From 3449bd237e2d5d134032f7f2ca18b9f13de68cd1 Mon Sep 17 00:00:00 2001 From: lomayor Date: Wed, 25 Sep 2019 16:46:41 -0700 Subject: [PATCH] AH_updates --- .../advanced-hunting-alertevents-table.md | 5 +---- .../advanced-hunting-best-practices.md | 1 - .../advanced-hunting-filecreationevents-table.md | 3 --- .../advanced-hunting-imageloadevents-table.md | 3 --- .../advanced-hunting-logonevents-table.md | 5 +---- .../advanced-hunting-machineinfo-table.md | 3 --- .../advanced-hunting-machinenetworkinfo-table.md | 3 --- .../advanced-hunting-miscevents-table.md | 3 --- .../advanced-hunting-networkcommunicationevents-table.md | 5 +---- .../advanced-hunting-processcreationevents-table.md | 3 --- .../microsoft-defender-atp/advanced-hunting-reference.md | 4 +--- .../advanced-hunting-registryevents-table.md | 3 --- .../advanced-hunting-shared-queries.md | 4 +--- .../microsoft-defender-atp/advanced-hunting.md | 3 +-- .../microsoft-defender-atp/overview-hunting.md | 3 ++- 15 files changed, 8 insertions(+), 43 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md index 78f91d7d4d..8863558d45 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md @@ -47,9 +47,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | Table | string | Table that contains the details of the event | ## Related topics - - [Advanced hunting overview](overview-hunting.md) - [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) -- [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) +- [Understand the schema](advanced-hunting-reference.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 5c9d68d3a9..5684c777c2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -96,6 +96,5 @@ ProcessCreationEvents ## Related topics - [Advanced hunting overview](overview-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) - [Learn the query language](advanced-hunting.md) - [Understand the schema](advanced-hunting-schema-reference.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md index a9e7ea22da..eb9d39ef83 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md @@ -73,9 +73,6 @@ For information on other tables in the Advanced hunting schema, see [the Advanc | IsAzureInfoProtectionApplied | boolean | Indicates whether the file is encrypted by Azure Information Protection | ## Related topics - - [Advanced hunting overview](overview-hunting.md) - [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md index 6d7c4ffb4b..d4d4103261 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md @@ -59,9 +59,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | ## Related topics - - [Advanced hunting overview](overview-hunting.md) - [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md index 3a19d4fd05..7d42044b2c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md @@ -67,9 +67,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | IsLocalAdmin | boolean | Boolean indicator of whether the user is a local administrator on the machine | ## Related topics - - [Advanced hunting overview](overview-hunting.md) - [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) -- [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) \ No newline at end of file +- [Understand the schema](advanced-hunting-reference.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md index 61b86dbfb7..db280a908b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md @@ -48,9 +48,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine | ## Related topics - - [Advanced hunting overview](overview-hunting.md) - [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md index 666b64cfcc..1b60ba391e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md @@ -49,9 +49,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | IPAddresses | string | JSON array containing all the IP addresses assigned to the adapter, along with their respective subnet prefix and IP address space, such as public, private, or link-local | ## Related topics - - [Advanced hunting overview](overview-hunting.md) - [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md index d4c7a907a1..233cc3ad55 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md @@ -80,9 +80,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | ## Related topics - - [Advanced hunting overview](overview-hunting.md) - [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md index 17692f0ff6..17cdb7c527 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md @@ -63,9 +63,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | ## Related topics - - [Advanced hunting overview](overview-hunting.md) - [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) -- [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) \ No newline at end of file +- [Understand the schema](advanced-hunting-reference.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md index bf680db545..0d003ef2b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md @@ -71,9 +71,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | ## Related topics - - [Advanced hunting overview](overview-hunting.md) - [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md index 0269e7f451..38a68ada9b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md @@ -48,6 +48,4 @@ Table and column names are also listed within the Microsoft Defender Security Ce ## Related topics - [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) -- [Apply query best practices](advanced-hunting-best-practices.md) +- [Learn the query language](advanced-hunting.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md index 715cc23405..1c59046a3e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md @@ -61,9 +61,6 @@ For information on other tables in the Advanced hunting schema, see [the Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | ## Related topics - - [Advanced hunting overview](overview-hunting.md) - [Learn the query language](advanced-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index d91d3019a3..1228ac7c26 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -61,6 +61,4 @@ Microsoft security researchers regularly share Advanced hunting queries in a [de ## Related topics - [Advanced hunting overview](overview-hunting.md) -- [Learn the query language](advanced-hunting.md) -- [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) \ No newline at end of file +- [Learn the query language](advanced-hunting.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md index cf2722b711..68aee0ff85 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md @@ -135,6 +135,5 @@ For more information on Kusto query language and supported operators, see [Quer ## Related topics - [Advanced hunting overview](overview-hunting.md) -- [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) +- [Apply query best practices](advanced-hunting-best-practices.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md index ac7753e2bd..8b2eb5fd21 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md @@ -68,4 +68,5 @@ The filter selections are added as additional query elements and the results are - [Learn the query language](advanced-hunting.md) - [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-reference.md) -- [Apply query best practices](advanced-hunting-best-practices.md) \ No newline at end of file +- [Apply query best practices](advanced-hunting-best-practices.md) +- [Custom detections overview](overview-custom-detections.md) \ No newline at end of file