DeviceNetworkInfoDeviceNetworkInfo

重要

已改善的 Microsoft 365 安全性中心 現在已提供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這種新的經驗會將 Defender、Office 365 的 Defender、Microsoft 365 Defender 等,帶入 Microsoft 365 的安全性中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 安全小組現在可以管理所有端點、電子郵件及跨產品調查、設定和修正,而不需要流覽個別的產品入口網站。Security teams can now manage all endpoint, email and cross product investigations, configuration and remediation without the need to navigate to separate product portals. 深入瞭解已變更的專案。Learn more about what's changed.

適用於:Applies to:

  • Microsoft 365 DefenderMicrosoft 365 Defender

進位搜尋架構中的表格包含機器網路設定的資訊,包括網路介面卡、IP 和 MAC 位址, DeviceNetworkInfo 以及已連接的網路或網域。 The DeviceNetworkInfo table in the advanced hunting schema contains information about networking configuration of machines, including network adapters, IP and MAC addresses, and connected networks or domains. 使用這個參考來建立從此表格取回之資訊的查詢。Use this reference to construct queries that return information from this table.

如需進階搜捕結構描述中其他表格的資訊,請參閱進階搜捕參考 (部分內容為機器翻譯)。For information on other tables in the advanced hunting schema, see the advanced hunting reference.

欄名稱Column name 資料類型Data type 描述Description
Timestamp datetimedatetime 事件記錄的日期和時間Date and time when the event was recorded
DeviceId stringstring 服務中電腦的唯一識別碼Unique identifier for the machine in the service
DeviceName stringstring 電腦的完整網域名稱 (FQDN)Fully qualified domain name (FQDN) of the machine
ReportId longlong 以重複計數器為基礎的事件識別碼。Event identifier based on a repeating counter. 若要識別唯一事件,此欄必須與 DeviceName 和時間戳記欄一起使用To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns
NetworkAdapterName stringstring 網路介面卡的名稱Name of the network adapter
MacAddress stringstring 網路介面卡的 MAC 位址MAC address of the network adapter
NetworkAdapterType stringstring 網路介面卡類型。Network adapter type. 有關可能的值,請參閱 此列舉For the possible values, refer to this enumeration
NetworkAdapterStatus stringstring 網路介面卡的營運狀態。Operational status of the network adapter. 有關可能的值,請參閱 此列舉For the possible values, refer to this enumeration
TunnelType stringstring 如果介面用於此目的 ,例如 6to4、Teredo、ISATAP、PPTP、SSTP 和 SSH,則建立通訊協定Tunneling protocol, if the interface is used for this purpose, for example 6to4, Teredo, ISATAP, PPTP, SSTP, and SSH
ConnectedNetworks stringstring 介面卡所連接的網路。Networks that the adapter is connected to. 每個 JSON 陣列都包含網路名稱、類別 (公用、私人或網域) 、描述,以及指出該陣列是否公開連接至網際網路的標標。Each JSON array contains the network name, category (public, private or domain), a description, and a flag indicating if it's connected publicly to the internet
DnsAddresses stringstring JSON 陣列格式的 DNS 伺服器位址DNS server addresses in JSON array format
IPv4Dhcp stringstring DHCP 伺服器的 IPv4 位址IPv4 address of DHCP server
IPv6Dhcp stringstring DHCP 伺服器的 IPv6 位址IPv6 address of DHCP server
DefaultGateways stringstring JSON 陣列格式的預設閘道位址Default gateway addresses in JSON array format
IPAddresses stringstring JSON 陣列,其中包含指派給配卡的所有 IP 位址,以及各自的子網首碼和 IP 位址空間,例如公用、私人或 link-localJSON array containing all the IP addresses assigned to the adapter, along with their respective subnet prefix and IP address space, such as public, private, or link-local