deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 20:33:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated advanced-hunting-reference-windows-defender-advanced-threat-protection.md

Browse Source
This commit is contained in:
Louie Mayor
2018-04-23 21:51:30 +00:00
parent 6447f49fba
commit c617a8b866
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
View File

@ -64,7 +64,7 @@ Use the following table to understand what the columns represent, its data type,
| InitiatingProcessParentId | int | Process ID (PID) of the parent process that spawned the process responsible for the event. | | InitiatingProcessParentId | int | Process ID (PID) of the parent process that spawned the process responsible for the event. |
| InitiatingProcessParentName | string | Name of the parent process that spawned the process responsible for the event. | | InitiatingProcessParentName | string | Name of the parent process that spawned the process responsible for the event. |
| InitiatingProcessSha1 | string | SHA-1 of the process (image file) that initiated the event. | | InitiatingProcessSha1 | string | SHA-1 of the process (image file) that initiated the event. |
| InitiatingProcessSha256 | string | SHA-256 of the process (image file) that initiated the event. This field is usually not populated - please use the SHA-1 field when available. | | InitiatingProcessSha256 | string | SHA-256 of the process (image file) that initiated the event. This field is usually not populateduse the SHA1 column when available. |
| InitiatingProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the process that initiated the event. | | InitiatingProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the process that initiated the event. |
| IsAzureADJoined | boolean | Boolean indicator of whether machine is joined to the Azure Active Directory. | | IsAzureADJoined | boolean | Boolean indicator of whether machine is joined to the Azure Active Directory. |
| LocalIP | string | IP address assigned to the local machine used during communication. | | LocalIP | string | IP address assigned to the local machine used during communication. |