deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated advanced-hunting-windows-defender-advanced-threat-protection.md

Browse Source
This commit is contained in:
Liza Mash 2018-03-21 07:08:14 +00:00
parent 60d162bb42
commit a31cedc0ad
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md
View File

@ -162,10 +162,10 @@ Check out the [Advanced Hunting repository](https://github.com/Microsoft/Advance
| AccountName | string | User name of the account. | | AccountName | string | User name of the account. |
| AccountSid | string | Security Identifier (SID) of the account. | | AccountSid | string | Security Identifier (SID) of the account. |
| ActionType | string | Type of activity that triggered the event. | | ActionType | string | Type of activity that triggered the event. |
| AdditionalFields | | Additional information about the event in JSON array format. | | AdditionalFields | string | Additional information about the event in JSON array format. |
| AlertId | string | Unique identifier for the alert. | | AlertId | string | Unique identifier for the alert. |
| ComputerName | string | Fully qualified domain name (FQDN) of the machine. | | ComputerName | string | Fully qualified domain name (FQDN) of the machine. |
| EventId | | Unique identifier used by Event Tracing for Windows (ETW) for the event type. | | EventId | int | Unique identifier used by Event Tracing for Windows (ETW) for the event type. |
| EventTime | datetime | Date and time when the event was recorded. | | EventTime | datetime | Date and time when the event was recorded. |
| EventType | string | Table where the record is stored. | | EventType | string | Table where the record is stored. |
| FileName | string | Name of the file that the recorded action was applied to. | | FileName | string | Name of the file that the recorded action was applied to. |
@ -210,7 +210,7 @@ Check out the [Advanced Hunting repository](https://github.com/Microsoft/Advance
| ProcessId | int | Process ID (PID) of the newly created process. | | ProcessId | int | Process ID (PID) of the newly created process. |
| ProcessIntegrityLevel | string | Integrity level of the newly created process. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet downloaded. These integrity levels influence permissions to resources. | | ProcessIntegrityLevel | string | Integrity level of the newly created process. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet downloaded. These integrity levels influence permissions to resources. |
| ProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the newly created process. | | ProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the newly created process. |
| ProviderId | | Unique identifier for the Event Tracing for Windows (ETW) provider that collected the event log. | | ProviderId | string | Unique identifier for the Event Tracing for Windows (ETW) provider that collected the event log. |
| RegistryKey | string | Registry key that the recorded action was applied to. | | RegistryKey | string | Registry key that the recorded action was applied to. |
| RegistryValueData | string | Data of the registry value that the recorded action was applied to. | | RegistryValueData | string | Data of the registry value that the recorded action was applied to. |
| RegistryValueName | string | Name of the registry value that the recorded action was applied to. | | RegistryValueName | string | Name of the registry value that the recorded action was applied to. |
@ -218,7 +218,7 @@ Check out the [Advanced Hunting repository](https://github.com/Microsoft/Advance
| RemoteIP | string | IP address that was being connected to. | | RemoteIP | string | IP address that was being connected to. |
| RemotePort | int | TCP port on the remote device that was being connected to. | | RemotePort | int | TCP port on the remote device that was being connected to. |
| RemoteUrl | string | URL or fully qualified domain name (FQDN) that was being connected to. | | RemoteUrl | string | URL or fully qualified domain name (FQDN) that was being connected to. |
| ReportIndex | | Event identifier that is unique among the same event type. | | ReportIndex | long | Event identifier that is unique among the same event type. |
| SHA1 | string | SHA-1 of the file that the recorded action was applied to. | | SHA1 | string | SHA-1 of the file that the recorded action was applied to. |
| SHA256 | string | SHA-256 of the file that the recorded action was applied to. | SHA256 | string | SHA-256 of the file that the recorded action was applied to.