From 4dcea5448fe2a7922a88ad4d59c9b26430cecf36 Mon Sep 17 00:00:00 2001 From: lomayor Date: Tue, 8 Oct 2019 17:59:54 -0700 Subject: [PATCH] AH-SEO --- .../advanced-hunting-alertevents-table.md | 12 ++++++------ .../advanced-hunting-best-practices.md | 8 ++++---- .../advanced-hunting-filecreationevents-table.md | 10 +++++----- .../advanced-hunting-imageloadevents-table.md | 10 +++++----- .../advanced-hunting-logonevents-table.md | 10 +++++----- .../advanced-hunting-machineinfo-table.md | 10 +++++----- .../advanced-hunting-machinenetworkinfo-table.md | 10 +++++----- .../advanced-hunting-miscevents-table.md | 12 ++++++------ ...anced-hunting-networkcommunicationevents-table.md | 10 +++++----- .../advanced-hunting-processcreationevents-table.md | 10 +++++----- .../advanced-hunting-reference.md | 6 +++--- .../advanced-hunting-registryevents-table.md | 10 +++++----- .../advanced-hunting-shared-queries.md | 8 ++++---- .../microsoft-defender-atp/advanced-hunting.md | 6 +++--- .../microsoft-defender-atp/overview-hunting.md | 5 +++-- 15 files changed, 69 insertions(+), 68 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md index 2904a8e60e..fa1d929b79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md @@ -1,21 +1,21 @@ --- -title: AlertEvents table in the advanced hunting schema -description: Learn about the AlertEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, alertevent +title: AlertEvents table in the Advanced hunting schema +description: Learn about alert generation events in the AlertEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, alertevents, alert, severity, category search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # AlertEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 5acedaa5f1..05e285ca16 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -1,7 +1,7 @@ --- -title: Advanced hunting best practices in Microsoft Defender ATP -description: Learn about Advanced hunting best practices such as what filters and keywords to use to effectively query data. -keywords: advanced hunting, best practices, keyword, filters, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, kusto +title: Query best practices for Advanced hunting +description: Learn how to construct fast, efficient, and error-free threat hunting queries when using Advanced hunting +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/25/2019 +ms.date: 10/08/2019 --- # Advanced hunting query best practices diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md index 04b9c39707..2d482ec3ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md @@ -1,21 +1,21 @@ --- title: FileCreationEvents table in the Advanced hunting schema -description: Learn about the FileCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, filecreationevents +description: Learn about file-related events in the FileCreationEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, filecreationevents, files, path, hash, sha1, sha256, md5 search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # FileCreationEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md index 6f682f0578..c9726c95ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md @@ -1,21 +1,21 @@ --- title: ImageLoadEvents table in the Advanced hunting schema -description: Learn about the ImageLoadEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, imageloadevents +description: Learn about DLL loading events in the ImageLoadEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, imageloadevents, DLL loading, library, file image search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # ImageLoadEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md index 0ef85d6027..795a3bb3f0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md @@ -1,21 +1,21 @@ --- title: LogonEvents table in the Advanced hunting schema -description: Learn about the LogonEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, logonevents +description: Learn about authentication or sign-in events in the LogonEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, logonevents, authentication, logon, sign in search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # LogonEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md index 5dd8272cc3..6ddae6ac6d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md @@ -1,21 +1,21 @@ --- title: MachineInfo table in the Advanced hunting schema -description: Learn about the MachineInfo table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machineinfo +description: Learn about OS, computer name, and other machine information in the MachineInfo table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, machineinfo, device, machine, OS, platform, users search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # MachineInfo diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md index 6ed1b6e9b3..e9a9f9f1b8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md @@ -1,21 +1,21 @@ --- title: MachineNetworkInfo table in the Advanced hunting schema -description: Learn about the MachineNetworkInfo table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machinenetworkinfo +description: Learn about network configuration information in the MachineNetworkInfo table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, machinenetworkinfo, device, machine, mac, ip, adapter, dns, dhcp, gateway, tunnel search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # MachineNetworkInfo diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md index 6a3f93d80f..e26dbbdf0e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md @@ -1,21 +1,21 @@ --- title: MiscEvents table in the advanced hunting schema -description: Learn about the MiscEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, miscEvents +description: Learn about antivirus, firewall, and other event types in the miscellaneous events (MiscEvents) table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, security events, antivirus, firewall, exploit guard search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # MiscEvents @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The MiscEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. +The miscellaneous events or MiscEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md index b1f12de327..9d2c7a81f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md @@ -1,21 +1,21 @@ --- title: NetworkCommunicationEvents table in the Advanced hunting schema -description: Learn about the NetworkCommunicationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, networkcommunicationevents +description: Learn about network connection events you can query from the NetworkCommunicationEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, networkcommunicationevents, network connection, remote ip, local ip search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # NetworkCommunicationEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md index 84aeeafcd5..6c25801d28 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md @@ -1,21 +1,21 @@ --- title: ProcessCreationEvents table in the Advanced hunting schema -description: Learn about the ProcessCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, processcreationevents +description: Learn about the process spawning or creation events in the ProcessCreationEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, processcreationevents, process id, command line search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # ProcessCreationEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md index 88124e8c37..d5c8fe8da7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md @@ -1,7 +1,7 @@ --- title: Advanced hunting schema reference -description: Learn about the tables in the advanced hunting schema -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description +description: Learn about the tables in the Advanced hunting schema to understand the data you can run threat hunting queries on +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, data search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/25/2019 +ms.date: 10/08/2019 --- # Understand the Advanced hunting schema diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md index b5150e366e..ab9f9fce88 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md @@ -1,21 +1,21 @@ --- title: RegistryEvents table in the Advanced hunting schema -description: Learn about the RegistryEvents table in the Advanced hunting schema, such as column names, data types, and descriptions -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, registryevents +description: Learn about registry events you can query from the RegistryEvents table of the Advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, registryevents, registry, key, subkey, value search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: v-maave -author: martyav +ms.author: lomayor +author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 07/24/2019 +ms.date: 10/08/2019 --- # RegistryEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index a7f66ba422..a41f6cefcc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -1,7 +1,7 @@ --- -title: Use shared queries in advanced hunting -description: Take advantage of shared advanced hunting queries. Share your queries to the public or to your organization. -keywords: advanced hunting, atp query, query atp data, atp telemetry, events, events telemetry, kusto, github repo +title: Use shared queries in Advanced hunting +description: Start threat hunting immediately with predefined and shared queries. Share your queries to the public or to your organization. +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto, github repo, my queries, shared queries search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/25/2019 +ms.date: 10/08/2019 --- # Use shared queries in Advanced hunting diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md index 6ef8ce1994..863f35da47 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md @@ -1,7 +1,7 @@ --- title: Learn the Advanced hunting query language -description: Get an overview of the common operators and other aspects of the Advanced hunting query language you can use to formulate queries -keywords: advanced hunting, atp query, query atp data, atp telemetry, events, events telemetry, kusto +description: Create your first threat hunting query and learn about common operators and other aspects of the Advanced hunting query language +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, language, learn, first query, telemetry, events, telemetry, custom detections, schema, kusto, operators, data types search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/25/2019 +ms.date: 10/08/2019 --- # Learn the Advanced hunting query language diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md index ab47dc3981..e9d04dbc05 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md @@ -1,7 +1,7 @@ --- title: Overview of Advanced hunting -description: Hunt for possible threats across your organization using a powerful search and query tool -keywords: advanced hunting, hunting, search, query, tool, telemetry, custom detection, schema, kusto +description: Use threat hunting capabilities in Microsoft Defender ATP to build queries that find threats and weaknesses in your network +keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,6 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article +ms.date: 10/08/2019 --- # Proactively hunt for threats with Advanced hunting