deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 22:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

Browse Source
This commit is contained in:
officedocspr
2020-01-18 00:01:41 +00:00
parent 582f46f566 3447d96049
commit 99d8c8825f
3 changed files with 28 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
View File

@ -34,23 +34,24 @@ For information on other tables in the advanced hunting schema, see [the advance
| Column name | Data type | Description |
|-------------|-----------|-------------|
| `Timestamp` | datetime | Date and time when the event was recorded
| `DeviceId` | string | Unique identifier for the machine in the service
| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine
| `SHA1` | string | SHA-1 of the file that the recorded action was applied to
| `IsSigned` | boolean | Indicates whether the file is signed
| `SignatureType` | string | Indicates whether signature information was read as embedded content in the file itself or read from an external catalog file
| `Signer` | string | Information about the signer of the file
| `SignerHash` | string | Unique hash value identifying the signer
| `Issuer` | string | Information about the issuing certificate authority (CA)
| `IssuerHash` | string | Unique hash value identifying issuing certificate authority (CA)
| `CrlDistributionPointUrls` | string | URL of the network share that contains certificates and the certificate revocation list (CRL)
| `CertificateCreationTime` | datetime | Date and time the certificate was created
| `CertificateExpirationTime` | datetime | Date and time the certificate is set to expire
| `CertificateCountersignatureTime` | datetime | Date and time the certificate was countersigned
| `IsTrusted` | boolean | Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes
| `IsRootSignerMicrosoft` | boolean | Indicates whether the signer of the root certificate is Microsoft
| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns.
| `Timestamp` | datetime | Date and time when the event was recorded |
| `DeviceId` | string | Unique identifier for the machine in the service |
| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
| `SHA1` | string | SHA-1 of the file that the recorded action was applied to |
| `IsSigned` | boolean | Indicates whether the file is signed |
| `SignatureType` | string | Indicates whether signature information was read as embedded | content in the file itself or read from an external catalog file |
| `Signer` | string | Information about the signer of the file |
| `SignerHash` | string | Unique hash value identifying the signer |
| `Issuer` | string | Information about the issuing certificate authority (CA) |
| `IssuerHash` | string | Unique hash value identifying issuing certificate authority (CA) |
| `CertificateSerialNumber` | string | Identifier for the certificate that is unique to the issuing certificate authority (CA) |
| `CrlDistributionPointUrls` | string | JSON array listing the URLs of network shares that contain certificates and certificate revocation lists (CRLs) |
| `CertificateCreationTime` | datetime | Date and time the certificate was created |
| `CertificateExpirationTime` | datetime | Date and time the certificate is set to expire |
| `CertificateCountersignatureTime` | datetime | Date and time the certificate was countersigned |
| `IsTrusted` | boolean | Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes |
| `IsRootSignerMicrosoft` | boolean | Indicates whether the signer of the root certificate is Microsoft |
| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns. |
## Related topics

5
windows/security/threat-protection/microsoft-defender-atp/user-roles.md
View File

@ -43,6 +43,11 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
- **Alerts investigation** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline.
- **Active remediation actions** - Users can take response actions and approve or dismiss pending remediation actions.
- Security operations - Take response actions
- Approve or dismiss pending remediation actions
- Manage allowed/blocked lists for automation
- Manage allowed/blocked create Indicators
>[!NOTE]
>To enable your Security operation personnel to choose remediation options and file exceptions, select **Threat and vulnerability management - Remediation handling**, and **Threat and vulnerability management - Exception handling**.