added new columns to doc

2025-06-07 10:07:21 +00:00 · 2018-05-21 10:32:40 +03:00 · 2018-05-21 10:32:40 +03:00 · f070934bfa
commit f070934bfa
parent 9a7fb9545a
1 changed files with 2 additions and 0 deletions
--- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md
@ -42,6 +42,7 @@ Use the following table to understand what the columns represent, its data type,
 | AdditionalFields                    | string      | Additional information about the event in JSON array format.                                                                                                                                                                                                   |
 | AlertId                             | string      | Unique identifier for the alert.                                                                                                                                                                                                                               |
 | ComputerName                        | string      | Fully qualified domain name (FQDN) of the machine.                                                                                                                                                                                                             |
+| RemoteComputerName                  | string      | Name of the machine that performed a remote operation on the affected machine. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information.                      | 
 | EventId                             | int         | Unique identifier used by Event Tracing for Windows (ETW) for the event type.                                                                                                                                                                                  |
 | EventTime                           | datetime    | Date and time when the event was recorded.                                                                                                                                                                                                                     |
 | EventType                           | string      | Table where the record is stored.                                                                                                                                                                                                                              |
@ -53,6 +54,7 @@ Use the following table to understand what the columns represent, its data type,
 | InitiatingProcessAccountDomain      | string      | Domain of the account that ran the process responsible for the event.                                                                                                                                                                                          |
 | InitiatingProcessAccountName        | string      | User name of the account that ran the process responsible for the event.                                                                                                                                                                                       |
 | InitiatingProcessAccountSid         | string      | Security Identifier (SID) of the account that ran the process responsible for the event.                                                                                                                                                                       |
+| InitiatingProcessLogonId            | string      | Identifier for a logon session of the process that initiated the event. This identifier is unique on the same machine only between restarts.                                                                                                                   |
 | InitiatingProcessCommandLine        | string      | Command line used to run the process that initiated the event.                                                                                                                                                                              |
 | InitiatingProcessCreationTime       | datetime    | Date and time when the process that initiated the event was started.                                                                                                                                                                                           |
 | InitiatingProcessFileName           | string      | Name of the process that initiated the event.                                                                                                                                                                                                                  |