Supported Microsoft Defender XDR streaming event types in event streaming API
Applies to:
Note
Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn.
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
The Event Streaming API is constantly being expanded to support more event types. Learn which Hunting tables are generally available, currently in public preview, or not yet supported.
New - Identity and CloudApp event types/tables are now GA.
Hunting tables support status in Event Streaming API
The following table only includes the list of the tables supported in the streaming API, and is not inclusive of all AH schema. For a full list of the API see, Learn the schema tables.
Table name | Status (Commercial) |
GCC | GCC High | DoD |
---|---|---|---|---|
AlertEvidence | GA | GA | GA | GA |
AlertInfo | GA | GA | GA | GA |
DeviceEvents | GA | GA | GA | GA |
DeviceFileCertificateInfo | GA | GA | GA | GA |
DeviceFileEvents | GA | GA | GA | GA |
DeviceImageLoadEvents | GA | GA | GA | GA |
DeviceInfo | GA | GA | GA | GA |
DeviceLogonEvents | GA | GA | GA | GA |
DeviceNetworkEvents | GA | GA | GA | GA |
DeviceNetworkInfo | GA | GA | GA | GA |
DeviceProcessEvents | GA | GA | GA | GA |
DeviceRegistryEvents | GA | GA | GA | GA |
EmailAttachmentInfo | GA | GA | GA | GA |
EmailEvents | GA | GA | GA | GA |
EmailPostDeliveryEvents | GA | GA | GA | GA |
EmailUrlInfo | GA | GA | GA | GA |
IdentityLogonEvents | GA | GA | GA | GA |
IdentityQueryEvents | GA | GA | GA | GA |
IdentityDirectoryEvents | GA | GA | GA | GA |
CloudAppEvents | GA | GA | GA | GA |
UrlClickEvents | Public preview | Not available | Not available | Not available |
Related topics
Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.
Povratne informacije
https://aka.ms/ContentUserFeedback.
Stiže uskoro: Tijekom 2024. postupno ćemo ukinuti servis Problemi sa servisom GitHub kao mehanizam za povratne informacije za sadržaj i zamijeniti ga novim sustavom za povratne informacije. Dodatne informacije potražite u članku:Pošaljite i pogledajte povratne informacije za