命名空间:microsoft.graph.security
表示用于查询和检索相关审核日志记录的审核日志查询。
方法
| 方法 | 返回类型 | 说明 |
|---|---|---|
| 列出审核日志查询 | auditLogQuery 集合 | 获取 auditLogQuery 对象及其属性的列表。 |
| 创建审核日志查询 | auditLogQuery | 创建新的 auditLogQuery 对象。 |
| 获取审核日志查询 | auditLogQuery | 读取 auditLogQuery 对象的属性和关系。 |
| 列出记录 | auditLogRecord 集合 | 从记录导航属性获取 auditLogRecord 资源。 |
属性
| 属性 | 类型 | 说明 |
|---|---|---|
| administrativeUnitIdFilters | 字符串集合 | 标记为审核日志记录的管理单元。 |
| displayName | String | 保存的审核日志查询的显示名称。 |
| filterEndDateTime | DateTimeOffset | 查询中日期范围的结束日期。 |
| filterStartDateTime | DateTimeOffset | 查询中日期范围的开始日期。 |
| id | String | 审核日志查询的唯一标识符。 继承自 microsoft.graph.entity。 |
| ipAddressFilters | 字符串集合 | 记录活动时使用的设备的 IP 地址。 |
| keywordFilter | String | 用于搜索审核日志的非索引属性的自由文本字段。 |
| objectIdFilters | 字符串集合 | 对于 SharePoint 和 OneDrive for Business 活动,用户访问的文件或文件夹的完整路径名称。 对于 Exchange 管理员审核日志,通过 cmdlet 修改的对象的名称。 |
| operationFilters | 字符串集合 | 用户或管理员活动的名称。 有关最常见操作/活动的说明,请参阅在 Office 365 保护中心搜索审核日志。 |
| recordTypeFilters | microsoft.graph.security.auditLogRecordType 集合 | 记录指示的操作类型。 可能的值为:、、、、、exchangeItemGroupsharePointFileOperationsyntheticProbesharePointazureActiveDirectoryoneDrive、、 microsoftTeamsDevicehrSignalmicrosoftTeamsAdminsharePointContentTypeOperationsharePointFieldOperationinformationBarrierPolicyApplicationdataInsightsRestApiAudithygieneEventexchangeItemAggregatedteamsHealthcarelabelContentExplorerthreatIntelligenceAtpContentpowerAppsPlansharePointListItemOperationpowerAppsAppworkplaceAnalyticsmipLabelmicrosoftTeamsAnalyticssecurityComplianceInsightsinformationWorkerProtectiondiscoverymicrosoftTeamsskypeForBusinessCmdletsyammercrmthreatIntelligencepowerBIAuditexchangeAggregatedOperationsecurityComplianceCenterEOPCmdletmicrosoftFlowcampaignmailSubmissioncomplianceDLPSharePointClassificationmicrosoftStreamaeDthreatIntelligenceUrldataGovernancethreatFinderkaizalasecurityComplianceAlertssharePointListOperationsharePointCommentOperationprojectcomplianceDLPExchangesharePointSharingOperationswayskypeForBusinessUsersBlockedazureActiveDirectoryAccountLogonskypeForBusinessPSTNUsagedataCenterSecurityCmdletazureActiveDirectoryStsLogoncomplianceDLPSharePointexchangeItemexchangeAdmindlpEndpoint, airInvestigation, quarantine, microsoftForms, applicationAudit, complianceSupervisionExchange, customerKeyServiceEncryption, , mipAutoLabelSharePointItemofficeNativemipAutoLabelSharePointPolicyLocationmicrosoftTeamsShiftssecureScoremipAutoLabelExchangeItemcortanaBriefingsearchwdatpAlertspowerPlatformAdminDlppowerPlatformAdminEnvironmentmdatpAuditsensitivityLabelPolicyMatchsensitivityLabelActionsensitivityLabeledFileActionattackSimairManualInvestigationsecurityComplianceRBACuserTrainingairAdminActionInvestigationmsticphysicalBadgingSignalteamsEasyApprovalsaipDiscoveraipSensitivityLabelActionaipProtectionActionaipFileDeletedaipHeartBeatmcasAlertsonPremisesFileShareScannerDlponPremisesSharePointScannerDlpexchangeSearchsharePointSearchprivacyDataMinimizationlabelAnalyticsAggregatemyAnalyticsSettingssecurityComplianceUserChangecomplianceDLPExchangeClassificationcomplianceDLPEndpointmipExactDataMatchmsdeResponseActionsmsdeGeneralSettingsmsdeIndicatorsSettingsms365DCustomDetectionmsdeRolesSettingsmapgAlertsmapgPolicymapgRemediationprivacyRemediationActionprivacyDigestEmailmipAutoLabelSimulationProgressmipAutoLabelSimulationCompletionmipAutoLabelProgressFeedbackdlpSensitiveInformationType, mipAutoLabelSimulationStatistics, largeContentMetadata, microsoft365Group, cdpMlInferencingResult, filteringEntityEventdlpImportResultcdpCompliancePolicyExecutionmultiStageDispositionprivacyDataMatchhealthcareSignalfilteringEmailFeaturesfilteringDocMetadatapowerBIDlpfilteringUrlInfofilteringAttachmentInfocoreReportingSettingscomplianceConnectorconsumptionResourcepowerPlatformLockboxResourceCommandpowerPlatformLockboxResourceAccessRequestcdpPredictiveCodingLabelcdpCompliancePolicyUserFeedbackwebpageActivityEndpointomePortalscorePlatformGenericAuditRecordpowerPlatformServiceActivityfilteringTimeTravelDocMetadatamicrosoftManagedServicePlatformlabelExplorerfilteringMailSubmissionalertfilteringRuleHitsmipLabelAnalyticsAuditRecordfilteringUrlClickalertStatuscmImprovementActionChangetenantAllowBlockListcdpUnifiedFeedbackfilteringPostMailDeliveryActionfilteringMailGradingResultcaseInvestigationrecordsManagementprivacyRemediationcaseehrConnectorincidentStatuscdpDlpSensitivealertIncidentdataShareOperationpublicFolderfilteringMailMetadatacdpClassificationMailItemcdpClassificationDocumentofficeScriptsRunActionprivacyTenantAuditHistoryRecord, aipScannerDiscoverEvent, eduDataLakeDownloadOperation, m365ComplianceConnector, microsoftGraphDataConnectOperation, mdcRegulatoryComplianceAssessmentsplannerTaskListplannerTenantSettingsprojectForTheWebProjectprojectForTheWebTaskplannerPlanListprojectForTheWebRoadmapItemprojectForTheWebRoadmapprojectForTheWebProjectSettingsprojectForTheWebRoadmapSettingsquarantineMetadatamicrosoftTodoAudittimeTravelFilteringDocMetadataplannerRostersharePointAppPermissionOperationteamsQuarantineMetadatamicrosoftTeamsSensitivityLabelActionfilteringTeamsMetadatafilteringTeamsUrlInfofilteringTeamsPostDeliveryActionmicrosoftGraphDataConnectConsentattackSimAdminfilteringAtpDetonationInfofilteringRuntimeInfovivaGoalsmdaDataSecuritySignalprivacyPortalmdcSecurityConnectorsmdcRegulatoryComplianceControlsmdcRegulatoryComplianceStandardsmanagedTenantsmdcAssessmentsplannerTaskplannerCopyPlanplannerPlanms365DIncidentms365DSuppressionRulepurviewDataMapOperationfilteringUrlPostClickActionupdateQuarantineMetadataplannerRosterSensitivityLabelunifiedSimulationSummaryteamsUpdatesunifiedSimulationMatchedItemirmUserDefinedDetectionSignalfilteringDelistingMetadatamicrosoftPurviewfilteringEmailContentFeaturespowerPagesSitepowerAppsResourcecomplianceDLPSharePointClassificationExtended、microsoftDefenderForIdentityAudit、、supervisoryReviewDayXInsight、defenderExpertsforXDRAdmin、hostedRpacdpContentExplorerAggregateRecordcdpEdgeBlockedMessage、、cdpHygieneAttachmentInfo、cdpHygieneSummary、cdpPostMailDeliveryActioncdpEmailFeatures、cdpUrlClickcdpHygieneUrlInfo、cdpPackageManagerHygieneEvent、、filteringDocScan、timeTravelFilteringDocScan、 。 unknownFutureValuemapgOnboard |
| serviceFilter | String | 指审核记录中的工作负载属性。 这是发生活动的Microsoft服务。 可选。 |
| status | microsoft.graph.security.auditLogQueryStatus | 描述查询的当前状态。 可能的值包括 notStarted、running、succeeded、failed、cancelled、unknownFutureValue。 |
| userPrincipalNameFilters | 字符串集合 | UPN (用户主体名称) 执行作的用户 (作属性中指定的) ,导致记录被记录;例如, my_name@my_domain_name。 |
关系
| 关系 | 类型 | 说明 |
|---|---|---|
| 记录 | microsoft.graph.security.auditLogRecord 集合 | 单个审核日志记录。 |
JSON 表示形式
以下 JSON 表示形式显示了资源类型。
{
"@odata.type": "#microsoft.graph.security.auditLogQuery",
"id": "String (identifier)",
"displayName": "String",
"filterStartDateTime": "String (timestamp)",
"filterEndDateTime": "String (timestamp)",
"recordTypeFilters": [
"String"
],
"keywordFilter": "String",
"serviceFilter": "String",
"operationFilters": [
"String"
],
"userPrincipalNameFilters": [
"String"
],
"ipAddressFilters": [
"String"
],
"objectIdFilters": [
"String"
],
"administrativeUnitIdFilters": [
"String"
],
"status": "String"
}