Update advanced-hunting-filecreationevents-table.md

windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md

@@ -59,6 +59,13 @@ For information on other tables in the Advanced hunting schema, see  [the Advanc
 | InitiatingProcessParentId | int | Process ID (PID) of the parent process that spawned the process responsible for the event |
 | InitiatingProcessParentFileName | string | Name of the parent process that spawned the process responsible for the event |
 | InitiatingProcessParentCreationTime | datetime | Date and time when the parent of the process responsible for the event was started |
+| RequestProtocol | string | Network protocol, if applicable, used to initiate the activity: Unknown, Local, SMB, or NFS |
+| ShareName | string | Name of shared folder containing the file |
+| RequestSourceIP | string | IPv4 or IPv6 address of the remote device that initiated the activity |
+| RequestSourcePort | string | Source port on the remote device that initiated the activity |
+| RequestAccountName | string | User name of account used to remotely initiate the activity |
+| RequestAccountDomain | string | Domain of the account used to remotely initiate the activity |
+| RequestAccountSid | string | Security Identifier (SID) of the account to remotely initiate the activity |
 | ReportId | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the ComputerName and EventTime columns |
 | AppGuardContainerId | string | Identifier for the virtualized container used by Application Guard to isolate browser activity |
 | SensitivityLabel | string | Label applied to an email, file, or other content to classify it for information protection |