cef0.microsoft.windowsDefenderAtp

[ 1 Introduction ] [ 2 Tag structure ] [ 3 How is the data sent to Devo? ]

Introduction

The table cef0.microsoft.windowsDefenderAtp identifies events in CEF format generated by Microsoft Defender ATP (now Microsoft Defender for Endpoint).

Tag structure

Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.

In this case, the valid data tables are:

cef0.microsoft.windowsDefenderAtp

How is the data sent to Devo?

Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.