Want to experience Microsoft Defender XDR? Learn more about how you can evaluate and pilot Microsoft Defender XDR.
- Microsoft Defender XDR
- Microsoft Defender for Endpoint
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
DeviceTvmInfoGathering table in the advanced hunting schema contains Microsoft Defender Vulnerability Management assessment events including the status of various configurations and attack surface area states of devices. You can use this table to hunt for assessment events related to mitigation for zero-days, posture assessment for emerging threats supporting threat analytics mitigation status reports, enabled TLS protocol versions on servers, and more. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see the advanced hunting reference.
|Column name||Data type||Description|
||Date and time when the event was recorded|
||Date and time when the service last saw the device|
||Unique identifier for the device in the service|
||Fully qualified domain name (FQDN) of the device|
||Platform of the operating system running on the device. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7.|
||Additional information about the event|
For example, to view devices affected by the Log4Shell vulnerability where the workaround mitigation hasn't been applied yet, or has been applied and is pending reboot, you can use the following query.
DeviceTvmInfoGathering | where AdditionalFields.Log4JEnvironmentVariableMitigation in ("RebootRequired", "false") | join kind=inner ( DeviceTvmSoftwareVulnerabilities | where CveId == "CVE-2021-44228" ) on DeviceId | summarize any(DeviceName), any(AdditionalFields.Log4JEnvironmentVariableMitigation) by DeviceId
- Understand the schema
- Apply query best practices
- Overview of Defender Vulnerability Management
- Learn how to manage the Log4Shell vulnerability in Microsoft Defender for Endpoint
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.