Document toolboxDocument toolbox

edr.microsoft_defender

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Sept 06, 2023
5 min read
[ 1 Introduction ] [ 2 Tag structure ] [ 3 Table structure ]

Introduction

The tags beginning with edr.microsoft_defender identify events generated by the Microsoft Defender.

Tag structure

The full tag must have 4 levels. The first three are fixed as edr.microsoft_defender. The fourth level identifies the type of events sent.

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Microsoft Defender Endpoint

edr.microsoft_defender.advanced_hunting.device_process_events

edr.microsoft_defender.advanced_hunting.device_process_events

edr.microsoft_defender.alerts.events

edr.microsoft_defender.alerts.events

edr.microsoft_defender.endpoint.alerts

edr.microsoft_defender.endpoint.alerts

edr.microsoft_defender.endpoint.assesment_secure_configuration

edr.microsoft_defender.endpoint.assesment_secure_configuration

edr.microsoft_defender.endpoint.assesment_software_inventory

edr.microsoft_defender.endpoint.assesment_software_inventory

edr.microsoft_defender.endpoint.assesment_software_vulnerabilities

edr.microsoft_defender.endpoint.assesment_software_vulnerabilities

edr.microsoft_defender.endpoint.investigations

edr.microsoft_defender.endpoint.investigations

edr.microsoft_defender.endpoint.machines

edr.microsoft_defender.endpoint.machines

edr.microsoft_defender.endpoint.recommendations

edr.microsoft_defender.endpoint.recommendations

edr.microsoft_defender.endpoint.software

edr.microsoft_defender.endpoint.software

edr.microsoft_defender.endpoint.vulnerabilities

edr.microsoft_defender.endpoint.vulnerabilities

Microsoft Defender for IoT

edr.microsoft_defender.iot_security.alert

edr.microsoft_defender.iot_security.alert

Table structure

These are the fields displayed in the tables: