diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md index b233cdf455..298c799abc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md @@ -1,6 +1,6 @@ --- title: AlertEvents -description: Learn about Advanced hunting table AlertEvents, such as column names, data types, and description +description: AlertEvents table in the advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, alertevent search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -AlertEvents is a table in the Advanced hunting schema. It contains information about alerts on Microsoft Defender Security Center. You can use the reference below to construct queries that return information from this table. +The AlertEvents table in the Advanced hunting schema contains information about alerts on Microsoft Defender Security Center. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -48,6 +48,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md index fb65ba4ecc..e97919ea91 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md @@ -1,6 +1,6 @@ --- title: FileCreationEvents -description: Learn about Advanced hunting table FileCreationEvents, such as column names, data types, and description +description: FileCreationEvents table in the Advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, filecreationevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -FileCreationEvents is a table in the Advanced hunting schema. It contains information about file creation, modification, and other file system events. You can use the reference below to construct queries that return information from this table. +The FileCreationEvents table in the Advanced hunting schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -63,11 +63,11 @@ For information on other tables in the Advanced hunting schema, see our [Advance | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity | | SensitivityLabel | string | Label applied to an email, file, or other content to classify it for information protection | | SensitivitySubLabel | string | Sublabel applied to an email, file, or other content to classify it for information protection; sensitivity sublabels are grouped under sensitivity labels but are treated independently | -| IsWindowsInfoProtectionApplied | N/A | N/A | | IsAzureInfoProtectionApplied | boolean | Indicates whether the file is encrypted by Azure Information Protection | ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md index 951b5f83ea..c1196b1a58 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md @@ -1,6 +1,6 @@ --- title: ImageLoadEvents -description: Learn about Advanced hunting table ImageLoadEvents, such as column names, data types, and description +description: ImageLoadEvents table in the Advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, imageloadevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -ImageLoadEvents is a table in the Advanced hunting schema. It contains information about DLL loading events. You can use the reference below to construct queries that return information from this table. +The ImageLoadEvents table in the Advanced hunting schema contains information about DLL loading events. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -60,6 +60,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md index 7bb35627d0..b775cf471f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md @@ -1,6 +1,6 @@ --- title: LogonEvents -description: Learn about Advanced hunting table LogonEvents, such as column names, data types, and description +description: LogonEvents table in the Advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, logonevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -LogonEvents is a table in the Advanced hunting schema. It contains information about user logons and other authentication events. You can use the reference below to construct queries that return information from this table. +The LogonEvents table in the Advanced hunting schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -68,6 +68,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md index 5b29c9be66..0a481f8639 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md @@ -1,6 +1,6 @@ --- title: MachineInfo -description: Learn about Advanced hunting table MachineInfo, such as column names, data types, and description +description: MachineInfo table in the Advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machineinfo search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -MachineInfo is a table in the Advanced hunting schema. It contains information about machines in the organization, including OS information. You can use the reference below to construct queries that return information from this table. +The MachineInfo table in the Advanced hunting schema contains information about machines in the organization, including OS version, active users, and computer name. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -49,6 +49,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md index c66389a339..d31da2b287 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md @@ -1,6 +1,6 @@ --- title: MachineNetworkInfo -description: Learn about Advanced hunting table MachineNetworkInfo, such as column names, data types, and description +description: MachineNetworkInfo table in the Advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, machinenetworkinfo search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -MachineNetworkInfo is a table in the Advanced hunting schema. It contains information about network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains. You can use the reference below to construct queries that return information from this table. +The MachineNetworkInfo table in the Advanced hunting schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -50,6 +50,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md index acc1394b7d..a264a61fb7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md @@ -1,6 +1,6 @@ --- title: MiscEvents -description: Learn about Advanced hunting table MiscEvents, such as column names, data types, and description +description: MiscEvents table in the advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, miscEvents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -MiscEvents is a table in the Advanced hunting schema. It contains information about multiple event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. You can use the reference below to construct queries that return information from this table. +The MiscEvents table in the Advanced hunting schema contains information about multiple event types, including events triggered by security controls, such as Windows Defender Antivirus and exploit protection. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -81,6 +81,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md index 52e46b633a..238acf2ee9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md @@ -1,6 +1,6 @@ --- title: NetworkCommunicationEvents -description: Learn about Advanced hunting table NetworkCommunicationEvents, such as column names, data types, and description +description: NetworkCommunicationEvents table in the Advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, networkcommunicationevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -NetworkCommunicationEvents is a table in the Advanced hunting schema. It contains information about network connections and related events. You can use the reference below to construct queries that return information from this table. +The NetworkCommunicationEvents table in the Advanced hunting schema contains information about network connections and related events. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -64,6 +64,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md index 2ce2287fec..efa1c51ed6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md @@ -1,6 +1,6 @@ --- title: ProcessCreationEvents -description: Learn about Advanced hunting table ProcessCreationEvents, such as column names, data types, and description +description: ProcessCreationEvents table in the Advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, processcreationevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -ProcessCreationEvents is a table in the Advanced hunting schema. It contains information about process creation and related events. You can use the reference below to construct queries that return information from this table. +The ProcessCreationEvents table in the Advanced hunting schema contains information about process creation and related events. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -72,6 +72,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md index 919bb40c3f..5c0941650a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md @@ -1,6 +1,6 @@ --- -title: Advanced hunting reference in Microsoft Defender ATP -description: Learn about Advanced hunting table reference such as column name, data type, and description +title: Advanced hunting schema reference +description: Learn about the tables in the advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -28,7 +28,7 @@ ms.date: 07/24/2019 ## Advanced hunting table reference -The Advanced hunting schema is made up of multiple tables, which provide either event information or information about certain entities. Table and column names are used for calling information about specific events or entities in queries. +The Advanced hunting schema is made up of multiple tables that provide either event information, or information about certain entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the Advanced hunting schema. The following reference lists all the tables in the Advanced hunting schema. Each table name links to a page describing the column names for that table. diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md index 6472ef185c..043d87e790 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md @@ -1,6 +1,6 @@ --- title: RegistryEvents -description: Learn about Advanced hunting table RegistryEvents, such as column names, data types, and description +description: RegistryEvents table in the Advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, registryevents search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -RegistryEvents is a table in the Advanced hunting schema. It contains information about the creation and modification of registry entries. You can use the reference below to construct queries that return information from this table. +The RegistryEvents table in the Advanced hunting schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -62,6 +62,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-softwarevulnerabilityinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-softwarevulnerabilityinfo-table.md index a4a587aa1f..27628c9bd1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-softwarevulnerabilityinfo-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-softwarevulnerabilityinfo-table.md @@ -1,6 +1,6 @@ --- title: SoftwareVulnerabilityInfo -description: Learn about Advanced hunting table SoftwareVulnerabilityInfo, such as column names, data types, and description +description: SoftwareVulnerabilityInfo table in the Advanced hunting schema keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description, softwarevulnerabilityinfo search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -26,7 +26,7 @@ ms.date: 07/24/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -SoftwareVulnerabilityInfo is a table in the Advanced hunting schema. It contains information about software in use, including version number, as well as any known vulnerabilities. You can use the reference below to construct queries that return information from this table. +The SoftwareVulnerabilityInfo table in the Advanced hunting schema contains information about software in use, including version number, as well as any known vulnerabilities. Use this reference to construct queries that return information from this table. For information on other tables in the Advanced hunting schema, see our [Advanced hunting reference](advanced-hunting-reference.md) page. @@ -47,6 +47,7 @@ For information on other tables in the Advanced hunting schema, see our [Advance ## Related topics +- [Advanced hunting overview](overview-hunting.md) - [All Advanced hunting tables](advanced-hunting-reference.md) - [Advanced hunting query best practices](advanced-hunting-best-practices.md) - [Query data using Advanced hunting](advanced-hunting.md)