DeviceTvmSoftwareEvidenceBeta
Applies to:
- Microsoft Defender XDR
- Microsoft Defender for Endpoint
Important
The DeviceTvmSoftwareEvidenceBeta table is currently in beta. Once it leaves beta, the final table name will change and column names may also change. The modifications will then likely break queries that are still using previous names. Users are advised to review and adjust their queries when this table is finalized.
The DeviceTvmSoftwareEvidenceBeta table in the advanced hunting schema contains data from Microsoft Defender Vulnerability Management related to the software evidence section. This table allows you to view evidence of where a specific software was detected on a device. You can use this table, for example, to identify the file paths of specific software. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see the advanced hunting reference.
| Column name | Data type | Description |
|---|---|---|
DeviceId |
string |
Unique identifier for the device in the service |
SoftwareVendor |
string |
Name of the software publisher |
SoftwareName |
string |
Name of the software product |
SoftwareVersion |
string |
Version number of the software product |
RegistryPaths |
dynamic |
Registry paths where evidence indicating the existence of the software on a device was detected |
DiskPaths |
dynamic |
Disk paths where file-level evidence indicating the existence of the software on a device was detected |
LastSeenTime |
string |
Date and time when the device was last seen by this service |
Related topics
- Overview of Microsoft Defender Vulnerability Management
- Proactively hunt for threats
- Learn the query language
- Use shared queries
- Hunt across devices, emails, apps, and identities
- Understand the schema
- Apply query best practices
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.