AH-SEO

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md

@@ -1,21 +1,21 @@
 ---
-title: AlertEvents table in the advanced hunting schema
+title: AlertEvents table in the Advanced hunting schema
-description: Learn about the AlertEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
+description: Learn about alert generation events in the AlertEvents table of the Advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, alertevent
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, alertevents, alert, severity, category
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-maave
+ms.author: lomayor
-author: martyav
+author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
 ---
 
 # AlertEvents

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md

@@ -1,7 +1,7 @@
 ---
-title: Advanced hunting best practices in Microsoft Defender ATP
+title: Query best practices for Advanced hunting
-description: Learn about Advanced hunting best practices such as what filters and keywords to use to effectively query data.
+description: Learn how to construct fast, efficient, and error-free threat hunting queries when using Advanced hunting
-keywords: advanced hunting, best practices, keyword, filters, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, kusto
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto, avoid timeout, command lines, process id
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 09/25/2019
+ms.date: 10/08/2019
 ---
 
 # Advanced hunting query best practices

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md

@@ -1,21 +1,21 @@
 ---
 title: FileCreationEvents table in the Advanced hunting schema 
-description: Learn about the FileCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
+description: Learn about file-related events in the FileCreationEvents table of the Advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, filecreationevents
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, filecreationevents, files, path, hash, sha1, sha256, md5
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-maave
+ms.author: lomayor
-author: martyav
+author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
 ---
 
 # FileCreationEvents

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md

@@ -1,21 +1,21 @@
 ---
 title: ImageLoadEvents table in the Advanced hunting schema
-description: Learn about the ImageLoadEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
+description: Learn about DLL loading events in the ImageLoadEvents table of the Advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, imageloadevents
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, imageloadevents, DLL loading, library, file image
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-maave
+ms.author: lomayor
-author: martyav
+author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
 ---
 
 # ImageLoadEvents

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md

@@ -1,21 +1,21 @@
 ---
 title: LogonEvents table in the Advanced hunting schema
-description: Learn about the LogonEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
+description: Learn about authentication or sign-in events in the LogonEvents table of the Advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, logonevents
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, logonevents, authentication, logon, sign in
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-maave
+ms.author: lomayor
-author: martyav
+author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
 ---
 
 # LogonEvents

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md

@@ -1,21 +1,21 @@
 ---
 title: MachineInfo table in the Advanced hunting schema
-description: Learn about the MachineInfo table in the Advanced hunting schema, such as column names, data types, and descriptions
+description: Learn about OS, computer name, and other machine information in the MachineInfo table of the Advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machineinfo
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, machineinfo, device, machine, OS, platform, users
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-maave
+ms.author: lomayor
-author: martyav
+author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
 ---
 
 # MachineInfo

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md

@@ -1,21 +1,21 @@
 ---
 title: MachineNetworkInfo table in the Advanced hunting schema
-description: Learn about the MachineNetworkInfo table in the Advanced hunting schema, such as column names, data types, and descriptions
+description: Learn about network configuration information in the MachineNetworkInfo table of the Advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machinenetworkinfo
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, machinenetworkinfo, device, machine, mac, ip, adapter, dns, dhcp, gateway, tunnel
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-maave
+ms.author: lomayor
-author: martyav
+author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
 ---
 
 # MachineNetworkInfo

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md

@@ -1,21 +1,21 @@
 ---
 title: MiscEvents table in the advanced hunting schema
-description: Learn about the MiscEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
+description: Learn about antivirus, firewall, and other event types in the miscellaneous events (MiscEvents) table of the Advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, miscEvents
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, security events, antivirus, firewall, exploit guard
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-maave
+ms.author: lomayor
-author: martyav
+author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
 ---
 
 # MiscEvents
@@ -26,7 +26,7 @@ ms.date: 07/24/2019
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
-The MiscEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.
+The miscellaneous events or MiscEvents table in the [Advanced hunting](overview-hunting.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.
 
 For information on other tables in the Advanced hunting schema, see [the Advanced hunting schema reference](advanced-hunting-reference.md).
 

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md

@@ -1,21 +1,21 @@
 ---
 title: NetworkCommunicationEvents table in the Advanced hunting schema
-description: Learn about the NetworkCommunicationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
+description: Learn about network connection events you can query from the NetworkCommunicationEvents table of the Advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, networkcommunicationevents
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, networkcommunicationevents, network connection, remote ip, local ip
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-maave
+ms.author: lomayor
-author: martyav
+author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
 ---
 
 # NetworkCommunicationEvents

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md

@@ -1,21 +1,21 @@
 ---
 title: ProcessCreationEvents table in the Advanced hunting schema
-description: Learn about the ProcessCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
+description: Learn about the process spawning or creation events in the ProcessCreationEvents table of the Advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, processcreationevents
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, processcreationevents, process id, command line
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-maave
+ms.author: lomayor
-author: martyav
+author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
 ---
 
 # ProcessCreationEvents

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Advanced hunting schema reference
-description: Learn about the tables in the advanced hunting schema
+description: Learn about the tables in the Advanced hunting schema to understand the data you can run threat hunting queries on 
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, data
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 09/25/2019
+ms.date: 10/08/2019
 ---
 
 # Understand the Advanced hunting schema

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md

@@ -1,21 +1,21 @@
 ---
 title: RegistryEvents table in the Advanced hunting schema
-description: Learn about the RegistryEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
+description: Learn about registry events you can query from the RegistryEvents table of the Advanced hunting schema
-keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, registryevents
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, registryevents, registry, key, subkey, value
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: v-maave
+ms.author: lomayor
-author: martyav
+author: lomayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 07/24/2019
+ms.date: 10/08/2019
 ---
 
 # RegistryEvents

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md

@@ -1,7 +1,7 @@
 ---
-title: Use shared queries in advanced hunting
+title: Use shared queries in Advanced hunting
-description: Take advantage of shared advanced hunting queries. Share your queries to the public or to your organization.
+description: Start threat hunting immediately with predefined and shared queries. Share your queries to the public or to your organization.
-keywords: advanced hunting, atp query, query atp data, atp telemetry, events, events telemetry, kusto, github repo
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto, github repo, my queries, shared queries
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 09/25/2019
+ms.date: 10/08/2019
 ---
 
 # Use shared queries in Advanced hunting

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md

@@ -1,7 +1,7 @@
 ---
 title: Learn the Advanced hunting query language
-description: Get an overview of the common operators and other aspects of the Advanced hunting query language you can use to formulate queries
+description: Create your first threat hunting query and learn about common operators and other aspects of the Advanced hunting query language
-keywords: advanced hunting, atp query, query atp data, atp telemetry, events, events telemetry, kusto
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, language, learn, first query, telemetry, events, telemetry, custom detections, schema, kusto, operators, data types
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 09/25/2019
+ms.date: 10/08/2019
 ---
 
 # Learn the Advanced hunting query language

windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md

@@ -1,7 +1,7 @@
 ---
 title: Overview of Advanced hunting
-description: Hunt for possible threats across your organization using a powerful search and query tool
+description: Use threat hunting capabilities in Microsoft Defender ATP to build queries that find threats and weaknesses in your network
-keywords: advanced hunting, hunting, search, query, tool, telemetry, custom detection, schema, kusto
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, custom detections, schema, kusto
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -15,6 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
+ms.date: 10/08/2019
 ---
 
 # Proactively hunt for threats with Advanced hunting