Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Introduction

The tags beginning with edr.microsoft_defender identify events generated by the Microsoft Defender for Endpoint.

Tag structure

The full tag must have 4 levels. The first three are fixed as edr.microsoft_defender. The fourth level identifies the type of events sent.

Product / Service

Tags

Data tables

Microsoft

edr.microsoft_defender.endpoint.software.<version>.<format>

edr.microsoft_defender.endpoint.software.<version>.<format>

edr.microsoft_defender.endpoint.software.<version>.<format>

edr.microsoft_defender.endpoint.software.<version>.<format>

edr.microsoft_defender.endpoint.software.<version>.<format>

edr.microsoft_defender.endpoint.software.<version>.<format>

edr.microsoft_defender.endpoint.software.<version>.<format>

edr.microsoft_defender.endpoint.software.<version>.<format>

edr.microsoft_defender.endpoint.software.<version>.<format>

edr.microsoft_defender.endpoint.software

edr.microsoft_defender.endpoint.vulnerabilities

edr.microsoft_defender.endpoint.alerts

edr.microsoft_defender.endpoint.assessment_software_vulnerabilities

edr.microsoft_defender.endpoint.assessment_software_inventory

edr.microsoft_defender.endpoint.investigations

edr.microsoft_defender.endpoint.assessment_secure_configuration

edr.microsoft_defender.endpoint.machines

edr.microsoft_defender.endpoint.recommendations

Table structure

These are the fields displayed in the tables:

  • No labels