From 3aba7e57c8d34b634cdbb044225c12aa35a3ac26 Mon Sep 17 00:00:00 2001 From: schmurky Date: Mon, 22 Feb 2021 14:53:22 +0800 Subject: [PATCH] Added two new pages and deleted old one --- ...nting-devicetvmsoftwareinventory-table.md} | 20 +++--- ...-devicetvmsoftwarevulnerabilities-table.md | 62 +++++++++++++++++++ 2 files changed, 74 insertions(+), 8 deletions(-) rename windows/security/threat-protection/microsoft-defender-atp/{advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md => advanced-hunting-devicetvmsoftwareinventory-table.md} (69%) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilities-table.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventory-table.md similarity index 69% rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventory-table.md index 9a7862714a..b550022bcb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventory-table.md @@ -1,6 +1,6 @@ --- -title: DeviceTvmSoftwareInventoryVulnerabilities table in the advanced hunting schema -description: Learn about the inventory of software in your devices and their vulnerabilities in the DeviceTvmSoftwareInventoryVulnerabilities table of the advanced hunting schema. +title: DeviceTvmSoftwareInventory table in the advanced hunting schema +description: Learn about the inventory of software in your devices in the DeviceTvmSoftwareInventory table of the advanced hunting schema. keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -8,8 +8,8 @@ ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: dolmont -author: DulceMontemayor +ms.author: maccruz +author: maccruz ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -18,7 +18,7 @@ ms.topic: article ms.technology: mde --- -# DeviceTvmSoftwareInventoryVulnerabilities +# DeviceTvmSoftwareInventory [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] @@ -30,7 +30,10 @@ ms.technology: mde [!include[Prerelease information](../../includes/prerelease.md)] -The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) inventory of software on your devices as well as any known vulnerabilities in these software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. Use this reference to construct queries that return information from the table. +The `DeviceTvmSoftwareInventory` table in the advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) inventory of software on your devices. Use this reference to construct queries that return information from the table. + +>[!NOTE] +>The `DeviceTvmSoftwareInventory` and `DeviceTvmSoftwareVulnerabilities` tables have replaced the `DeviceTvmSoftwareInventoryVulnerabilities` table. Together, the first two tables include more columns you can use to help inform your vulnerability management activities. For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). @@ -44,8 +47,8 @@ For information on other tables in the advanced hunting schema, see [the advance | `SoftwareVendor` | string | Name of the software vendor | | `SoftwareName` | string | Name of the software product | | `SoftwareVersion` | string | Version number of the software product | -| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system | -| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape | +| `EndOfSupportStatus` | string | Indicates the lifecycle stage of the software product relative to its specified end-of-support (EOS) or end-of-life (EOL) date | +| `EndOfSupportDate` | string | End-of-support (EOS) or end-of-life (EOL) date of the software product | @@ -55,3 +58,4 @@ For information on other tables in the advanced hunting schema, see [the advance - [Learn the query language](advanced-hunting-query-language.md) - [Understand the schema](advanced-hunting-schema-reference.md) - [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) + diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilities-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilities-table.md new file mode 100644 index 0000000000..cf0f41c4c4 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilities-table.md @@ -0,0 +1,62 @@ +--- +title: DeviceTvmSoftwareVulnerabilities table in the advanced hunting schema +description: Learn about software vulnerabilities found on devices and the list of available security updates that address each vulnerability in the DeviceTvmSoftwareVulnerabilities table of the advanced hunting schema. +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: m365-security +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: maccruz +author: maccruz +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.technology: mde +--- + +# DeviceTvmSoftwareVulnerabilities + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) + +[!include[Prerelease information](../../includes/prerelease.md)] + +The `DeviceTvmSoftwareVulnerabilities` table in the advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) inventory of vulnerabilities found on devices and the list of available security updates that address each vulnerability. Use this reference to construct queries that return information from the table. + +>[!NOTE] +>The `DeviceTvmSoftwareInventory` and `DeviceTvmSoftwareVulnerabilities` tables have replaced the `DeviceTvmSoftwareInventoryVulnerabilities` table. Together, the first two tables include more columns you can use to help inform your vulnerability management activities. + +For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). + +| Column name | Data type | Description | +|-------------|-----------|-------------| +| `DeviceId` | string | Unique identifier for the device in the service | +| `DeviceName` | string | Fully qualified domain name (FQDN) of the device | +| `OSPlatform` | string | Platform of the operating system running on the device. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. | +| `OSVersion` | string | Version of the operating system running on the device | +| `OSArchitecture` | string | Architecture of the operating system running on the device | +| `SoftwareVendor` | string | Name of the software vendor | +| `SoftwareName` | string | Name of the software product | +| `SoftwareVersion` | string | Version number of the software product | +| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system | +| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape | +| `RecommendedSecurityUpdate` | string | Name or description of the security update provided by the software vendor to address the vulnerability | +| `RecommendedSecurityUpdateId` | string | Identifier of the applicable security updates or identifier for the corresponding guidance or knowledge base (KB) articles | + + + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)