Supported Microsoft 365 Defender streaming event types in event streaming API
Applies to:
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The Event Streaming API is constantly being expanded to support more event types. Learn which Hunting tables are generally available, currently in public preview, or not yet supported. New - Email event types/tables are now GA
Hunting tables support status in Event Streaming API
The following table only includes the list of the tables supported in the streaming API, and is not inclusive of all AH schema. For a full list of the API see, Learn the schema tables.
| Table name | Status (Commercial) |
GCC | GCC High | DoD |
|---|---|---|---|---|
| AlertEvidence | GA | GA | GA | GA |
| AlertInfo | GA | GA | GA | GA |
| DeviceEvents | GA | GA | GA | GA |
| DeviceFileCertificateInfo | GA | GA | GA | GA |
| DeviceFileEvents | GA | GA | GA | GA |
| DeviceImageLoadEvents | GA | GA | GA | GA |
| DeviceInfo | GA | GA | GA | GA |
| DeviceLogonEvents | GA | GA | GA | GA |
| DeviceNetworkEvents | GA | GA | GA | GA |
| DeviceNetworkInfo | GA | GA | GA | GA |
| DeviceProcessEvents | GA | GA | GA | GA |
| DeviceRegistryEvents | GA | GA | GA | GA |
| EmailAttachmentInfo | GA |  |
|
|
| EmailEvents | GA | |
|
|
| EmailPostDeliveryEvents | GA | |
|
|
| EmailUrlInfo | GA | |
|
|
| IdentityLogonEvents | GA | |
|
|
| IdentityQueryEvents | GA | |
|
|
| IdentityDirectoryEvents | GA | |
|
|
| CloudAppEvents | GA | |
|
|
Povratne informacije
Pošalјite i prikažite povratne informacije za