cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DataSources and missing docs?

sirkillnotalot
Copper Contributor

‎Aug 17 2021 10:33 AM

‎Aug 17 2021 10:33 AM

DataSources and missing docs?

Hi all,

 

I'm probably being dense but I cannot find where these data types are being created, or any documentation on them:

sirkillnotalot_0-1629221415207.png

I’m also trying to determine what the ActionType of AntiVirusReport is under the DeviceEvents table:

 

sirkillnotalot_1-1629221501728.png

https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-deviceevents-table... says to check the security.microsoft.com documentation but the AntivirusReport actiontype doesn’t appear in the documen:

sirkillnotalot_2-1629221591039.png

Any ideas?

1,525 Views
0 Likes
3 Replies
Reply
3 Replies
Gary Bushey

‎Aug 18 2021 12:03 PM

‎Aug 18 2021 12:03 PM

Re: DataSources and missing docs?

@sirkillnotalot The data connectors will show what tables they populate.  I would look through them to see if one of them is creating the tables.

 

The first one could be from the M365 Security Insights.  Take a look at this blog post: https://techcommunity.microsoft.com/t5/azure-sentinel/microsoft-defender-security-insights-in-azure-...

1 Like
Reply
sirkillnotalot

‎Aug 23 2021 02:50 AM - edited ‎Aug 23 2021 02:50 AM

‎Aug 23 2021 02:50 AM - edited ‎Aug 23 2021 02:50 AM

Re: DataSources and missing docs?

Thanks Gary, that article really helped.

As for the data - yeah it's the MDE connector streaming the data but understanding the actual values is where I'm falling down. None of the documentation actually explains what this particular value actually means. I suspect that it's a detection based off of a scheduled scan but would rather not rely on my assumptions.

I've reached out to the product team to get a steer but not particularly hopefuly.

0 Likes
Reply
Gary Bushey

‎Aug 23 2021 03:57 AM

‎Aug 23 2021 03:57 AM

Re: DataSources and missing docs?

Have you looked at the tables in Defender. Maybe it has better documentation. Or try posting something similar to this post in the Defender group. Someone there may be able to provide better information.
0 Likes
Reply