From ff8dd459d019f5468f66e16b11348a3157ac7429 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 28 Nov 2018 23:52:32 +0000 Subject: [PATCH] Merged PR 13052: Updated info on Advanced Hunting tables Added info about MachineNetworkInfo table and updated descriptions of other tables. --- ...ows-defender-advanced-threat-protection.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index a577f341aa..a3ad4f5884 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -65,15 +65,16 @@ For more information on the query language and supported operators, see [Query L The following tables are exposed as part of Advanced hunting: -- **AlertEvents** - Stores alerts related information -- **MachineInfo** - Stores machines properties -- **ProcessCreationEvents** - Stores process creation events -- **NetworkCommunicationEvents** - Stores network communication events -- **FileCreationEvents** - Stores file creation, modification, and rename events -- **RegistryEvents** - Stores registry key creation, modification, rename and deletion events -- **LogonEvents** - Stores login events -- **ImageLoadEvents** - Stores load dll events -- **MiscEvents** - Stores several types of events, process injection events, access to LSASS processes, and others. +- **AlertEvents** - Alerts on Windows Defender Security Center +- **MachineInfo** - Machine information, including OS information +- **MachineNetworkInfo** - Network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains +- **ProcessCreationEvents** - Process creation and related events +- **NetworkCommunicationEvents** - Network connection and related events +- **FileCreationEvents** - File creation, modification, and other file system events +- **RegistryEvents** - Creation and modification of registry entries +- **LogonEvents** - Login and other authentication events +- **ImageLoadEvents** - DLL loading events +- **MiscEvents** - Multiple event types, such as process injection, creation of scheduled tasks, and LSASS access attempts These tables include data from the last 30 days.