Custom data collection in MDE - what is default?

So you just announced the preview of "Custom data collection in Microsoft Defender for Endpoint (Preview)" which lets me ingest custom data to sentinel.

Is there also an overview of what is default and what I can add?

e.g. we want to examine repeating disconnects from AzureVPN clients 
(yes, it's most likely just Microsoft's fault, as the app ratings show 'everyone' is having them)
How do I know which data I can add to DeviceCustomNetworkEvents which isnt already in DeviceNetworkEvents?