Adding in schema for DeviceNetworkEvents from MDATP raw data tables

2020-11-12 20:51:27 -08:00 · 2020-11-12 20:51:27 -08:00 · 78191eea2c
--- a/.script/tests/KqlvalidationsTests/CustomTables/DeviceNetworkEvents.json
+++ b/.script/tests/KqlvalidationsTests/CustomTables/DeviceNetworkEvents.json
@ -0,0 +1,157 @@
+{
+  "Name": "DeviceNetworkEvents",
+  "Properties": [
+    {
+      "Name": "TenantId",
+      "Type": "String"
+    },
+    {
+      "Name": "ActionType",
+      "Type": "String"
+    },
+    {
+      "Name": "AdditionalFields",
+      "Type": "Dynamic"
+    },
+    {
+      "Name": "AppGuardContainerId",
+      "Type": "String"
+    },
+    {
+      "Name": "DeviceId",
+      "Type": "String"
+    },
+    {
+      "Name": "DeviceName",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessAccountDomain",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessAccountName",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessAccountObjectId",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessAccountSid",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessAccountUpn",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessCommandLine",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessCreationTime",
+      "Type": "Datetime"
+    },
+    {
+      "Name": "InitiatingProcessFileName",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessFolderPath",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessId",
+      "Type": "Long"
+    },
+    {
+      "Name": "InitiatingProcessIntegrityLevel",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessMD5",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessParentCreationTime",
+      "Type": "Datetime"
+    },
+    {
+      "Name": "InitiatingProcessParentFileName",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessParentId",
+      "Type": "Long"
+    },
+    {
+      "Name": "InitiatingProcessSHA1",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessSHA256",
+      "Type": "String"
+    },
+    {
+      "Name": "InitiatingProcessTokenElevation",
+      "Type": "String"
+    },
+    {
+      "Name": "LocalIP",
+      "Type": "String"
+    },
+    {
+      "Name": "LocalIPType",
+      "Type": "String"
+    },
+    {
+      "Name": "LocalPort",
+      "Type": "Int"
+    },
+    {
+      "Name": "MachineGroup",
+      "Type": "String"
+    },
+    {
+      "Name": "Protocol",
+      "Type": "String"
+    },
+    {
+      "Name": "RemoteIP",
+      "Type": "String"
+    },
+    {
+      "Name": "RemoteIPType",
+      "Type": "String"
+    },
+    {
+      "Name": "RemotePort",
+      "Type": "Int"
+    },
+    {
+      "Name": "RemoteUrl",
+      "Type": "String"
+    },
+    {
+      "Name": "ReportId",
+      "Type": "Long"
+    },
+    {
+      "Name": "TimeGenerated",
+      "Type": "Datetime"
+    },
+    {
+      "Name": "Timestamp",
+      "Type": "Datetime"
+    },
+    {
+      "Name": "SourceSystem",
+      "Type": "String"
+    },
+    {
+      "Name": "Type",
+      "Type": "String"
+    }
+  ]
+}