Forum Discussion
Poojan_Shah
Dec 10, 2024Copper Contributor
Schemas not visible in Defender in Advanced Hunting
We have defender for endpoint Plan 2 + Microsoft Business Premium + Entra ID P2 in our tenant. I need to hunt for a particular process or files across multiple devices. Also i need to hunt for device events. But i am not able to find the schemas in Advanced Hunting Section. The schemas not available in our tenant: DeviceEvents DeviceFileCertificateInfo DeviceFileEvents DeviceImageLoadEvents DeviceInfo DeviceLogonEvents DeviceNetworkEvents DeviceNetworkInfo DeviceProcessEvents . The mentioned schemas are not visible in advanced hunting section. Devices were onboarded using microsoft intune and at time of onboarding, there was already a third party antivirus tool installed on machines so Defender was working in EDR Block Mode. But now all third party antivirus are removed and defender is working as primary in active mode. Do i need to do any additional configuiration to get data in the mentioned schemas in advanced hunting section
- ArthurS1790Copper Contributor
use a powershell command to get events which may help. you need to specify every one, but all in one command.