Tweaks to AH-TVM topics

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md

@@ -28,7 +28,7 @@ ms.date: 11/12/2019
 
 [!include[Prerelease information](prerelease.md)]
 
-Each row in the DeviceTvmSecureConfigurationAssessment table contains an assessment event for a specific security configuration from [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt). Use this reference to check the latest assessment results and determine whether device are compliant.
+Each row in the DeviceTvmSecureConfigurationAssessment table contains an assessment event for a specific security configuration from [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt). Use this reference to check the latest assessment results and determine whether devices are compliant.
 
 For information on other tables in the Advanced hunting schema, see [the Advanced hunting reference](advanced-hunting-reference.md).
 
@@ -37,9 +37,9 @@ For information on other tables in the Advanced hunting schema, see [the Advance
 | MachineId | string | Unique identifier for the machine in the service |
 | ComputerName | string | Fully qualified domain name (FQDN) of the machine |
 | OSPlatform | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.|
-| Timestamp | datetime |Date and time when the record was generated|
+| Timestamp | datetime |Date and time when the record was generated |
 | ConfigurationId | string | Unique identifier for a specific configuration |
-| ConfigurationCategory | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls|
+| ConfigurationCategory | string | Category or grouping to which the configuration belongs: Application, OS, Network, Accounts, Security controls |
 | ConfigurationSubcategory | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
 | ConfigurationImpact | string | Rated impact of the configuration to the overall configuration score (1-10) |
 | IsCompliant | boolean | Indicates whether the configuration or policy is properly configured |

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md

@@ -1,7 +1,7 @@
 ---
 title: DeviceTvmSecureConfigurationAssessmentKB table in the Advanced hunting schema
-description: Learn about the DeviceTvmSecureConfigurationAssessmentKB table in the Advanced hunting schema, security configuration details, and the associated industry benchmarks that it adheres to. 
+description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the Advanced hunting schema. 
-keywords: advanced hunting, atp query, device management, query atp data, query tvm data, query security configuration, intellisense, atp telemetry, events, events telemetry, azure log analytics, description, MITRE ATT&CK framework, DeviceTvmSecureConfigurationAssessmentKB
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 10/27/2019
+ms.date: 11/12/2019
 ---
 
 # DeviceTvmSecureConfigurationAssessmentKB
@@ -28,7 +28,7 @@ ms.date: 10/27/2019
 
 [!include[Prerelease information](prerelease.md)]
 
-The DeviceTvmSecureConfigurationAssessmentKB table in the Advanced hunting schema contains information about the various secure configuration TVM checks during assessments related to your organization. An example of a security configuration is to block JavaScript or VBScript from launching downloaded executable content to prevent accidentally downloading malicious files in your network. Use this reference to construct queries that return information from the table.
+The DeviceTvmSecureConfigurationAssessmentKB table in the Advanced hunting schema contains information about the various secure configurations — such as whether a device has automatic updates on — checked by [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt). It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics. Use this reference to construct queries that return information from the table.
 
 For information on other tables in the Advanced hunting schema, see [the Advanced hunting reference](advanced-hunting-reference.md).
 
@@ -43,7 +43,7 @@ For information on other tables in the Advanced hunting schema, see [the Advance
 | ConfigurationSubcategory | string |Subcategory or subgrouping to which the configuration belongs. In many cases, this describes specific capabilities or features. |
 | ConfigurationBenchmarks | string | List of industry benchmarks recommending the same or similar configuration |
 | RelatedMitreTechniques | string | List of Mitre ATT&CK framework techniques related to the configuration |
-| RelatedMitreTactics  | string | List of Mitre ATT&CK framework tactics related to the configuration|
+| RelatedMitreTactics  | string | List of Mitre ATT&CK framework tactics related to the configuration |
 
 ## Related topics
 
@@ -51,3 +51,4 @@ For information on other tables in the Advanced hunting schema, see [the Advance
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)
+- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md

@@ -1,7 +1,7 @@
 ---
 title: DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema
-description: Learn about the DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema, such as operating system platform, version, and architecture, software vendor, name, and version, CVE ID, vulnerability severity, and descriptions
+description: Learn about the inventory of software in your devices and their vulnerabilities in the DeviceTvmSoftwareInventoryVulnerabilities table of the Advanced hunting schema.
-keywords: advanced hunting, atp query, device management, query atp data, query tvm data, query software inventory, query software vulnerability inventory, intellisense, atp telemetry, events, events telemetry, azure log analytics, description, DeviceTvmSoftwareInventoryVulnerabilities
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 10/27/2019
+ms.date: 11/12/2019
 ---
 
 # DeviceTvmSoftwareInventoryVulnerabilities
@@ -29,7 +29,7 @@ ms.date: 10/27/2019
 
 [!include[Prerelease information](prerelease.md)]
 
-The DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema contains an inventory of the software on your devices as well as any known vulnerabilities in the software products. Use this reference to construct queries that return information from the table.
+The DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema contains the [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt) inventory of software on your devices as well as any known vulnerabilities in these software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. Use this reference to construct queries that return information from the table.
 
 For information on other tables in the Advanced hunting schema, see [the Advanced hunting reference](advanced-hunting-reference.md).
 
@@ -37,14 +37,14 @@ For information on other tables in the Advanced hunting schema, see [the Advance
 |-------------|-----------|-------------|
 | MachineId | string | Unique identifier for the machine in the service |
 | ComputerName | string | Fully qualified domain name (FQDN) of the machine |
-| OSPlatform | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.|
+| OSPlatform | string | Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7. |
 | OSVersion | string | Version of the operating system running on the machine |
-| OSArchitecture | string | Architecture of the operating system running on the machine|
+| OSArchitecture | string | Architecture of the operating system running on the machine |
-| SoftwareVendor | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape|
+| SoftwareVendor | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
-| SoftwareName | string | Name of the software product|
+| SoftwareName | string | Name of the software product |
-|SoftwareVersion | string | Version number of the software product|
+| SoftwareVersion | string | Version number of the software product |
-| CveId | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system|
+| CveId | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
-| VulnerabilitySeverityLevel | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape|
+| VulnerabilitySeverityLevel | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
 
 
 
@@ -54,3 +54,4 @@ For information on other tables in the Advanced hunting schema, see [the Advance
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)
+- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt)

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md

@@ -1,7 +1,7 @@
 ---
 title: DeviceTvmSoftwareVulnerabilitiesKB  table in the Advanced hunting schema
-description: Learn about the DeviceTvmSoftwareVulnerabilitiesKB table in the Advanced hunting schema, such as CVE ID, CVSS score, exploit availability, vulnerability severity, last modified time, date the vulnerability was disclosed to public, and affected software in your network. 
+description: Learn about the software vulnerabilities tracked by [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt) in the DeviceTvmSoftwareVulnerabilitiesKB table of the Advanced hunting schema. 
-keywords: advanced hunting, atp query, device management, query atp data, query tvm data, query software vulnerability inventory, intellisense, atp telemetry, events, events telemetry, azure log analytics, description, DeviceTvmSoftwareVulnerabilitiesKB 
+keywords: advanced hunting, threat hunting, cyber threat hunting, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB 
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 10/27/2019
+ms.date: 11/12/2019
 ---
 
 # DeviceTvmSoftwareVulnerabilitiesKB 
@@ -28,20 +28,20 @@ ms.date: 10/27/2019
 
 [!include[Prerelease information](prerelease.md)]
 
-The DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema contains information about the vulnerabilities Threat & Vulnerability Management assesses devices for. Use this reference along with DeviceTvmSoftwareInventoryVulnerabilities to construct queries that return information on the metadata related to the vulnerabilities in your inventory.
+The DeviceTvmSoftwareInventoryVulnerabilities table in the Advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt) assesses devices for. Use this reference to construct queries that return information from the table.
 
 For information on other tables in the Advanced hunting schema, see [the Advanced hunting reference](advanced-hunting-reference.md).
 
 | Column name | Data type | Description |
 |-------------|-----------|-------------|
-| CveId | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system|
+| CveId | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
-| CvssScore | string | Severity score assigned to the security vulnerability under th Common Vulnerability Scoring System (CVSS)|
+| CvssScore | string | Severity score assigned to the security vulnerability under th Common Vulnerability Scoring System (CVSS) |
-| IsExploitAvailable | boolean | Indicates whether exploit code for the vulnerability is publicly available|
+| IsExploitAvailable | boolean | Indicates whether exploit code for the vulnerability is publicly available |
-| VulnerabilitySeverityLevel | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape|
+| VulnerabilitySeverityLevel | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
-| LastModifiedTime | datetime | Date and time the item or related metadata was last modified|
+| LastModifiedTime | datetime | Date and time the item or related metadata was last modified |
-| PublishedDate | datetime | Date vulnerability was disclosed to public|
+| PublishedDate | datetime | Date vulnerability was disclosed to public |
-| VulnerabilityDescription | string | Description of vulnerability and associated risks|
+| VulnerabilityDescription | string | Description of vulnerability and associated risks |
-| AffectedSoftware | string | List of all software products affected by the vulnerability|
+| AffectedSoftware | string | List of all software products affected by the vulnerability |
 
 ## Related topics
 
@@ -49,3 +49,4 @@ For information on other tables in the Advanced hunting schema, see [the Advance
 - [All Advanced hunting tables](advanced-hunting-reference.md)
 - [Advanced hunting query best practices](advanced-hunting-best-practices.md)
 - [Query data using Advanced hunting](advanced-hunting.md)
+- [Overview of Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt)