XDRInternals.Format.ps1xml
|
<?xml version="1.0" encoding="utf-8" ?> <Configuration> <ViewDefinitions> <View> <Name>XdrEndpointDevice</Name> <ViewSelectedBy> <TypeName>XdrEndpointDevice</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>ComputerDnsName</Label> </TableColumnHeader> <TableColumnHeader> <Label>LastIpAddress</Label> </TableColumnHeader> <TableColumnHeader> <Label>RiskScore</Label> </TableColumnHeader> <TableColumnHeader> <Label>CriticalityLevel</Label> </TableColumnHeader> <TableColumnHeader> <Label>ExposureScore</Label> </TableColumnHeader> <TableColumnHeader> <Label>DeviceType</Label> </TableColumnHeader> <TableColumnHeader> <Label>Domain</Label> </TableColumnHeader> <TableColumnHeader> <Label>ManagedBy</Label> </TableColumnHeader> <TableColumnHeader> <Label>HealthStatus</Label> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>ComputerDnsName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>LastIpAddress</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>RiskScore</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>CriticalityLevel</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ExposureScore</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>DeviceType</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Domain</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ManagedBy</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>HealthStatus</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>XdrIdentityIdentity</Name> <ViewSelectedBy> <TypeName>XdrIdentityIdentity</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Display name</Label> <Width>25</Width> </TableColumnHeader> <TableColumnHeader> <Label>SID</Label> <Width>47</Width> </TableColumnHeader> <TableColumnHeader> <Label>Domain</Label> <Width>20</Width> </TableColumnHeader> <TableColumnHeader> <Label>Type</Label> <Width>15</Width> </TableColumnHeader> <TableColumnHeader> <Label>Object ID</Label> <Width>36</Width> </TableColumnHeader> <TableColumnHeader> <Label>Identity providers</Label> <Width>25</Width> </TableColumnHeader> <TableColumnHeader> <Label>Identity environment</Label> <Width>20</Width> </TableColumnHeader> <TableColumnHeader> <Label>UPN</Label> <Width>30</Width> </TableColumnHeader> <TableColumnHeader> <Label>Tags</Label> <Width>20</Width> </TableColumnHeader> <TableColumnHeader> <Label>Created time</Label> <Width>20</Width> </TableColumnHeader> <TableColumnHeader> <Label>Criticality level</Label> <Width>17</Width> </TableColumnHeader> <TableColumnHeader> <Label>Account status</Label> <Width>15</Width> </TableColumnHeader> <TableColumnHeader> <Label>Last updated</Label> <Width>20</Width> </TableColumnHeader> <TableColumnHeader> <Label>Entra ID risk level</Label> <Width>20</Width> </TableColumnHeader> <TableColumnHeader> <Label>Entra ID risk level update time</Label> <Width>32</Width> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>displayName</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.ids.sid</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.ids.accountDomain</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>type</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.ids.aad</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>($_.identityProviders | ForEach-Object { if ($_ -eq 'AzureActiveDirectory') { 'EntraID' } else { $_ } }) -join ', '</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>source</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>userPrincipalName</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.tags -join ', '</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>created</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>criticalityLevel</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock> $status = $_.status if ($status) { # Convert to CamelCase $status.Substring(0,1).ToUpper() + $status.Substring(1).ToLower() } </ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>updateTime</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>riskLevel</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>riskLastUpdateTime</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> </ViewDefinitions> </Configuration> |