Forum Discussion
Solved
Which schema belong to which service?
Hello there, So I'm pretty familiar with KQL and MDATPs default schemas found under Advanced Hunting. There are of course some more schemas/tables found under MTP compared to MDATP (https://secur...
- There isn't much documentation on the tables.
Know that a lot of tables have changed.
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-updates-usb-events-machine-level-actions-and/ba-p/824152
MiscEvents is now DeviceEvents so you need to adapt that query
There isn't much documentation on the tables.
Know that a lot of tables have changed.
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-updates-usb-events-machine-level-actions-and/ba-p/824152
MiscEvents is now DeviceEvents so you need to adapt that query
Know that a lot of tables have changed.
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-updates-usb-events-machine-level-actions-and/ba-p/824152
MiscEvents is now DeviceEvents so you need to adapt that query
Thank you, that explains why I couldn't find it anywhere (except old information).
Good link, I'll save those references for the future. 🙂