deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 15:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #2813 from MicrosoftDocs/lomayor-mdatpah-tvmfilenames

Browse Source 
TVM file renames
This commit is contained in:
Louie Mayor 2020-05-19 23:30:49 -07:00 committed by GitHub
commit 68814ac939
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 242 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.openpublishing.redirection.json
View File

@ -1009,7 +1009,27 @@
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md", "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table",
"redirect_document_id": true "redirect_document_id": true
}, },
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table",
"redirect_document_id": true
},
{ {
"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md", "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table",

8
windows/security/threat-protection/TOC.md
View File

@ -351,10 +351,10 @@
##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md) ##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md) ##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md) ##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md) ##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)
##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md) ##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)
##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md) ##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md)
##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md) ##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)
#### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) #### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md) ### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)

106
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md → windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
View File

@ -1,53 +1,53 @@
--- ---
title: DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema title: DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema
description: Learn about Threat & Vulnerability Management security assessment events in the DeviceTvmSecureConfigurationAssessment table of the Advanced hunting schema. These events provide machine information as well as security configuration details, impact, and compliance information. description: Learn about Threat & Vulnerability Management security assessment events in the DeviceTvmSecureConfigurationAssessment table of the Advanced hunting schema. These events provide machine information as well as security configuration details, impact, and compliance information.
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.author: dolmont ms.author: dolmont
author: DulceMontemayor author: DulceMontemayor
ms.localizationpriority: medium ms.localizationpriority: medium
manager: dansimp manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 11/12/2019 ms.date: 11/12/2019
--- ---
# DeviceTvmSecureConfigurationAssessment # DeviceTvmSecureConfigurationAssessment
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
Each row in the `DeviceTvmSecureConfigurationAssessment` table contains an assessment event for a specific security configuration from [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). Use this reference to check the latest assessment results and determine whether devices are compliant. Each row in the `DeviceTvmSecureConfigurationAssessment` table contains an assessment event for a specific security configuration from [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). Use this reference to check the latest assessment results and determine whether devices are compliant.
For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
| `DeviceId` | string | Unique identifier for the machine in the service | | `DeviceId` | string | Unique identifier for the machine in the service |
| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine | | `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.| | `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.|
| `Timestamp` | datetime |Date and time when the record was generated | | `Timestamp` | datetime |Date and time when the record was generated |
| `ConfigurationId` | string | Unique identifier for a specific configuration | | `ConfigurationId` | string | Unique identifier for a specific configuration |
| `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls | | `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls |
| `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. | | `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
| `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) | | `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) |
| `IsCompliant` | boolean | Indicates whether the configuration or policy is properly configured | | `IsCompliant` | boolean | Indicates whether the configuration or policy is properly configured |
## Related topics ## Related topics
- [Advanced hunting overview](advanced-hunting-overview.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting-query-language.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-schema-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)
- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)

106
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md → windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
View File

@ -1,53 +1,53 @@
--- ---
title: DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema title: DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema
description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the Advanced hunting schema. description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the Advanced hunting schema.
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.author: dolmont ms.author: dolmont
author: DulceMontemayor author: DulceMontemayor
ms.localizationpriority: medium ms.localizationpriority: medium
manager: dansimp manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 11/12/2019 ms.date: 11/12/2019
--- ---
# DeviceTvmSecureConfigurationAssessmentKB # DeviceTvmSecureConfigurationAssessmentKB
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
The `DeviceTvmSecureConfigurationAssessmentKB` table in the advanced hunting schema contains information about the various secure configurations — such as whether a device has automatic updates on — checked by [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics. Use this reference to construct queries that return information from the table. The `DeviceTvmSecureConfigurationAssessmentKB` table in the advanced hunting schema contains information about the various secure configurations — such as whether a device has automatic updates on — checked by [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
| `ConfigurationId` | string | Unique identifier for a specific configuration | | `ConfigurationId` | string | Unique identifier for a specific configuration |
| `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) | | `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) |
| `ConfigurationName` | string | Display name of the configuration | | `ConfigurationName` | string | Display name of the configuration |
| `ConfigurationDescription` | string | Description of the configuration | | `ConfigurationDescription` | string | Description of the configuration |
| `RiskDescription` | string | Description of the associated risk | | `RiskDescription` | string | Description of the associated risk |
| `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls| | `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls|
| `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. | | `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
| `ConfigurationBenchmarks` | string | List of industry benchmarks recommending the same or similar configuration | | `ConfigurationBenchmarks` | string | List of industry benchmarks recommending the same or similar configuration |
| `RelatedMitreTechniques` | string | List of Mitre ATT&CK framework techniques related to the configuration | | `RelatedMitreTechniques` | string | List of Mitre ATT&CK framework techniques related to the configuration |
| `RelatedMitreTactics ` | string | List of Mitre ATT&CK framework tactics related to the configuration | | `RelatedMitreTactics ` | string | List of Mitre ATT&CK framework tactics related to the configuration |
## Related topics ## Related topics
- [Advanced hunting overview](advanced-hunting-overview.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting-query-language.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-schema-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)
- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)

112
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md → windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
View File

@ -1,56 +1,56 @@
--- ---
title: DeviceTvmSoftwareInventoryVulnerabilities table in the advanced hunting schema title: DeviceTvmSoftwareInventoryVulnerabilities table in the advanced hunting schema
description: Learn about the inventory of software in your devices and their vulnerabilities in the DeviceTvmSoftwareInventoryVulnerabilities table of the advanced hunting schema. description: Learn about the inventory of software in your devices and their vulnerabilities in the DeviceTvmSoftwareInventoryVulnerabilities table of the advanced hunting schema.
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.author: dolmont ms.author: dolmont
author: DulceMontemayor author: DulceMontemayor
ms.localizationpriority: medium ms.localizationpriority: medium
manager: dansimp manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 11/12/2019 ms.date: 11/12/2019
--- ---
# DeviceTvmSoftwareInventoryVulnerabilities # DeviceTvmSoftwareInventoryVulnerabilities
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) inventory of software on your devices as well as any known vulnerabilities in these software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. Use this reference to construct queries that return information from the table. The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) inventory of software on your devices as well as any known vulnerabilities in these software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
| `DeviceId` | string | Unique identifier for the machine in the service | | `DeviceId` | string | Unique identifier for the machine in the service |
| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine | | `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. | | `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. |
| `OSVersion` | string | Version of the operating system running on the machine | | `OSVersion` | string | Version of the operating system running on the machine |
| `OSArchitecture` | string | Architecture of the operating system running on the machine | | `OSArchitecture` | string | Architecture of the operating system running on the machine |
| `SoftwareVendor` | string | Name of the software vendor | | `SoftwareVendor` | string | Name of the software vendor |
| `SoftwareName` | string | Name of the software product | | `SoftwareName` | string | Name of the software product |
| `SoftwareVersion` | string | Version number of the software product | | `SoftwareVersion` | string | Version number of the software product |
| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system | | `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape | | `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
## Related topics ## Related topics
- [Advanced hunting overview](advanced-hunting-overview.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting-query-language.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-schema-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)
- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)

102
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md → windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
View File

@ -1,51 +1,51 @@
--- ---
title: DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema title: DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema
description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema. description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema.
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.author: dolmont ms.author: dolmont
author: DulceMontemayor author: DulceMontemayor
ms.localizationpriority: medium ms.localizationpriority: medium
manager: dansimp manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 11/12/2019 ms.date: 11/12/2019
--- ---
# DeviceTvmSoftwareVulnerabilitiesKB # DeviceTvmSoftwareVulnerabilitiesKB
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)] [!include[Prerelease information](../../includes/prerelease.md)]
The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table. The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
| Column name | Data type | Description | | Column name | Data type | Description |
|-------------|-----------|-------------| |-------------|-----------|-------------|
| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system | | `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
| `CvssScore` | string | Severity score assigned to the security vulnerability under th Common Vulnerability Scoring System (CVSS) | | `CvssScore` | string | Severity score assigned to the security vulnerability under th Common Vulnerability Scoring System (CVSS) |
| `IsExploitAvailable` | boolean | Indicates whether exploit code for the vulnerability is publicly available | | `IsExploitAvailable` | boolean | Indicates whether exploit code for the vulnerability is publicly available |
| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape | | `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
| `LastModifiedTime` | datetime | Date and time the item or related metadata was last modified | | `LastModifiedTime` | datetime | Date and time the item or related metadata was last modified |
| `PublishedDate` | datetime | Date vulnerability was disclosed to public | | `PublishedDate` | datetime | Date vulnerability was disclosed to public |
| `VulnerabilityDescription` | string | Description of vulnerability and associated risks | | `VulnerabilityDescription` | string | Description of vulnerability and associated risks |
| `AffectedSoftware` | string | List of all software products affected by the vulnerability | | `AffectedSoftware` | string | List of all software products affected by the vulnerability |
## Related topics ## Related topics
- [Advanced hunting overview](advanced-hunting-overview.md) - [Advanced hunting overview](advanced-hunting-overview.md)
- [Learn the query language](advanced-hunting-query-language.md) - [Learn the query language](advanced-hunting-query-language.md)
- [Understand the schema](advanced-hunting-schema-reference.md) - [Understand the schema](advanced-hunting-schema-reference.md)
- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)

8
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
View File

@ -48,10 +48,10 @@ Table and column names are also listed within the Microsoft Defender Security Ce
| **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events | | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events |
| **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection | | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection |
| **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints | | **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints |
| **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-tvm-softwareinventory-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products | | **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products |
| **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-tvm-softwarevulnerability-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available | | **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available |
| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-tvm-configassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices | | **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices |
| **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-tvm-secureconfigkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks | | **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks |
## Related topics ## Related topics
- [Advanced hunting overview](advanced-hunting-overview.md) - [Advanced hunting overview](advanced-hunting-overview.md)