0
(0)

Important

The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new.

Applies to:

  • Microsoft 365 Defender
  • Microsoft Defender for Endpoint

The DeviceNetworkInfo table in the advanced hunting schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from this table.

For information on other tables in the advanced hunting schema, see the advanced hunting reference.

TABLE 1
Column name Data type Description
Timestamp datetime Date and time when the event was recorded
DeviceId string Unique identifier for the machine in the service
DeviceName string Fully qualified domain name (FQDN) of the machine
NetworkAdapterName string Name of the network adapter
MacAddress string MAC address of the network adapter
NetworkAdapterType string Network adapter type. For the possible values, refer to this enumeration
NetworkAdapterStatus string Operational status of the network adapter. For the possible values, refer to this enumeration
TunnelType string Tunneling protocol, if the interface is used for this purpose, for example 6to4, Teredo, ISATAP, PPTP, SSTP, and SSH
ConnectedNetworks string Networks that the adapter is connected to. Each JSON array contains the network name, category (public, private or domain), a description, and a flag indicating if it’s connected publicly to the internet
DnsAddresses string DNS server addresses in JSON array format
IPv4Dhcp string IPv4 address of DHCP server
IPv6Dhcp string IPv6 address of DHCP server
DefaultGateways string Default gateway addresses in JSON array format
IPAddresses string JSON array containing all the IP addresses assigned to the adapter, along with their respective subnet prefix and IP address space, such as public, private, or link-local
ReportId long Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.