schema
1 TopicWhich schema belong to which service?
Hello there, So I'm pretty familiar with KQL and MDATPs default schemas found under Advanced Hunting. There are of course some more schemas/tables found under MTP compared to MDATP (https://security.microsoft.com/advanced-hunting) Is there any general cheat-sheet on which schema originates from which service? For example if I would hunt under the "MiscEvents" schema, what do I need to do to add it? What I mean is, I would like to try this query: https://techcommunity.microsoft.com/t5/microsoft-defender-atp/hunting-for-reconnaissance-activities-using-ldap-search-filters/ba-p/824726 But I can't seem to find "MiscEvents" in either Log Analytics, Defender ATP or M365 Threat Protection. Do I miss something? Is Azure ATP needed for the "MiscEvents" table to be populated? Regards SimonSolved
