![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 78%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
The error you are encountering, "The name 'ScanResult' does not refer to any known column, table, variable or function," indicates that the ScanResult column does not exist in the DeviceEvents table within the context of your query. To resolve this issue, you should first verify the schema of the DeviceEvents table to ensure that the ScanResult column is indeed available.
Here are some steps you can take to troubleshoot and fix the issue:
- Check the Schema: Use a simple query to retrieve the schema of the
DeviceEventstable. You can run a query like this:
This will show you all the available columns in theDeviceEvents | getschemaDeviceEventstable. - Modify Your Query: If
ScanResultis not part of the schema, you will need to remove it from yourprojectstatement or replace it with an existing column that provides the information you need. - Consult Documentation: If you are unsure about the available columns or their meanings, refer to the official Microsoft documentation for Microsoft Defender or the Kusto Query Language (KQL) reference guides.
- Use Alternative Tables: If the information you are looking for is not in
DeviceEvents, consider checking other related tables that might contain the desired data, such asDeviceFileEventsorAlertEvidence.
By following these steps, you should be able to identify the missing column and adjust your query accordingly.