Merge pull request #2815 from MicrosoftDocs/master

Threat simulator

.openpublishing.redirection.json

@@ -1009,7 +1009,27 @@
 "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table",
 "redirect_document_id": true
-    },
+},
+{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table",
+"redirect_document_id": true
+},
+{
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table",
+"redirect_document_id": true
+},
 {
 "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table",

windows/security/threat-protection/TOC.md

@@ -351,10 +351,10 @@
 ##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
 ##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
 ##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
-##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md)
+##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)
-##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md)
+##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)
-##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
+##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md)
-##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
+##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)
 #### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
 
 ### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)

windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md

@@ -22,30 +22,34 @@ ms.topic: article
 
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-
 ## API description
+
 Adds or remove tag to a specific [Machine](machine.md).
 
-
 ## Limitations
+
 1. You can post on machines last seen in the past 30 days.
+
 2. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 
 
 ## Permissions
+
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
 
-Permission type |	Permission	|	Permission display name
+Permission type |    Permission    |    Permission display name
 :---|:---|:---
-Application |	Machine.ReadWrite.All |	'Read and write all machine information'
+Application |    Machine.ReadWrite.All |    'Read and write all machine information'
 Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine information'
 
 >[!Note]
 > When obtaining a token using user credentials:
->- The user needs to have at least the following role permission: 'Manage security setting' (See [Create and manage roles](user-roles.md) for more information)
+>
+>- The user needs to have at least the following role permission: 'Manage security setting'. For more  (See [Create and manage roles](user-roles.md) for more information)
 >- User needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups.md) for more information)
 
 ## HTTP request
+
 ```
 POST https://api.securitycenter.windows.com/api/machines/{id}/tags
 ```
@@ -58,17 +62,18 @@ Authorization | String | Bearer {token}. **Required**.
 Content-Type | string | application/json. **Required**.
 
 ## Request body
+
 In the request body, supply a JSON object with the following parameters:
 
-Parameter |	Type	| Description
+Parameter |    Type    | Description
 :---|:---|:---
-Value |	String |	The tag name. **Required**.
+Value |    String |    The tag name. **Required**.
-Action	| Enum |	Add or Remove. Allowed values are: 'Add' or 'Remove'. **Required**.
+Action    | Enum |    Add or Remove. Allowed values are: 'Add' or 'Remove'. **Required**.
 
 
 ## Response
-If successful, this method returns 200 - Ok response code and the updated Machine in the response body.
 
+If successful, this method returns 200 - Ok response code and the updated Machine in the response body.
 
 ## Example
 

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md

@@ -1,53 +1,53 @@
----
+---
-title: DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema
+title: DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema
-description: Learn about Threat & Vulnerability Management security assessment events in the DeviceTvmSecureConfigurationAssessment table of the Advanced hunting schema. These events provide machine information as well as security configuration details, impact, and compliance information. 
+description: Learn about Threat & Vulnerability Management security assessment events in the DeviceTvmSecureConfigurationAssessment table of the Advanced hunting schema. These events provide machine information as well as security configuration details, impact, and compliance information. 
-keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment  
+keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, DeviceTvmSecureConfigurationAssessment  
-search.product: eADQiWindows 10XVcnh
+search.product: eADQiWindows 10XVcnh
-search.appverid: met150
+search.appverid: met150
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: deploy
+ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.sitesec: library
-ms.pagetype: security
+ms.pagetype: security
-ms.author: dolmont
+ms.author: dolmont
-author: DulceMontemayor
+author: DulceMontemayor
-ms.localizationpriority: medium
+ms.localizationpriority: medium
-manager: dansimp
+manager: dansimp
-audience: ITPro
+audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance 
-ms.topic: article
+ms.topic: article
-ms.date: 11/12/2019
+ms.date: 11/12/2019
----
+---
-
+
-# DeviceTvmSecureConfigurationAssessment 
+# DeviceTvmSecureConfigurationAssessment 
-
+
-**Applies to:**
+**Applies to:**
-
+
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
+
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-
+
-[!include[Prerelease information](../../includes/prerelease.md)]
+[!include[Prerelease information](../../includes/prerelease.md)]
-
+
-Each row in the `DeviceTvmSecureConfigurationAssessment` table contains an assessment event for a specific security configuration from [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). Use this reference to check the latest assessment results and determine whether devices are compliant.
+Each row in the `DeviceTvmSecureConfigurationAssessment` table contains an assessment event for a specific security configuration from [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). Use this reference to check the latest assessment results and determine whether devices are compliant.
-
+
-For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
+For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
-
+
-| Column name | Data type | Description |
+| Column name | Data type | Description |
-|-------------|-----------|-------------|
+|-------------|-----------|-------------|
-| `DeviceId` | string | Unique identifier for the machine in the service |
+| `DeviceId` | string | Unique identifier for the machine in the service |
-| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
+| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
-| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.|
+| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.|
-| `Timestamp` | datetime |Date and time when the record was generated |
+| `Timestamp` | datetime |Date and time when the record was generated |
-| `ConfigurationId` | string | Unique identifier for a specific configuration |
+| `ConfigurationId` | string | Unique identifier for a specific configuration |
-| `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls |
+| `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls |
-| `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
+| `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
-| `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) |
+| `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) |
-| `IsCompliant` | boolean | Indicates whether the configuration or policy is properly configured |
+| `IsCompliant` | boolean | Indicates whether the configuration or policy is properly configured |
-
+
-
+
-## Related topics
+## Related topics
-
+
-- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
-- [Learn the query language](advanced-hunting-query-language.md)
+- [Learn the query language](advanced-hunting-query-language.md)
-- [Understand the schema](advanced-hunting-schema-reference.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
-- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md

@@ -1,53 +1,53 @@
----
+---
-title: DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema
+title: DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema
-description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the Advanced hunting schema. 
+description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the Advanced hunting schema. 
-keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB
+keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB
-search.product: eADQiWindows 10XVcnh
+search.product: eADQiWindows 10XVcnh
-search.appverid: met150
+search.appverid: met150
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: deploy
+ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.sitesec: library
-ms.pagetype: security
+ms.pagetype: security
-ms.author: dolmont
+ms.author: dolmont
-author: DulceMontemayor
+author: DulceMontemayor
-ms.localizationpriority: medium
+ms.localizationpriority: medium
-manager: dansimp
+manager: dansimp
-audience: ITPro
+audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance 
-ms.topic: article
+ms.topic: article
-ms.date: 11/12/2019
+ms.date: 11/12/2019
----
+---
-
+
-# DeviceTvmSecureConfigurationAssessmentKB
+# DeviceTvmSecureConfigurationAssessmentKB
-
+
-**Applies to:**
+**Applies to:**
-
+
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
+
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-
+
-[!include[Prerelease information](../../includes/prerelease.md)]
+[!include[Prerelease information](../../includes/prerelease.md)]
-
+
-The `DeviceTvmSecureConfigurationAssessmentKB` table in the advanced hunting schema contains information about the various secure configurations — such as whether a device has automatic updates on — checked by [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics. Use this reference to construct queries that return information from the table.
+The `DeviceTvmSecureConfigurationAssessmentKB` table in the advanced hunting schema contains information about the various secure configurations — such as whether a device has automatic updates on — checked by [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md). It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics. Use this reference to construct queries that return information from the table.
-
+
-For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
+For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
-
+
-| Column name | Data type | Description |
+| Column name | Data type | Description |
-|-------------|-----------|-------------|
+|-------------|-----------|-------------|
-| `ConfigurationId` | string | Unique identifier for a specific configuration |
+| `ConfigurationId` | string | Unique identifier for a specific configuration |
-| `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) |
+| `ConfigurationImpact` | string | Rated impact of the configuration to the overall configuration score (1-10) |
-| `ConfigurationName` | string | Display name of the configuration |
+| `ConfigurationName` | string | Display name of the configuration |
-| `ConfigurationDescription` | string | Description of the configuration |
+| `ConfigurationDescription` | string | Description of the configuration |
-| `RiskDescription` | string | Description of the associated risk |
+| `RiskDescription` | string | Description of the associated risk |
-| `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls|
+| `ConfigurationCategory` | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls|
-| `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
+| `ConfigurationSubcategory` | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
-| `ConfigurationBenchmarks` | string | List of industry benchmarks recommending the same or similar configuration |
+| `ConfigurationBenchmarks` | string | List of industry benchmarks recommending the same or similar configuration |
-| `RelatedMitreTechniques` | string | List of Mitre ATT&CK framework techniques related to the configuration |
+| `RelatedMitreTechniques` | string | List of Mitre ATT&CK framework techniques related to the configuration |
-| `RelatedMitreTactics ` | string | List of Mitre ATT&CK framework tactics related to the configuration |
+| `RelatedMitreTactics ` | string | List of Mitre ATT&CK framework tactics related to the configuration |
-
+
-## Related topics
+## Related topics
-
+
-- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
-- [Learn the query language](advanced-hunting-query-language.md)
+- [Learn the query language](advanced-hunting-query-language.md)
-- [Understand the schema](advanced-hunting-schema-reference.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
-- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md

@@ -1,56 +1,56 @@
----
+---
-title: DeviceTvmSoftwareInventoryVulnerabilities table in the advanced hunting schema
+title: DeviceTvmSoftwareInventoryVulnerabilities table in the advanced hunting schema
-description: Learn about the inventory of software in your devices and their vulnerabilities in the DeviceTvmSoftwareInventoryVulnerabilities table of the advanced hunting schema.
+description: Learn about the inventory of software in your devices and their vulnerabilities in the DeviceTvmSoftwareInventoryVulnerabilities table of the advanced hunting schema.
-keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities
+keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities
-search.product: eADQiWindows 10XVcnh
+search.product: eADQiWindows 10XVcnh
-search.appverid: met150
+search.appverid: met150
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: deploy
+ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.sitesec: library
-ms.pagetype: security
+ms.pagetype: security
-ms.author: dolmont
+ms.author: dolmont
-author: DulceMontemayor
+author: DulceMontemayor
-ms.localizationpriority: medium
+ms.localizationpriority: medium
-manager: dansimp
+manager: dansimp
-audience: ITPro
+audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance 
-ms.topic: article
+ms.topic: article
-ms.date: 11/12/2019
+ms.date: 11/12/2019
----
+---
-
+
-# DeviceTvmSoftwareInventoryVulnerabilities
+# DeviceTvmSoftwareInventoryVulnerabilities
-
+
-**Applies to:**
+**Applies to:**
-
+
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
+
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-
+
-
+
-[!include[Prerelease information](../../includes/prerelease.md)]
+[!include[Prerelease information](../../includes/prerelease.md)]
-
+
-The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) inventory of software on your devices as well as any known vulnerabilities in these software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. Use this reference to construct queries that return information from the table.
+The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) inventory of software on your devices as well as any known vulnerabilities in these software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. Use this reference to construct queries that return information from the table.
-
+
-For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
+For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
-
+
-| Column name | Data type | Description |
+| Column name | Data type | Description |
-|-------------|-----------|-------------|
+|-------------|-----------|-------------|
-| `DeviceId` | string | Unique identifier for the machine in the service |
+| `DeviceId` | string | Unique identifier for the machine in the service |
-| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
+| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
-| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. |
+| `OSPlatform` | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. |
-| `OSVersion` | string | Version of the operating system running on the machine |
+| `OSVersion` | string | Version of the operating system running on the machine |
-| `OSArchitecture` | string | Architecture of the operating system running on the machine |
+| `OSArchitecture` | string | Architecture of the operating system running on the machine |
-| `SoftwareVendor` | string | Name of the software vendor |
+| `SoftwareVendor` | string | Name of the software vendor |
-| `SoftwareName` | string | Name of the software product |
+| `SoftwareName` | string | Name of the software product |
-| `SoftwareVersion` | string | Version number of the software product |
+| `SoftwareVersion` | string | Version number of the software product |
-| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
+| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
-| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
+| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
-
+
-
+
-
+
-## Related topics
+## Related topics
-
+
-- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
-- [Learn the query language](advanced-hunting-query-language.md)
+- [Learn the query language](advanced-hunting-query-language.md)
-- [Understand the schema](advanced-hunting-schema-reference.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
-- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md

@@ -1,51 +1,51 @@
----
+---
-title: DeviceTvmSoftwareVulnerabilitiesKB  table in the advanced hunting schema
+title: DeviceTvmSoftwareVulnerabilitiesKB  table in the advanced hunting schema
-description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema. 
+description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema. 
-keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB 
+keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB 
-search.product: eADQiWindows 10XVcnh
+search.product: eADQiWindows 10XVcnh
-search.appverid: met150
+search.appverid: met150
-ms.prod: w10
+ms.prod: w10
-ms.mktglfcycl: deploy
+ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.sitesec: library
-ms.pagetype: security
+ms.pagetype: security
-ms.author: dolmont
+ms.author: dolmont
-author: DulceMontemayor
+author: DulceMontemayor
-ms.localizationpriority: medium
+ms.localizationpriority: medium
-manager: dansimp
+manager: dansimp
-audience: ITPro
+audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance 
-ms.topic: article
+ms.topic: article
-ms.date: 11/12/2019
+ms.date: 11/12/2019
----
+---
-
+
-# DeviceTvmSoftwareVulnerabilitiesKB 
+# DeviceTvmSoftwareVulnerabilitiesKB 
-
+
-**Applies to:**
+**Applies to:**
-
+
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
+
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
-
+
-[!include[Prerelease information](../../includes/prerelease.md)]
+[!include[Prerelease information](../../includes/prerelease.md)]
-
+
-The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table.
+The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table.
-
+
-For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
+For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).
-
+
-| Column name | Data type | Description |
+| Column name | Data type | Description |
-|-------------|-----------|-------------|
+|-------------|-----------|-------------|
-| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
+| `CveId` | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
-| `CvssScore` | string | Severity score assigned to the security vulnerability under th Common Vulnerability Scoring System (CVSS) |
+| `CvssScore` | string | Severity score assigned to the security vulnerability under th Common Vulnerability Scoring System (CVSS) |
-| `IsExploitAvailable` | boolean | Indicates whether exploit code for the vulnerability is publicly available |
+| `IsExploitAvailable` | boolean | Indicates whether exploit code for the vulnerability is publicly available |
-| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
+| `VulnerabilitySeverityLevel` | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
-| `LastModifiedTime` | datetime | Date and time the item or related metadata was last modified |
+| `LastModifiedTime` | datetime | Date and time the item or related metadata was last modified |
-| `PublishedDate` | datetime | Date vulnerability was disclosed to public |
+| `PublishedDate` | datetime | Date vulnerability was disclosed to public |
-| `VulnerabilityDescription` | string | Description of vulnerability and associated risks |
+| `VulnerabilityDescription` | string | Description of vulnerability and associated risks |
-| `AffectedSoftware` | string | List of all software products affected by the vulnerability |
+| `AffectedSoftware` | string | List of all software products affected by the vulnerability |
-
+
-## Related topics
+## Related topics
-
+
-- [Advanced hunting overview](advanced-hunting-overview.md)
+- [Advanced hunting overview](advanced-hunting-overview.md)
-- [Learn the query language](advanced-hunting-query-language.md)
+- [Learn the query language](advanced-hunting-query-language.md)
-- [Understand the schema](advanced-hunting-schema-reference.md)
+- [Understand the schema](advanced-hunting-schema-reference.md)
-- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
+- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md

@@ -48,10 +48,10 @@ Table and column names are also listed within the Microsoft Defender Security Ce
 | **[DeviceImageLoadEvents](advanced-hunting-deviceimageloadevents-table.md)** | DLL loading events |
 | **[DeviceEvents](advanced-hunting-deviceevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection |
 | **[DeviceFileCertificateInfo](advanced-hunting-devicefilecertificateinfo-table.md)** | Certificate information of signed files obtained from certificate verification events on endpoints |
-| **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-tvm-softwareinventory-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products |
+| **[DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md)** | Inventory of software on devices as well as any known vulnerabilities in these software products |
-| **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-tvm-softwarevulnerability-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available |
+| **[DeviceTvmSoftwareVulnerabilitiesKB ](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available |
-| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-tvm-configassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices |
+| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices |
-| **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-tvm-secureconfigkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks |
+| **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks |
 
 ## Related topics
 - [Advanced hunting overview](advanced-hunting-overview.md)

windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md

@@ -23,36 +23,45 @@ ms.topic: article
 
 Conducting a comprehensive security product evaluation can be a complex process requiring cumbersome environment and machine configuration before an end-to-end attack simulation can actually be done. Adding to the complexity is the challenge of tracking where the simulation activities, alerts, and results are reflected during the evaluation.
 
-The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
+The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can  focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
-
-When you get started with the lab, you'll be guided through a simple set-up process where you can specify the type of configuration that best suits your needs.
-
-After the lab setup process is complete, you can add Windows 10 or Windows Server 2019 machines. These test machines come pre-configured to have the latest and greatest OS versions with the right security components in place and Office 2019 Standard installed.
 
 With the simplified set-up experience, you can focus on running your own test scenarios and the pre-made simulations to see how Microsoft Defender ATP performs. 
 
-You'll have full access to all the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Microsoft Defender ATP offers. 
+You'll have full access to the powerful capabilities of the platform such as automated investigations, advanced hunting, and threat analytics, allowing you to test the comprehensive protection stack that Microsoft Defender ATP offers. 
+
+You can add Windows 10 or Windows Server 2019 machines that come pre-configured to have the latest OS versions and the right security components in place as well as Office 2019 Standard installed.
+
+You can also install threat simulators. Microsoft Defender ATP has partnered with industry leading threat simulation platforms to help you test out the Microsoft Defender ATP capabilities without having to leave the portal.
+
+ Install your preferred simulator, run scenarios within the evaluation lab, and instantly see how the platform performs - all conveniently available at no extra cost to you. You'll also have convenient access to wide array of simulations which you can access and run from the simulations catalog.
+    
 
 ## Before you begin
 You'll need to fulfill the [licensing requirements](minimum-requirements.md#licensing-requirements) or have trial access to Microsoft Defender ATP to access the evaluation lab.
 
+You must have **Manage security settings** permissions to:
+- Create the lab
+- Create machines
+- Reset password
+- Create simulations 
+ 
+For more information, see [Create and manage roles](user-roles.md).
+
 Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink)
 
+
 ## Get started with the lab
 You can access the lab from the menu. In the navigation menu, select **Evaluation and tutorials > Evaluation lab**.
 
 ![Image of the evaluation lab on the menu](images/evaluation-lab-menu.png)
 
-When you access the evaluation lab for the first time, you'll find an introduction page with a link to the evaluation guide. The guide contains tips and recommendations to keep in mind when evaluating an advanced threat protection product. 
-
-It's a good idea to read the guide before starting the evaluation process so that you can conduct a thorough assessment of the platform.
-
 >[!NOTE]
 >- Each environment is provisioned with a limited set of test machines.
 >- Depending the type of environment structure you select, machines will be available for the specified number of hours from the day of activation.
 >- When you've used up the provisioned machines, no new machines are provided. A deleted machine does not refresh the available test machine count.
 >- Given the limited resources, it’s advisable to use the machines carefully.
 
+Already have a lab? Make sure to enable the new threat simulators and have active machines.
 
 ## Setup the evaluation lab
 
@@ -60,17 +69,37 @@ It's a good idea to read the guide before starting the evaluation process so tha
 
     ![Image of the evaluation lab welcome page](images/evaluation-lab-setup.png)
 
-2. Depending on your evaluation needs, you can choose to setup an environment with fewer machines for a longer period or more machines for a shorter period. Select your preferred lab configuration then select **Create lab**.
+2. Depending on your evaluation needs, you can choose to setup an environment with fewer machines for a longer period or more machines for a shorter period. Select your preferred lab configuration then select **Next**.
 
-    ![Image of lab configuration options](images/lab-creation-page.png)
+    ![Image of lab configuration options](images/lab-creation-page.png) 
+
+
+3. (Optional) You can choose to install threat simulators in the lab. 
+
+    ![Image of install simulators agent](images/install-agent.png)
+
+    >[!IMPORTANT]
+    >You'll first need to accept and provide consent to the terms and information sharing statements. 
+
+4. Select the threat simulation agent you'd like to use and enter your details. You can also choose to install threat simulators at a later time. If you choose to install threat simulation agents during the lab setup, you'll enjoy the benefit of having them conveniently installed on the machines you add.  
+    
+    ![Image of summary page](images/lab-setup-summary.png)
+
+5.  Review the summary and select **Setup lab**.  
+
+After the lab setup process is complete, you can add machines and run simulations. 
 
-When the environment completes the setup process, you're ready to add machines.
 
 ## Add machines
 When you add a machine to your environment, Microsoft Defender ATP sets up a well-configured machine with connection details. You can add Windows 10 or Windows Server 2019 machines.
 
 The machine will be configured with the most up-to-date version of the OS and Office 2019 Standard as well as other apps such as Java, Python, and SysIntenals. 
 
+   >[!TIP]
+   > Need more machines in your lab? Submit a support ticket to have your request reviewed by the Microsoft Defender ATP team. 
+
+If you chose to add a threat simulator during the lab setup, all machines will have the threat simulator agent installed in the machines that you add.
+
 The machine will automatically be onboarded to your tenant with the recommended Windows security components turned on and in audit mode - with no effort on your side. 
 
   The following security components are pre-configured in the test machines:
@@ -94,9 +123,6 @@ Automated investigation settings will be dependent on tenant settings. It will b
 
 1. From the dashboard, select **Add machine**. 
 
-    ![Image of lab setup page](images/lab-setup-page.png)
-
-
 2. Choose the type of machine to add. You can choose to add Windows 10 or Windows Server 2019.
 
     ![Image of lab setup with machine options](images/add-machine-options.png)
@@ -114,20 +140,31 @@ Automated investigation settings will be dependent on tenant settings. It will b
 
 4. Machine set up begins. This can take up to approximately 30 minutes. 
 
-The environment will reflect your test machine status through the evaluation - including risk score, exposure score, and alerts created through the simulation.
+5. See the status of test machines, the risk and exposure levels, and the status of simulator installations by selecting the **Machines** tab. 
+
+    ![Image of machines tab](images/machines-tab.png)
+    
+
+    >[!TIP]
+    >In the **Simulator status** column, you can hover over the information icon to know the installation status of an agent.
 
 
-![Image of test machines](images/eval-lab-dashboard.png)
 
 ## Simulate attack scenarios
-Use the test machines to run attack simulations by connecting to them. 
+Use the test machines to run your own attack simulations by connecting to them. 
 
-If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Microsoft Defender ATP capabilities and walk you through investigation experience.
+You can simulate attack scenarios using:
+- The ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials)
+- Threat simulators
 
 You can also use [Advanced hunting](advanced-hunting-query-language.md) to query data and [Threat analytics](threat-analytics.md) to view reports about emerging threats.
 
-> [!NOTE]
+### Do-it-yourself attack scenarios
-> The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections.
+If you are looking for a pre-made simulation, you can use our ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials). These scripts are safe, documented, and easy to use. These scenarios will reflect Microsoft Defender ATP capabilities and walk you through investigation experience.
+
+
+>[!NOTE]
+>The connection to the test machines is done using RDP. Make sure that your firewall settings allow RDP connections.
 
 1. Connect to your machine and run an attack simulation by selecting **Connect**. 
 
@@ -146,20 +183,70 @@ You can also use [Advanced hunting](advanced-hunting-query-language.md) to query
 
    ![Image of window to enter credentials](images/enter-password.png)
 
-4. Run simulations on the machine. 
+4. Run Do-it-yourself attack simulations on the machine. 
+
+
+### Threat simulator scenarios
+If you chose to install any of the supported threat simulators during the lab setup, you can run the built-in simulations on the evaluation lab machines. 
+
+
+Running threat simulations using third-party platforms is a good way to evaluate Microsoft Defender ATP capabilities within the confines of a lab environment.
+
+>[!NOTE]
+>Before you can run simulations, ensure the following requirements are met:
+>- Machines must be added  to the evaluation lab
+>- Threat simulators must be installed in the evaluation lab
+
+1. From the portal select **Create simulation**.
+
+2. Select a threat simulator.
+
+    ![Image of threat simulator selection](images/select-simulator.png)
+
+3. Choose a simulation or look through the simulation gallery to browse through the available simulations. 
+
+    You can get to the simulation gallery from:
+    - The main evaluation dashboard in the **Simulations overview** tile or
+    - By navigating from the navigation pane **Evaluation and tutorials** > **Simulation & tutorials**, then select **Simulations catalog**.
+
+4. Select the devices where you'd like to run the simulation on.
+
+5. Select **Create simulation**.
+
+6. View the progress of a simulation by selecting the **Simulations** tab. View the simulation state, active alerts, and other details. 
+
+    ![Image of simulations tab](images/simulations-tab.png)
+    
+After running your simulations, we encourage you to walk through the lab progress bar and explore Microsoft Defender ATP features. See if the attack simulations you ran triggered an automated investigation and remediation, check out the evidence collected and analyzed by the feature.
 
-After running your simulations, we encourage you to walk through the lab progress bar and explore Microsoft Defender ATP features. See if your attacks triggered an automated investigation and remediation, check out the evidence collected and analyzed by the feature.
 
 
 Hunt for attack evidence through advanced hunting by using the rich query language and raw telemetry and check out some world-wide threats documented in Threat analytics.
 
 
-## Simulation results
+## Simulation gallery
-Get a full overview of the simulation results, all in one place, allowing you to drill down to the relevant pages with every detail you need.
+Microsoft Defender ATP has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal. 
 
-View the machine details page by selecting the machine from the table. You'll be able to drill down on relevant alerts and investigations by exploring the rich context provided on the attack simulation. 
+View all the available simulations by going to  **Simulations and tutorials** > **Simulations catalog**  from the menu. 
 
-### Evaluation report
+
+A list of supported third-party threat simulation agents are listed, and specific types of simulations along with detailed descriptions are provided on the catalog. 
+
+You can conveniently run any available simulation right from the catalog.  
+
+
+![Image of simulations catalog](images/simulations-catalog.png)
+
+Each simulation comes with an in-depth description of the attack scenario and references such as the MITRE attack techniques used and sample Advanced hunting queries you run.
+
+**Examples:**
+![Image of simulation description details](images/simulation-details-aiq.png)
+
+
+![Image of simulation description details](images/simulation-details-sb.png)
+
+
+## Evaluation report
 The lab reports summarize the results of the simulations conducted on the machines. 
 
 ![Image of the evaluation report](images/eval-report.png)
@@ -172,6 +259,7 @@ At a glance, you'll quickly be able to see:
 - Detection sources
 - Automated investigations
 
+
 ## Provide feedback
 Your feedback helps us get better in protecting your environment from advanced attacks. Share your experience and impressions from product capabilities and evaluation results.
 

windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md

@@ -88,5 +88,4 @@ crl.microsoft.com`
 - `https://static2.sharepointonline.com` 
 
 
-## Related topics
+
-- [Validate licensing provisioning and complete setup for Microsoft Defender ATP](licensing.md)