User Profile

Davidmg1982

Copper Contributor

Joined Apr 29, 2021

1 Post1 LikeLikes received

View All Badges

User Widgets

Recent Discussions

Available 'AdditionalFields' in ActionType for Device Events
Hi community, novice question over here, looking at the code below I can se the creator of this code is calling for AdditionalFields such as ThreatName, WasRemediated, WasExecutingWhileDetected for action type 'AntivirusDetection'. My question is, how can I see the total available additional fields for this action type? I cannot find any using the Data Schema, any advice will be very appreciated. DeviceEvents | where ActionType == "AntivirusDetection" | extend ParsedFields=parse_json(AdditionalFields) | project ThreatName=tostring(ParsedFields.ThreatName), WasRemediated=tobool(ParsedFields.WasRemediated), WasExecutingWhileDetected=tobool(ParsedFields.WasExecutingWhileDetected), FileName, SHA1, InitiatingProcessFileName, InitiatingProcessCommandLine, DeviceName, Timestamp, Updated=tostring(ParsedFields.Scanned) | limit 100
Apr 29, 2021 Place Microsoft Defender for Endpoint
6KViews
1like
0Comments

Recent Blog Articles

No content to show