Home

'where' operator: Failed to resolve table or column expression named 'ProcessCreationEvents'

%3CLINGO-SUB%20id%3D%22lingo-sub-942590%22%20slang%3D%22en-US%22%3E'where'%20operator%3A%20Failed%20to%20resolve%20table%20or%20column%20expression%20named%20'ProcessCreationEvents'%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-942590%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20do%20i%20get%20reference%20the%20hunting%20schema%20outlined%20here%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fadvanced-hunting-schema-reference%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fadvanced-hunting-schema-reference%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIm%20unable%20to%20use%20any%20of%20the%20schema%20table%20in%20that%20article.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-942879%22%20slang%3D%22en-US%22%3ERe%3A%20'where'%20operator%3A%20Failed%20to%20resolve%20table%20or%20column%20expression%20named%20'ProcessCreationEvents'%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-942879%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F430657%22%20target%3D%22_blank%22%3E%40sreeman%3C%2FA%3E%26nbsp%3BI%20can%20see%20the%20tables%20listed%20in%20the%20article%20when%20I%20go%20to%20the%20Microsoft%20Defender%20ATP%20portal%20%3CA%20href%3D%22https%3A%2F%2Fsecuritycenter.windows.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecuritycenter.windows.com%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20see%20them%20in%20Azure%20Sentinel%20but%20not%20really%20expecting%20to.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-949625%22%20slang%3D%22en-US%22%3ERe%3A%20'where'%20operator%3A%20Failed%20to%20resolve%20table%20or%20column%20expression%20named%20'ProcessCreationEvents'%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-949625%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46875%22%20target%3D%22_blank%22%3E%40Gary%20Bushey%3C%2FA%3E%26nbsp%3B%2C%20thanks.%20I%20know%20they%20are%20part%20of%20Defender%20ATP's%20db%20schema%2C%20thats%20why%20i%20was%20wondering%20if%20its%20available%20on%20Sentinels%20DB%20Schema%20as%20well.%20After%20all%2C%20its%20just%20the%20schema%20table%20and%20not%20actions.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-951957%22%20slang%3D%22en-US%22%3ERe%3A%20'where'%20operator%3A%20Failed%20to%20resolve%20table%20or%20column%20expression%20named%20'ProcessCreationEvents'%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-951957%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F430657%22%20target%3D%22_blank%22%3E%40sreeman%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHave%20you%20enabled%20the%20Sentinel%20connector%3F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-microsoft-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-microsoft-defender-advanced-threat-protection%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
sreeman
New Contributor

How do i get reference the hunting schema outlined here?

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-...

 

Im unable to use any of the schema table in that article.

 

Thanks!

3 Replies

@sreeman I can see the tables listed in the article when I go to the Microsoft Defender ATP portal https://securitycenter.windows.com/

 

I don't see them in Azure Sentinel but not really expecting to.

Hi @Gary Bushey , thanks. I know they are part of Defender ATP's db schema, thats why i was wondering if its available on Sentinels DB Schema as well. After all, its just the schema table and not actions.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies