mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 14:27:22 +00:00
Fixed table rendering
This commit is contained in:
lomayor
parent
14f0c2457e
commit
77cc958b52
@ -26,7 +26,7 @@ ms.date: 10/08/2019
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
|
||||
|
||||
The miscellaneous device events or `DeviceEvents` table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.
|
||||
The miscellaneous device events or `DeviceEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.
|
||||
|
||||
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
|
||||
|
||||
@ -42,7 +42,7 @@ For information on other tables in the advanced hunting schema, see [the advance
|
||||
| `SHA256` | string | SHA-256 of the file that the recorded action was applied to. This field is usually not populated—use the SHA1 column when available |
|
||||
| `MD5` | string | MD5 hash of the file that the recorded action was applied to |
|
||||
| `AccountDomain` | string | Domain of the account |
|
||||
| `AccountName |string | User name of the account |
|
||||
| `AccountName` |string | User name of the account |
|
||||
| `AccountSid` | string | Security Identifier (SID) of the account |
|
||||
| `RemoteUrl` | string | URL or fully qualified domain name (FQDN) that was being connected to |
|
||||
| `RemoteDeviceName` | string | Name of the machine that performed a remote operation on the affected machine. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information |
|
||||
|
||||
@ -26,7 +26,7 @@ ms.date: 10/08/2019
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
|
||||
|
||||
The `DeviceFileEvents` table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table.
|
||||
The `DeviceFileEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table.
|
||||
|
||||
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
|
||||
|
||||
@ -66,7 +66,7 @@ For information on other tables in the advanced hunting schema, see [the advanc
|
||||
| `RequestAccountName` | string | User name of account used to remotely initiate the activity |
|
||||
| `RequestAccountDomain` | string | Domain of the account used to remotely initiate the activity |
|
||||
| `RequestAccountSid` | string | Security Identifier (SID) of the account to remotely initiate the activity |
|
||||
| `ReportId | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns |
|
||||
| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns |
|
||||
| `AppGuardContainerId` | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
|
||||
| `SensitivityLabel` | string | Label applied to an email, file, or other content to classify it for information protection |
|
||||
| `SensitivitySubLabel` | string | Sublabel applied to an email, file, or other content to classify it for information protection; sensitivity sublabels are grouped under sensitivity labels but are treated independently |
|
||||
|
||||
@ -26,7 +26,7 @@ ms.date: 10/08/2019
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
|
||||
|
||||
The `DeviceImageLoadEvents table` in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
|
||||
The `DeviceImageLoadEvents table` in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
|
||||
|
||||
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ ms.date: 10/08/2019
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
|
||||
|
||||
The `DeviceInfo` table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about machines in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table.
|
||||
The `DeviceInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about machines in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table.
|
||||
|
||||
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ ms.date: 10/08/2019
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
|
||||
|
||||
The `DeviceLogonEvents` table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
|
||||
The `DeviceLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
|
||||
|
||||
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ ms.date: 10/08/2019
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
|
||||
|
||||
The `DeviceNetworkEvents` table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table.
|
||||
The `DeviceNetworkEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table.
|
||||
|
||||
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ ms.date: 10/08/2019
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
|
||||
|
||||
The `DeviceNetworkInfo` table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table.
|
||||
The `DeviceNetworkInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table.
|
||||
|
||||
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ ms.date: 10/08/2019
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
|
||||
|
||||
The `DeviceProcessEvents` table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table.
|
||||
The `DeviceProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table.
|
||||
|
||||
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
|
||||
|
||||
|
||||
@ -26,7 +26,7 @@ ms.date: 10/08/2019
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
|
||||
|
||||
The `DeviceRegistryEvents` table in the [Advanced hunting](advanced-hunting-overview.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table.
|
||||
The `DeviceRegistryEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table.
|
||||
|
||||
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).
|
||||
|
||||
|
||||
@ -27,7 +27,7 @@ ms.date: 10/08/2019
|
||||
|
||||
[!include[Prerelease information](../../includes/prerelease.md)]
|
||||
|
||||
The [Advanced hunting](advanced-hunting-overview.md) schema is made up of multiple tables that provide either event information or information about machines and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the advanced hunting schema.
|
||||
The [advanced hunting](advanced-hunting-overview.md) schema is made up of multiple tables that provide either event information or information about machines and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the advanced hunting schema.
|
||||
|
||||
## Schema tables
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user