deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

toc update, rm svevents table, updated table titles

Browse Source
This commit is contained in:
martyav 2019-07-26 15:43:31 -04:00
parent d3c6e0101a
commit ca6e89846b
13 changed files with 43 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
windows/security/threat-protection/TOC.md
View File

@ -104,7 +104,18 @@
### [Advanced hunting]()
#### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md)
#### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md)
##### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md)
##### [Advanced hunting reference]()
###### [All tables in Advanced hunting schema](microsoft-defender-atp/advanced-hunting-reference.md)
###### [AlertEvents table](microsoft-defender-atp/advanced-hunting-alertevents-table.md)
###### [FileCreationEvents table](microsoft-defender-atp/advanced-hunting-filecreationevents-table.md)
###### [ImageLoadEvents table](microsoft-defender-atp/advanced-hunting-imageloadevents-table.md)
###### [LogonEvents table](microsoft-defender-atp/advanced-hunting-logonevents-table.md)
###### [MachineInfo table](microsoft-defender-atp/advanced-hunting-machineinfo-table.md)
###### [MachineNetworkInfo table](microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md)
###### [MiscEvents table](microsoft-defender-atp/advanced-hunting-miscevents-table.md)
###### [NetworkCommunicationEvents table](microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md)
###### [ProcessCreationEvents table](microsoft-defender-atp/advanced-hunting-processcreationevents-table.md)
###### [RegistryEvents table](microsoft-defender-atp/advanced-hunting-registryevents-table.md)
##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
#### [Custom detections]()

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md
View File

@ -1,6 +1,6 @@
---
title: AlertEvents
description: AlertEvents table in the advanced hunting schema
title: AlertEvents table in the advanced hunting schema
description: Learn about the AlertEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, alertevent
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -26,7 +26,7 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The AlertEvents table in the Advanced hunting schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from this table.
The AlertEvents table in the Advanced hunting schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.

8
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md
View File

@ -1,6 +1,6 @@
---
title: FileCreationEvents
description: FileCreationEvents table in the Advanced hunting schema
title: FileCreationEvents table in the Advanced hunting schema
description: Learn about the FileCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, filecreationevents
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -26,9 +26,9 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The FileCreationEvents table in the Advanced hunting schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from this table.
The FileCreationEvents table in the Advanced hunting schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
For information on other tables in the Advanced hunting schema, see [the Advanced hunting reference](advanced-hunting-reference.md).
| Column name | Data type | Description |
|-------------|-----------|-------------|

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md
View File

@ -1,6 +1,6 @@
---
title: ImageLoadEvents
description: ImageLoadEvents table in the Advanced hunting schema
title: ImageLoadEvents table in the Advanced hunting schema
description: Learn about the ImageLoadEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, imageloadevents
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -26,7 +26,7 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The ImageLoadEvents table in the Advanced hunting schema contains information about DLL loading events. Use this reference to construct queries that return information from this table.
The ImageLoadEvents table in the Advanced hunting schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md
View File

@ -1,6 +1,6 @@
---
title: LogonEvents
description: LogonEvents table in the Advanced hunting schema
title: LogonEvents table in the Advanced hunting schema
description: Learn about the LogonEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, logonevents
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -26,7 +26,7 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The LogonEvents table in the Advanced hunting schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from this table.
The LogonEvents table in the Advanced hunting schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md
View File

@ -1,6 +1,6 @@
---
title: MachineInfo
description: MachineInfo table in the Advanced hunting schema
title: MachineInfo table in the Advanced hunting schema
description: Learn about the MachineInfo table in the Advanced hunting schema, such as column names, data types, and descriptions
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machineinfo
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -26,7 +26,7 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The MachineInfo table in the Advanced hunting schema contains information about machines in the organization, including OS version, active users, and computer name. Use this reference to construct queries that return information from this table.
The MachineInfo table in the Advanced hunting schema contains information about machines in the organization, including OS version, active users, and computer name. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md
View File

@ -1,6 +1,6 @@
---
title: MachineNetworkInfo
description: MachineNetworkInfo table in the Advanced hunting schema
title: MachineNetworkInfo table in the Advanced hunting schema
description: Learn about the MachineNetworkInfo table in the Advanced hunting schema, such as column names, data types, and descriptions
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machinenetworkinfo
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -26,7 +26,7 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The MachineNetworkInfo table in the Advanced hunting schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from this table.
The MachineNetworkInfo table in the Advanced hunting schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md
View File

@ -1,6 +1,6 @@
---
title: MiscEvents
description: MiscEvents table in the advanced hunting schema
title: MiscEvents table in the advanced hunting schema
description: Learn about the MiscEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, miscEvents
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -26,7 +26,7 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The MiscEvents table in the Advanced hunting schema contains information about multiple event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from this table.
The MiscEvents table in the Advanced hunting schema contains information about multiple event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md
View File

@ -1,6 +1,6 @@
---
title: NetworkCommunicationEvents
description: NetworkCommunicationEvents table in the Advanced hunting schema
title: NetworkCommunicationEvents table in the Advanced hunting schema
description: Learn about the NetworkCommunicationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, networkcommunicationevents
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -26,7 +26,7 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The NetworkCommunicationEvents table in the Advanced hunting schema contains information about network connections and related events. Use this reference to construct queries that return information from this table.
The NetworkCommunicationEvents table in the Advanced hunting schema contains information about network connections and related events. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md
View File

@ -1,6 +1,6 @@
---
title: ProcessCreationEvents
description: ProcessCreationEvents table in the Advanced hunting schema
title: ProcessCreationEvents table in the Advanced hunting schema
description: Learn about the ProcessCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, processcreationevents
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -26,7 +26,7 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The ProcessCreationEvents table in the Advanced hunting schema contains information about process creation and related events. Use this reference to construct queries that return information from this table.
The ProcessCreationEvents table in the Advanced hunting schema contains information about process creation and related events. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.

1
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md
View File

@ -46,7 +46,6 @@ Table and column names are also listed within the Security center, in the schema
| **[LogonEvents](advanced-hunting-logonevents-table.md)** | Sign-ins and other authentication events |
| **[ImageLoadEvents](advanced-hunting-imageloadevents-table.md)** | DLL loading events |
| **[MiscEvents](advanced-hunting-miscevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection |
| **[SoftwareVulnerabilityInfo](advanced-hunting-softwarevulnerabilityinfo-table.md)** | Information about software in use, including version information as well as known vulnerabilities |
## Related topics

6
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md
View File

@ -1,6 +1,6 @@
---
title: RegistryEvents
description: RegistryEvents table in the Advanced hunting schema
title: RegistryEvents table in the Advanced hunting schema
description: Learn about the RegistryEvents table in the Advanced hunting schema, such as column names, data types, and descriptions
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, registryevents
search.product: eADQiWindows 10XVcnh
search.appverid: met150
@ -26,7 +26,7 @@ ms.date: 07/24/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The RegistryEvents table in the Advanced hunting schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from this table.
The RegistryEvents table in the Advanced hunting schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.

53
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-softwarevulnerabilityinfo-table.md
View File

@ -1,53 +0,0 @@
---
title: SoftwareVulnerabilityInfo
description: SoftwareVulnerabilityInfo table in the Advanced hunting schema
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, softwarevulnerabilityinfo
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: v-maave
author: martyav
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 07/24/2019
---
# SoftwareVulnerabilityInfo
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The SoftwareVulnerabilityInfo table in the Advanced hunting schema contains information about software in use, including version number, as well as any known vulnerabilities. Use this reference to construct queries that return information from this table.
For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page.
| Column name | Data type | Description |
|-------------|-----------|-------------|
| MachineId | string | Unique identifier for the machine in the service |
| ComputerName | string | Fully qualified domain name (FQDN) of the machine |
| OSPlatform | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7 |
| OsVersion | string | Version of the operating system running on the machine |
| OSArchitecture | string | Architecture of the operating system running on the machine |
| SoftwareVendor | N/A | N/A |
| SoftwareName | N/A | N/A |
| SoftwareVersion | N/A | N/A |
| CveId | N/A | N/A |
| CvssScore | N/A | N/A |
| VulnerabilitySeverityLevel | N/A | N/A |
| IsExploitAvailable | N/A | | N/A |
## Related topics
- [Advanced hunting overview](overview-hunting.md)
- [All Advanced hunting tables](advanced-hunting-reference.md)
- [Advanced hunting query best practices](advanced-hunting-best-practices.md)
- [Query data using Advanced hunting](advanced-hunting.md)