diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index d42055564e..b22f43a08f 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -104,7 +104,18 @@ ### [Advanced hunting]() #### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md) #### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md) -##### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md) +##### [Advanced hunting reference]() +###### [All tables in Advanced hunting schema](microsoft-defender-atp/advanced-hunting-reference.md) +###### [AlertEvents table](microsoft-defender-atp/advanced-hunting-alertevents-table.md) +###### [FileCreationEvents table](microsoft-defender-atp/advanced-hunting-filecreationevents-table.md) +###### [ImageLoadEvents table](microsoft-defender-atp/advanced-hunting-imageloadevents-table.md) +###### [LogonEvents table](microsoft-defender-atp/advanced-hunting-logonevents-table.md) +###### [MachineInfo table](microsoft-defender-atp/advanced-hunting-machineinfo-table.md) +###### [MachineNetworkInfo table](microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md) +###### [MiscEvents table](microsoft-defender-atp/advanced-hunting-miscevents-table.md) +###### [NetworkCommunicationEvents table](microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md) +###### [ProcessCreationEvents table](microsoft-defender-atp/advanced-hunting-processcreationevents-table.md) +###### [RegistryEvents table](microsoft-defender-atp/advanced-hunting-registryevents-table.md) ##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) #### [Custom detections]() diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md index 298c799abc..ea1feefdad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md @@ -1,6 +1,6 @@ --- -title: AlertEvents -description: AlertEvents table in the advanced hunting schema +title: AlertEvents table in the advanced hunting schema +description: Learn about the AlertEvents table in the Advanced hunting schema, such as column names, data types, and descriptions keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, alertevent search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The AlertEvents table in the Advanced hunting schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from this table. +The AlertEvents table in the Advanced hunting schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md index e97919ea91..58c4a28614 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md @@ -1,6 +1,6 @@ --- -title: FileCreationEvents -description: FileCreationEvents table in the Advanced hunting schema +title: FileCreationEvents table in the Advanced hunting schema +description: Learn about the FileCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, filecreationevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,9 +26,9 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The FileCreationEvents table in the Advanced hunting schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from this table. +The FileCreationEvents table in the Advanced hunting schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table. -For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. +For information on other tables in the Advanced hunting schema, see [the Advanced hunting reference](advanced-hunting-reference.md). | Column name | Data type | Description | |-------------|-----------|-------------| diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md index c1196b1a58..9c2ffcbef0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md @@ -1,6 +1,6 @@ --- -title: ImageLoadEvents -description: ImageLoadEvents table in the Advanced hunting schema +title: ImageLoadEvents table in the Advanced hunting schema +description: Learn about the ImageLoadEvents table in the Advanced hunting schema, such as column names, data types, and descriptions keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, imageloadevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The ImageLoadEvents table in the Advanced hunting schema contains information about DLL loading events. Use this reference to construct queries that return information from this table. +The ImageLoadEvents table in the Advanced hunting schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md index b775cf471f..004409e8c2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md @@ -1,6 +1,6 @@ --- -title: LogonEvents -description: LogonEvents table in the Advanced hunting schema +title: LogonEvents table in the Advanced hunting schema +description: Learn about the LogonEvents table in the Advanced hunting schema, such as column names, data types, and descriptions keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, logonevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The LogonEvents table in the Advanced hunting schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from this table. +The LogonEvents table in the Advanced hunting schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md index 0a481f8639..33a911730b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md @@ -1,6 +1,6 @@ --- -title: MachineInfo -description: MachineInfo table in the Advanced hunting schema +title: MachineInfo table in the Advanced hunting schema +description: Learn about the MachineInfo table in the Advanced hunting schema, such as column names, data types, and descriptions keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machineinfo search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The MachineInfo table in the Advanced hunting schema contains information about machines in the organization, including OS version, active users, and computer name. Use this reference to construct queries that return information from this table. +The MachineInfo table in the Advanced hunting schema contains information about machines in the organization, including OS version, active users, and computer name. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md index d31da2b287..d3ea68e5fa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md @@ -1,6 +1,6 @@ --- -title: MachineNetworkInfo -description: MachineNetworkInfo table in the Advanced hunting schema +title: MachineNetworkInfo table in the Advanced hunting schema +description: Learn about the MachineNetworkInfo table in the Advanced hunting schema, such as column names, data types, and descriptions keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machinenetworkinfo search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The MachineNetworkInfo table in the Advanced hunting schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from this table. +The MachineNetworkInfo table in the Advanced hunting schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md index a264a61fb7..6b1268fb69 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md @@ -1,6 +1,6 @@ --- -title: MiscEvents -description: MiscEvents table in the advanced hunting schema +title: MiscEvents table in the advanced hunting schema +description: Learn about the MiscEvents table in the Advanced hunting schema, such as column names, data types, and descriptions keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, miscEvents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The MiscEvents table in the Advanced hunting schema contains information about multiple event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from this table. +The MiscEvents table in the Advanced hunting schema contains information about multiple event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md index 238acf2ee9..ef6d2e7ff2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md @@ -1,6 +1,6 @@ --- -title: NetworkCommunicationEvents -description: NetworkCommunicationEvents table in the Advanced hunting schema +title: NetworkCommunicationEvents table in the Advanced hunting schema +description: Learn about the NetworkCommunicationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, networkcommunicationevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The NetworkCommunicationEvents table in the Advanced hunting schema contains information about network connections and related events. Use this reference to construct queries that return information from this table. +The NetworkCommunicationEvents table in the Advanced hunting schema contains information about network connections and related events. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md index efa1c51ed6..530a4bca2d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md @@ -1,6 +1,6 @@ --- -title: ProcessCreationEvents -description: ProcessCreationEvents table in the Advanced hunting schema +title: ProcessCreationEvents table in the Advanced hunting schema +description: Learn about the ProcessCreationEvents table in the Advanced hunting schema, such as column names, data types, and descriptions keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, processcreationevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The ProcessCreationEvents table in the Advanced hunting schema contains information about process creation and related events. Use this reference to construct queries that return information from this table. +The ProcessCreationEvents table in the Advanced hunting schema contains information about process creation and related events. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md index 5c0941650a..59079e0550 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md @@ -46,7 +46,6 @@ Table and column names are also listed within the Security center, in the schema | **[LogonEvents](advanced-hunting-logonevents-table.md)** | Sign-ins and other authentication events | | **[ImageLoadEvents](advanced-hunting-imageloadevents-table.md)** | DLL loading events | | **[MiscEvents](advanced-hunting-miscevents-table.md)** | Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection | -| **[SoftwareVulnerabilityInfo](advanced-hunting-softwarevulnerabilityinfo-table.md)** | Information about software in use, including version information as well as known vulnerabilities | ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md index 043d87e790..717734a492 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md @@ -1,6 +1,6 @@ --- -title: RegistryEvents -description: RegistryEvents table in the Advanced hunting schema +title: RegistryEvents table in the Advanced hunting schema +description: Learn about the RegistryEvents table in the Advanced hunting schema, such as column names, data types, and descriptions keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, registryevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The RegistryEvents table in the Advanced hunting schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from this table. +The RegistryEvents table in the Advanced hunting schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-softwarevulnerabilityinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-softwarevulnerabilityinfo-table.md deleted file mode 100644 index 27628c9bd1..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-softwarevulnerabilityinfo-table.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: SoftwareVulnerabilityInfo -description: SoftwareVulnerabilityInfo table in the Advanced hunting schema -keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, softwarevulnerabilityinfo -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: v-maave -author: martyav -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 07/24/2019 ---- - -# SoftwareVulnerabilityInfo - -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) - -The SoftwareVulnerabilityInfo table in the Advanced hunting schema contains information about software in use, including version number, as well as any known vulnerabilities. Use this reference to construct queries that return information from this table. - -For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. - -| Column name | Data type | Description | -|-------------|-----------|-------------| -| MachineId | string | Unique identifier for the machine in the service | -| ComputerName | string | Fully qualified domain name (FQDN) of the machine | -| OSPlatform | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7 | -| OsVersion | string | Version of the operating system running on the machine | -| OSArchitecture | string | Architecture of the operating system running on the machine | -| SoftwareVendor | N/A | N/A | -| SoftwareName | N/A | N/A | -| SoftwareVersion | N/A | N/A | -| CveId | N/A | N/A | -| CvssScore | N/A | N/A | -| VulnerabilitySeverityLevel | N/A | N/A | -| IsExploitAvailable | N/A | | N/A | - -## Related topics - -- [Advanced hunting overview](overview-hunting.md) -- [All Advanced hunting tables](advanced-hunting-reference.md) -- [Advanced hunting query best practices](advanced-hunting-best-practices.md) -- [Query data using Advanced hunting](advanced-hunting.md)