From 17b036ca54b66eb18a7b69e034e47f02eef8f115 Mon Sep 17 00:00:00 2001
From: Liza Mash <lizamas@microsoft.com>
Date: Sun, 25 Mar 2018 07:41:20 +0000
Subject: [PATCH] Updated
 advanced-hunting-windows-defender-advanced-threat-protection.md

---
 ...vanced-hunting-windows-defender-advanced-threat-protection.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
index 7394b1e678..5e9c033c35 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
@@ -97,7 +97,6 @@ The following tables are exposed as part of advanced hunting:
 - **LogonEvents** - Stores all login events 
 - **ImageLoadEvents** - Stores all load dll events  
 - **MiscEvents** - Stores several types of events, including Windows Defender Exploit Guard, Windows Defender SmartScreen, Windows Defender Application Guard, and Firewall events.
-- **SuspiciousEvents** - Stores all events that deviate from typical event behavior
 
 ## Use shared queries
 Shared queries are prepopulated queries that give you a starting point on running queries on your organization's data. It includes a couple of examples that help demonstrate the query language capabilities.