DeviceTvmSoftwareInventory
Applies to:
- Microsoft Defender XDR
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The DeviceTvmSoftwareInventory table in the advanced hunting schema contains the Microsoft Defender Vulnerability Management inventory of software currently installed on devices in your network, including end of support information. You can, for instance, hunt for events involving devices that are installed with a currently vulnerable software version. Use this reference to construct queries that return information from the table.
Note
The DeviceTvmSoftwareInventory and DeviceTvmSoftwareVulnerabilities tables have replaced the DeviceTvmSoftwareInventoryVulnerabilities table. Together, the first two tables include more columns you can use to help inform your vulnerability management activities or hunt for vulnerable devices.
For information on other tables in the advanced hunting schema, see the advanced hunting reference.
| Column name | Data type | Description |
|---|---|---|
DeviceId |
string |
Unique identifier for the device in the service |
DeviceName |
string |
Fully qualified domain name (FQDN) of the device |
OSPlatform |
string |
Platform of the operating system running on the device. This indicates specific operating systems, including variations within the same family, such as Windows 11, Windows 10 and Windows 7. |
OSVersion |
string |
Version of the operating system running on the device |
OSArchitecture |
string |
Architecture of the operating system running on the device |
SoftwareVendor |
string |
Name of the software vendor |
SoftwareName |
string |
Name of the software product |
SoftwareVersion |
string |
Version number of the software product |
EndOfSupportStatus |
string |
Indicates the lifecycle stage of the software product relative to its specified end-of-support (EOS) or end-of-life (EOL) date |
EndOfSupportDate |
datetime |
End-of-support (EOS) or end-of-life (EOL) date of the software product |
ProductCodeCpe |
string |
The standard Common Platform Enumeration (CPE) name of the software product version or 'not available' where there's no CPE |
Related topics
- Proactively hunt for threats
- Learn the query language
- Use shared queries
- Hunt across devices, emails, apps, and identities
- Understand the schema
- Apply query best practices
- Overview of Microsoft Defender Vulnerability Management
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.