Forum Discussion
FirstDetected Field - where can I find it in the Defender schema?
Hi - in Microsoft 365 Defender, when running Kusto queries - which table will I find the "First Detected" field against a device? I can see it in the Device Summary page, but can't find it in any...
DylanInfosec Thank you for your input. Unfortunately, the field does not exist in the Defender Advanced Hunting Schema. However, it does pull from analytics and goes under a different title.
I am still not entirely sure how to get these two to merge.
Hi - my client hasn't opened up the API for me yet. I only have access to Hunting -> Advanced Hunting.
Is the cveFirstSeenTimestamp - only available via the API?
Is there an equivalent field I can find in Advanced Hunting?
Thanks again,
Mark
Is the cveFirstSeenTimestamp - only available via the API?
Is there an equivalent field I can find in Advanced Hunting?
Thanks again,
Mark