Azure-Sentinel/Tools/externaldata/securityalert.yaml

externaldata(TenantId:string, TimeGenerated:datetime, DisplayName:string, AlertName:string, AlertSeverity:string, Description:string, ProviderName:string, VendorName:string, VendorOriginalId:string, SystemAlertId:string, ResourceId:string, SourceComputerId:string, AlertType:string, ConfidenceLevel:string, ConfidenceScore:real, IsIncident:bool, StartTime:datetime, EndTime:datetime, ProcessingEndTime:datetime, RemediationSteps:string, ExtendedProperties:string, Entities:string, SourceSystem:string, WorkspaceSubscriptionId:string, WorkspaceResourceGroup:string, ExtendedLinks:string, ProductName:string, ProductComponentName:string, AlertLink:string, Status:string, CompromisedEntity:string, Tactics:string, Type:string)
[
  h@"https://STORAGEACCOUNTNAME.blob.core.windows.net/am-securityalert/SASSIG"
]
with(format="json")