Share via

No access to DeviceTvmSoftwareVulnerabilities table in Sentinel?

David Broggy 6,776 Reputation points MVP Volunteer Moderator
2025-02-07T20:06:08.39+00:00

There is an XDR analytic rule in Sentinel named "Execution of software vulnerable to webp buffer overflow of CVE-2023-4863"

However the kql query used by this rule requires access to the DeviceTvmSoftwareVulnerabilities table.

But according to what I'm reading, that table is not accessible from Sentinel and the XDR data connector doesn't provide an option to make it available.

So am I correct in assuming this rule will never work in Sentinel?

(I'm not trying to criticize Sentinel, I was just looking for a way to correlate using the XDR vulnerability data).

Thanks.

Microsoft Security | Microsoft Sentinel
Answer accepted by question author
  1. Akhilesh Vallamkonda 15,340 Reputation points Moderator
    2025-02-07T21:45:20.6933333+00:00

    Hi @David Broggy
    Thank you for reaching Microsoft Q&A Forum!

    Your understating is correct, The DeviceTvmSoftwareVulnerabilities table is applies to Microsoft Defender XDR, which is not currently accessible from Sentinel.
    The list off available Log Analytics table for sentinel is here
    Appreciate if you could share the feedback on our feedback forum which is closely monitored by our product team.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jonathan James 0 Reputation points
    2025-02-12T12:23:17.3333333+00:00
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.