From 6447f49fbaeb83edf4848f52c37a0807c5e644e3 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Mon, 23 Apr 2018 21:48:53 +0000 Subject: [PATCH] Updated advanced-hunting-reference-windows-defender-advanced-threat-protection.md --- ...ing-reference-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index 1f122c4e75..6e3bca670d 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -97,7 +97,7 @@ Use the following table to understand what the columns represent, its data type, | RemoteUrl | string | URL or fully qualified domain name (FQDN) that was being connected to. | | ReportIndex | long | Event identifier that is unique among the same event type. | | SHA1 | string | SHA-1 of the file that the recorded action was applied to. | -| SHA256 | string | SHA-256 of the file that the recorded action was applied to. This field is usually not populated - please use the SHA-1 field when available. +| SHA256 | string | SHA-256 of the file that the recorded action was applied to. This field is usually not populated—use the SHA1 column when available. >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink)