Forum Discussion
'where' operator: Failed to resolve table or column expression named 'ProcessCreationEvents'
How do i get reference the hunting schema outlined here? https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference Im unable to...
sreeman I can see the tables listed in the article when I go to the Microsoft Defender ATP portal https://securitycenter.windows.com/
I don't see them in Azure Sentinel but not really expecting to.
Hi GaryBushey , thanks. I know they are part of Defender ATP's db schema, thats why i was wondering if its available on Sentinels DB Schema as well. After all, its just the schema table and not actions.
Have you enabled the Sentinel connector? https://docs.microsoft.com/en-us/azure/sentinel/connect-microsoft-defender-advanced-threat-protection
