An incident in Microsoft 365 Defender is a collection of correlated alerts and associated data that make up the story of an attack. Microsoft 365 Read more
definitions
Web Data Source Field Definitions
Field Name Definition appsite Friendly name for a Website or Application authtype blocked This occurs because the user is not authorized to access the site, Read more
Palo Alto Data Source Field Definitions
Field Name Definition action Action taken for the session; values are alert, allow, deny, drop, drop-all-packets, reset-client, reset-server, reset-both, block-url. action_source Specifies whether the action Read more