You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 5
Next »
Introduction
The tags beginning with edr.microsoft_defender identify events generated by the Microsoft Defender for Endpoint.
The full tag must have 4 levels. The first three are fixed as edr.microsoft_defender. The fourth level identifies the type of events sent.
Product / Service | Tags | Data tables |
|---|
Microsoft | edr.microsoft_defender.endpoint.software.<version>.<format>
edr.microsoft_defender.endpoint.software.<version>.<format>
edr.microsoft_defender.endpoint.software.<version>.<format>
edr.microsoft_defender.endpoint.software.<version>.<format>
edr.microsoft_defender.endpoint.software.<version>.<format>
edr.microsoft_defender.endpoint.software.<version>.<format>
edr.microsoft_defender.endpoint.software.<version>.<format>
edr.microsoft_defender.endpoint.software.<version>.<format>
edr.microsoft_defender.endpoint.software.<version>.<format>
| edr.microsoft_defender.endpoint.software
edr.microsoft_defender.endpoint.vulnerabilities
edr.microsoft_defender.endpoint.alerts
edr.microsoft_defender.endpoint.assessment_software_vulnerabilities
edr.microsoft_defender.endpoint.assessment_software_inventory
edr.microsoft_defender.endpoint.investigations
edr.microsoft_defender.endpoint.assessment_secure_configuration
edr.microsoft_defender.endpoint.machines
edr.microsoft_defender.endpoint.recommendations
|
Table structure
These are the fields displayed in the tables:
