From bf60d18ca4b98071037d1a66a1c573f546486dc8 Mon Sep 17 00:00:00 2001 From: Liza Mash Date: Thu, 29 Mar 2018 07:26:18 +0000 Subject: [PATCH] Updated advanced-hunting-windows-defender-advanced-threat-protection.md --- ...nced-hunting-windows-defender-advanced-threat-protection.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index d45acacab9..66684eb442 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -79,6 +79,7 @@ For more information on the query language and supported operators, see [Query L The following tables are exposed as part of advanced hunting: - **AlertEvents** - Stores alerts related information +- **MachineInfo** - Stores machines proprties - **ProcessCreationEvents** - Stores process creation events - **NetworkCommunicationEvents** - Stores network communication events o - **FileCreationEvents** - Stores file creation, modification, and rename events @@ -103,7 +104,7 @@ You can create or modify a query and save it as your own query or share it with 3. Enter a name for the query. - ![Image of saving a query](images/atp-save-query.png) + ![Image of saving a query](images/advanced-hunting-save-query.png) 4. Select the folder where you'd like to save the query. - Shared queries - Allows other users in the tenant to access the query