001b[0m\u001b[1;33m\u001b[0m\u001b[0m\n\u001b[0m", "\u001b[1;31mTypeError\u001b[0m: __init__() got an unexpected keyword argument 'autodisplay'" ] } ], "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef", "text": "q_times = nbwidgets.QueryTime(autodisplay=True)" }, "executionTime": "2019-08-15T21:39:01.195Z" }, { "cell": { "executionCount": 7, "executionEventId": "da819559-25b5-451f-8edc-54fa1761284e", "hasError": false, "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87", "outputs": [ { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "b21d5a9747a64fb0b8a4c866219edebf", "version_major": 2, "version_minor": 0 }, "text/plain": "HTML(value='

Set query time boundaries

')" }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "9b770b01e4d049a091997afa4b9fd6b5", "version_major": 2, "version_minor": 0 }, "text/plain": "HBox(children=(DatePicker(value=datetime.date(2019, 8, 15), description='Origin Date'), Text(value='21:39:12.3…" }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "74146108f4b04c6c993408d2108bfabb", "version_major": 2, "version_minor": 0 }, "text/plain": "VBox(children=(IntRangeSlider(value=(-60, 10), description='Time Range (min):', layout=Layout(width='80%'), mi…" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef", "text": "q_times = nbwidgets.QueryTime(auto_display=True)" }, "executionTime": "2019-08-15T21:39:12.712Z" }, { "cell": { "executionCount": 8, "executionEventId": "dd3239aa-89dc-46de-9ce2-75a23e53f5bd", "hasError": false, "id": "2ff20a29-8db3-42f9-bb33-745f305dbd87", "outputs": [ { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "216098facd7e42db99bbfee5d78c4f79", "version_major": 2, "version_minor": 0 }, "text/plain": "HTML(value='

Set query time boundaries

')" }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "fe0f85d832ab46adaefd7505d2b5161e", "version_major": 2, "version_minor": 0 }, "text/plain": "HBox(children=(DatePicker(value=datetime.date(2019, 8, 15), description='Origin Date'), Text(value='21:39:34.2…" }, "metadata": {}, "output_type": "display_data" }, { "data": { "application/vnd.jupyter.widget-view+json": { "model_id": "26b4f1c36b494bcf8985d9bde8521a13", "version_major": 2, "version_minor": 0 }, "text/plain": "VBox(children=(IntRangeSlider(value=(-60, 10), description='Time Range (day):', layout=Layout(width='80%'), mi…" }, "metadata": {}, "output_type": "display_data" } ], "persistentId": "26b9e886-3fc7-4985-9873-7fa7c3a00cef", "text": "q_times = nbwidgets.QueryTime(units=\"day\", auto_display=True)" }, "executionTime": "2019-08-15T21:39:34.401Z" } ], "kernelspec": { "display_name": "Python (condadev)", "language": "python", "name": "condadev" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.6.10" }, "toc": { "base_numbering": 1, "nav_menu": {}, "number_sections": false, "sideBar": true, "skip_h1_title": false, "title_cell": "Table of Contents", "title_sidebar": "Contents", "toc_cell": true, "toc_position": {}, "toc_section_display": true, "toc_window_display": true }, "uuid": "46ae5bc2-7293-4189-867f-4d9d055cd37e", "varInspector": { "cols": { "lenName": 16, "lenType": 16, "lenVar": 40 }, "kernels_config": { "python": { "delete_cmd_postfix": "", "delete_cmd_prefix": "del ", "library": "var_list.py", "varRefreshCmd": "print(var_dic_list())" }, "r": { "delete_cmd_postfix": ") ", "delete_cmd_prefix": "rm(", "library": "var_list.r", "varRefreshCmd": "cat(var_dic_list()) " } }, "types_to_exclude": [ "module", "function", "builtin_function_or_method", "instance", "_Feature" ], "window_display": false }, "widgets": { "application/vnd.jupyter.widget-state+json": { "state": { "01868a030ecf4f29b4e08d077ba78ab7": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "100px", "width": "50%" } }, "01d99f261aa140a6b9b68198c1c0cb0a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "33.44.55.66 type: ipv4 (sev: warning) providers: ['XForce']", "51.75.29.61 type: ipv4 (sev: high) providers: ['OTX']", "51.75.29.61 type: ipv4 (sev: warning) providers: ['XForce']", "52.183.120.194 type: ipv4 (sev: warning) providers: ['XForce']", "ajaraheritage.ge type: dns (sev: high) providers: ['OTX']", "cc2db822f652ca67038ba7cca8a8bde3 type: md5_hash (sev: high) providers: ['XForce']", "f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092 type: sha256_hash (sev: high) providers: ['OTX', 'XForce']", "http://ajaraheritage.ge/g7cberv type: url (sev: high) providers: ['OTX']", "http://cic-integration.com/hjy93JNBasdas type: url (sev: warning) providers: ['OTX']" ], "description": "Select an item", "index": 0, "layout": "IPY_MODEL_276d5a5048ac4a8d865d6e4a01864b73", "style": "IPY_MODEL_fea78f593cce470fa2b6fa746cc7f729" } }, "05eb56ec6d634d42aeb702dfd557e67c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "0f2ca2cc9d8b4097beb75e8538b72a79": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "1f0ae27a42e94b24ac459ee5785110c1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "276d5a5048ac4a8d865d6e4a01864b73": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "200px", "width": "50%" } }, "308064709a8a47ebb0574c13ed176659": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "33.44.55.66 type: ipv4 (sev: warning) providers: ['XForce']", "51.75.29.61 type: ipv4 (sev: high) providers: ['OTX']", "51.75.29.61 type: ipv4 (sev: warning) providers: ['XForce']", "52.183.120.194 type: ipv4 (sev: warning) providers: ['XForce']", "ajaraheritage.ge type: dns (sev: high) providers: ['OTX']", "cc2db822f652ca67038ba7cca8a8bde3 type: md5_hash (sev: high) providers: ['XForce']", "f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092 type: sha256_hash (sev: high) providers: ['OTX', 'XForce']", "http://ajaraheritage.ge/g7cberv type: url (sev: high) providers: ['OTX']", "http://cic-integration.com/hjy93JNBasdas type: url (sev: warning) providers: ['OTX']" ], "description": "Select an item", "index": 0, "layout": "IPY_MODEL_01868a030ecf4f29b4e08d077ba78ab7", "style": "IPY_MODEL_05eb56ec6d634d42aeb702dfd557e67c" } }, "32b029001f26458bae79971a88c3b54d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "405c4ab5c5f5471ba83775689e50f989": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "414f68f03cc94903a6d62ab9fa4baf4b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_cd771fc431704ac3a491baaae2d26932", "IPY_MODEL_7245b0b3523c4eae8a46301fde04c03a" ], "layout": "IPY_MODEL_b797d83fda754e84bf05f27a33aa1bde" } }, "4b2b2a5474a44ac59f85c1df07c8b0e9": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "5414240c5839425ab62fc580c1e414b9": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "56ab970fdbd04eccb795ac7a05c5939c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_f40db97534d54ac29d31737433823c40", "IPY_MODEL_01d99f261aa140a6b9b68198c1c0cb0a" ], "layout": "IPY_MODEL_0f2ca2cc9d8b4097beb75e8538b72a79" } }, "5c4660fd7892490ba4bbbc70682ef64b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_405c4ab5c5f5471ba83775689e50f989", "style": "IPY_MODEL_4b2b2a5474a44ac59f85c1df07c8b0e9" } }, "7245b0b3523c4eae8a46301fde04c03a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "33.44.55.66 type: ipv4 (sev: warning) providers: ['XForce']", "51.75.29.61 type: ipv4 (sev: high) providers: ['OTX']", "51.75.29.61 type: ipv4 (sev: warning) providers: ['XForce']", "52.183.120.194 type: ipv4 (sev: warning) providers: ['XForce']", "ajaraheritage.ge type: dns (sev: high) providers: ['OTX']", "cc2db822f652ca67038ba7cca8a8bde3 type: md5_hash (sev: high) providers: ['XForce']", "f8a7135496fd6168df5f0ea21c745db89ecea9accc29c5cf281cdf3145865092 type: sha256_hash (sev: high) providers: ['OTX', 'XForce']", "http://ajaraheritage.ge/g7cberv type: url (sev: high) providers: ['OTX']", "http://cic-integration.com/hjy93JNBasdas type: url (sev: warning) providers: ['OTX']" ], "description": "Select an item", "index": 0, "layout": "IPY_MODEL_8f2ff03b77f6412c8cc6c633e3e0ce2d", "style": "IPY_MODEL_1f0ae27a42e94b24ac459ee5785110c1" } }, "8f2ff03b77f6412c8cc6c633e3e0ce2d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "300px", "width": "50%" } }, "ac60bc5d45484c1a83b37c95773fee4e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_5c4660fd7892490ba4bbbc70682ef64b", "IPY_MODEL_308064709a8a47ebb0574c13ed176659" ], "layout": "IPY_MODEL_ad599d17cba8449c82e4116473bdc60e" } }, "ad599d17cba8449c82e4116473bdc60e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b44cce71c34946f5be83c3ba671d6748": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b797d83fda754e84bf05f27a33aa1bde": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "c48b1a2282db403ca335a1da27deb376": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "95%" } }, "cd771fc431704ac3a491baaae2d26932": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_b44cce71c34946f5be83c3ba671d6748", "style": "IPY_MODEL_f8986c2e6447483fb03f86316b9bf494" } }, "f40db97534d54ac29d31737433823c40": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_5414240c5839425ab62fc580c1e414b9", "style": "IPY_MODEL_32b029001f26458bae79971a88c3b54d" } }, "f8986c2e6447483fb03f86316b9bf494": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "fea78f593cce470fa2b6fa746cc7f729": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } } }, "version_major": 2, "version_minor": 0 } } }, "nbformat": 4, "nbformat_minor": 4 }