Forum Discussion
DataSources and missing docs?
sirkillnotalot The data connectors will show what tables they populate. I would look through them to see if one of them is creating the tables.
The first one could be from the M365 Security Insights. Take a look at this blog post: https://techcommunity.microsoft.com/t5/azure-sentinel/microsoft-defender-security-insights-in-azure-sentinel/ba-p/2359705
Thanks Gary, that article really helped.
As for the data - yeah it's the MDE connector streaming the data but understanding the actual values is where I'm falling down. None of the documentation actually explains what this particular value actually means. I suspect that it's a detection based off of a scheduled scan but would rather not rely on my assumptions.
I've reached out to the product team to get a steer but not particularly hopefuly.
- GaryBusheyAug 23, 2021Bronze ContributorHave you looked at the tables in Defender. Maybe it has better documentation. Or try posting something similar to this post in the Defender group. Someone there may be able to provide better information.