DeviceTvmSoftwareInventory

Note

Want to experience Microsoft 365 Defender? Learn more about how you can evaluate and pilot Microsoft 365 Defender.

Applies to:

• Microsoft 365 Defender

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

The DeviceTvmSoftwareInventory table in the advanced hunting schema contains the Microsoft Defender Vulnerability Management inventory of software currently installed on devices in your network, including end of support information. You can, for instance, hunt for events involving devices that are installed with a currently vulnerable software version. Use this reference to construct queries that return information from the table.

Note

The DeviceTvmSoftwareInventory and DeviceTvmSoftwareVulnerabilities tables have replaced the DeviceTvmSoftwareInventoryVulnerabilities table. Together, the first two tables include more columns you can use to help inform your vulnerablity management activities or hunt for vulnerable devices.

For information on other tables in the advanced hunting schema, see the advanced hunting reference.

Column name	Data type	Description
DeviceId	string	Unique identifier for the machine in the service
DeviceName	string	Fully qualified domain name (FQDN) of the machine
OSPlatform	string	Platform of the operating system running on the machine. This indicates specific operating systems, including variations within the same family, such as Windows 11, Windows 10 and Windows 7.
OSVersion	string	Version of the operating system running on the machine
OSArchitecture	string	Architecture of the operating system running on the machine
SoftwareVendor	string	Name of the software vendor
SoftwareName	string	Name of the software product
SoftwareVersion	string	Version number of the software product
EndOfSupportStatus	string	Indicates the lifecycle stage of the software product relative to its specified end-of-support (EOS) or end-of-life (EOL) date
EndOfSupportDate	string	End-of-support (EOS) or end-of-life (EOL) date of the software product
ProductCodeCpe	string	CPE of the software product or 'not available' where there is no CPE
CveTags	string	An array of the tags relevant to the CVE. Tags that are currently supported are "ZeroDay" and "NoSecurityUpdate".

Related topics

• Proactively hunt for threats
• Learn the query language
• Use shared queries
• Hunt across devices, emails, apps, and identities
• Understand the schema
• Apply query best practices
• Overview of Microsoft Defender Vulnerability Management