Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

'where' operator: Failed to resolve table or column expression named 'ProcessCreationEvents'

Copper Contributor

How do i get reference the hunting schema outlined here?

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-...

 

Im unable to use any of the schema table in that article.

 

Thanks!

3 Replies

@sreeman I can see the tables listed in the article when I go to the Microsoft Defender ATP portal https://securitycenter.windows.com/

 

I don't see them in Azure Sentinel but not really expecting to.

Hi @Gary Bushey , thanks. I know they are part of Defender ATP's db schema, thats why i was wondering if its available on Sentinels DB Schema as well. After all, its just the schema table and not actions.