From 839c03968ed7fdf1f193a69e1e61512f8d54be1b Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Tue, 19 May 2020 23:15:19 -0700 Subject: [PATCH] File renames --- .openpublishing.redirection.json | 22 +++- windows/security/threat-protection/TOC.md | 8 +- ...tvmsecureconfigurationassessment-table.md} | 106 ++++++++--------- ...msecureconfigurationassessmentkb-table.md} | 106 ++++++++--------- ...softwareinventoryvulnerabilities-table.md} | 112 +++++++++--------- ...vicetvmsoftwarevulnerabilitieskb-table.md} | 102 ++++++++-------- .../advanced-hunting-schema-reference.md | 8 +- 7 files changed, 242 insertions(+), 222 deletions(-) rename windows/security/threat-protection/microsoft-defender-atp/{advanced-hunting-tvm-configassessment-table.md => advanced-hunting-devicetvmsecureconfigurationassessment-table.md} (98%) rename windows/security/threat-protection/microsoft-defender-atp/{advanced-hunting-tvm-secureconfigkb-table.md => advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md} (98%) rename windows/security/threat-protection/microsoft-defender-atp/{advanced-hunting-tvm-softwareinventory-table.md => advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md} (98%) rename windows/security/threat-protection/microsoft-defender-atp/{advanced-hunting-tvm-softwarevulnerability-table.md => advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md} (98%) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index d58593922a..ece83b3f5c 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1009,7 +1009,27 @@ "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table", "redirect_document_id": true - }, +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table", +"redirect_document_id": true +}, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table", diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 345af22d10..c294c170b7 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -351,10 +351,10 @@ ##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md) ##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md) ##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md) -##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md) -##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md) -##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md) -##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md) +##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md) +##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md) +##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md) +##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md) #### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) ### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md similarity index 98% rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md index 7900a4dce4..d58f79d5f1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md @@ -1,53 +1,53 @@ ---- -title: DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema -description: Learn about Threat & Vulnerability Management security assessment events in the DeviceTvmSecureConfigurationAssessment table of the Advanced hunting schema. These events provide machine information as well as security configuration details, impact, and compliance information. -keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: dolmont -author: DulceMontemayor -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 11/12/2019 ---- - -# DeviceTvmSecureConfigurationAssessment - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) - -[!include[Prerelease information](../../includes/prerelease.md)] - -Each row in the `DeviceTvmSecureConfigurationAssessment` table contains an assessment event for a specific security configuration from [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). Use this reference to check the latest assessment results and determine whether devices are compliant. - -For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). - -| Column name | Data type | Description | -|-------------|-----------|-------------| -| `DeviceId` | string | Unique identifier for the machine in the service | -| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine | -| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.| -| `Timestamp` | datetime |Date and time when the record was generated | -| `ConfigurationId` | string | Unique identifier for a specific configuration | -| `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls | -| `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. | -| `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) | -| `IsCompliant` | boolean | Indicates whether the configuration or policy is properly configured | - - -## Related topics - -- [Advanced hunting overview](advanced-hunting-overview.md) -- [Learn the query language](advanced-hunting-query-language.md) -- [Understand the schema](advanced-hunting-schema-reference.md) -- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +--- +title: DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema +description: Learn about Threat & Vulnerability Management security assessment events in the DeviceTvmSecureConfigurationAssessment table of the Advanced hunting schema. These events provide machine information as well as security configuration details, impact, and compliance information. +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 11/12/2019 +--- + +# DeviceTvmSecureConfigurationAssessment + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Each row in the `DeviceTvmSecureConfigurationAssessment` table contains an assessment event for a specific security configuration from [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). Use this reference to check the latest assessment results and determine whether devices are compliant. + +For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). + +| Column name | Data type | Description | +|-------------|-----------|-------------| +| `DeviceId` | string | Unique identifier for the machine in the service | +| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine | +| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.| +| `Timestamp` | datetime |Date and time when the record was generated | +| `ConfigurationId` | string | Unique identifier for a specific configuration | +| `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls | +| `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. | +| `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) | +| `IsCompliant` | boolean | Indicates whether the configuration or policy is properly configured | + + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md similarity index 98% rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md index c5a3a9fbda..f30af239df 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md @@ -1,53 +1,53 @@ ---- -title: DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema -description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the Advanced hunting schema. -keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: dolmont -author: DulceMontemayor -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 11/12/2019 ---- - -# DeviceTvmSecureConfigurationAssessmentKB - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) - -[!include[Prerelease information](../../includes/prerelease.md)] - -The `DeviceTvmSecureConfigurationAssessmentKB` table in the advanced hunting schema contains information about the various secure configurations — such as whether a device has automatic updates on — checked by [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics. Use this reference to construct queries that return information from the table. - -For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). - -| Column name | Data type | Description | -|-------------|-----------|-------------| -| `ConfigurationId` | string | Unique identifier for a specific configuration | -| `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) | -| `ConfigurationName` | string | Display name of the configuration | -| `ConfigurationDescription` | string | Description of the configuration | -| `RiskDescription` | string | Description of the associated risk | -| `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls| -| `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. | -| `ConfigurationBenchmarks` | string | List of industry benchmarks recommending the same or similar configuration | -| `RelatedMitreTechniques` | string | List of Mitre ATT&CK framework techniques related to the configuration | -| `RelatedMitreTactics ` | string | List of Mitre ATT&CK framework tactics related to the configuration | - -## Related topics - -- [Advanced hunting overview](advanced-hunting-overview.md) -- [Learn the query language](advanced-hunting-query-language.md) -- [Understand the schema](advanced-hunting-schema-reference.md) -- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +--- +title: DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema +description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the Advanced hunting schema. +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 11/12/2019 +--- + +# DeviceTvmSecureConfigurationAssessmentKB + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) + +[!include[Prerelease information](../../includes/prerelease.md)] + +The `DeviceTvmSecureConfigurationAssessmentKB` table in the advanced hunting schema contains information about the various secure configurations — such as whether a device has automatic updates on — checked by [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics. Use this reference to construct queries that return information from the table. + +For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). + +| Column name | Data type | Description | +|-------------|-----------|-------------| +| `ConfigurationId` | string | Unique identifier for a specific configuration | +| `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) | +| `ConfigurationName` | string | Display name of the configuration | +| `ConfigurationDescription` | string | Description of the configuration | +| `RiskDescription` | string | Description of the associated risk | +| `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls| +| `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. | +| `ConfigurationBenchmarks` | string | List of industry benchmarks recommending the same or similar configuration | +| `RelatedMitreTechniques` | string | List of Mitre ATT&CK framework techniques related to the configuration | +| `RelatedMitreTactics ` | string | List of Mitre ATT&CK framework tactics related to the configuration | + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md similarity index 98% rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md index 0dcf6e3af5..384b79a65a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md @@ -1,56 +1,56 @@ ---- -title: DeviceTvmSoftwareInventoryVulnerabilities table in the advanced hunting schema -description: Learn about the inventory of software in your devices and their vulnerabilities in the DeviceTvmSoftwareInventoryVulnerabilities table of the advanced hunting schema. -keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: dolmont -author: DulceMontemayor -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 11/12/2019 ---- - -# DeviceTvmSoftwareInventoryVulnerabilities - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) - - -[!include[Prerelease information](../../includes/prerelease.md)] - -The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) inventory of software on your devices as well as any known vulnerabilities in these software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. Use this reference to construct queries that return information from the table. - -For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). - -| Column name | Data type | Description | -|-------------|-----------|-------------| -| `DeviceId` | string | Unique identifier for the machine in the service | -| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine | -| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. | -| `OSVersion` | string | Version of the operating system running on the machine | -| `OSArchitecture` | string | Architecture of the operating system running on the machine | -| `SoftwareVendor` | string | Name of the software vendor | -| `SoftwareName` | string | Name of the software product | -| `SoftwareVersion` | string | Version number of the software product | -| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system | -| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape | - - - -## Related topics - -- [Advanced hunting overview](advanced-hunting-overview.md) -- [Learn the query language](advanced-hunting-query-language.md) -- [Understand the schema](advanced-hunting-schema-reference.md) -- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +--- +title: DeviceTvmSoftwareInventoryVulnerabilities table in the advanced hunting schema +description: Learn about the inventory of software in your devices and their vulnerabilities in the DeviceTvmSoftwareInventoryVulnerabilities table of the advanced hunting schema. +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 11/12/2019 +--- + +# DeviceTvmSoftwareInventoryVulnerabilities + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) + + +[!include[Prerelease information](../../includes/prerelease.md)] + +The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) inventory of software on your devices as well as any known vulnerabilities in these software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. Use this reference to construct queries that return information from the table. + +For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). + +| Column name | Data type | Description | +|-------------|-----------|-------------| +| `DeviceId` | string | Unique identifier for the machine in the service | +| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine | +| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. | +| `OSVersion` | string | Version of the operating system running on the machine | +| `OSArchitecture` | string | Architecture of the operating system running on the machine | +| `SoftwareVendor` | string | Name of the software vendor | +| `SoftwareName` | string | Name of the software product | +| `SoftwareVersion` | string | Version number of the software product | +| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system | +| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape | + + + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md similarity index 98% rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md index 5af1cfe1f1..2ba11df0c9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md @@ -1,51 +1,51 @@ ---- -title: DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema -description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema. -keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: dolmont -author: DulceMontemayor -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 11/12/2019 ---- - -# DeviceTvmSoftwareVulnerabilitiesKB - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) - -[!include[Prerelease information](../../includes/prerelease.md)] - -The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table. - -For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). - -| Column name | Data type | Description | -|-------------|-----------|-------------| -| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system | -| `CvssScore` | string | Severity score assigned to the security vulnerability under th Common Vulnerability Scoring System (CVSS) | -| `IsExploitAvailable` | boolean | Indicates whether exploit code for the vulnerability is publicly available | -| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape | -| `LastModifiedTime` | datetime | Date and time the item or related metadata was last modified | -| `PublishedDate` | datetime | Date vulnerability was disclosed to public | -| `VulnerabilityDescription` | string | Description of vulnerability and associated risks | -| `AffectedSoftware` | string | List of all software products affected by the vulnerability | - -## Related topics - -- [Advanced hunting overview](advanced-hunting-overview.md) -- [Learn the query language](advanced-hunting-query-language.md) -- [Understand the schema](advanced-hunting-schema-reference.md) -- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +--- +title: DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema +description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema. +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 11/12/2019 +--- + +# DeviceTvmSoftwareVulnerabilitiesKB + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) + +[!include[Prerelease information](../../includes/prerelease.md)] + +The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table. + +For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). + +| Column name | Data type | Description | +|-------------|-----------|-------------| +| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system | +| `CvssScore` | string | Severity score assigned to the security vulnerability under th Common Vulnerability Scoring System (CVSS) | +| `IsExploitAvailable` | boolean | Indicates whether exploit code for the vulnerability is publicly available | +| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape | +| `LastModifiedTime` | datetime | Date and time the item or related metadata was last modified | +| `PublishedDate` | datetime | Date vulnerability was disclosed to public | +| `VulnerabilityDescription` | string | Description of vulnerability and associated risks | +| `AffectedSoftware` | string | List of all software products affected by the vulnerability | + +## Related topics + +- [Advanced hunting overview](advanced-hunting-overview.md) +- [Learn the query language](advanced-hunting-query-language.md) +- [Understand the schema](advanced-hunting-schema-reference.md) +- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index c371fcba4f..99bd62562e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -48,10 +48,10 @@ Table and column names are also listed within the Microsoft Defender Security Ce | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events | | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection | | **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints | -| **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-tvm-softwareinventory-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products | -| **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-tvm-softwarevulnerability-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available | -| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-tvm-configassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices | -| **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-tvm-secureconfigkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks | +| **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products | +| **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available | +| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices | +| **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks | ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md)