|
| 1 | +--- |
| 2 | +title: CloudProcessEvents table in the advanced hunting schema |
| 3 | +description: Learn about |
| 4 | +search.appverid: met150 |
| 5 | +ms.service: defender-xdr |
| 6 | +ms.subservice: adv-hunting |
| 7 | +f1.keywords: |
| 8 | + - NOCSH |
| 9 | +ms.author: maccruz |
| 10 | +author: schmurky |
| 11 | +ms.localizationpriority: medium |
| 12 | +manager: dansimp |
| 13 | +audience: ITPro |
| 14 | +ms.collection: |
| 15 | +- m365-security |
| 16 | +- tier3 |
| 17 | +ms.custom: |
| 18 | +- cx-ti |
| 19 | +- cx-ah |
| 20 | +ms.topic: reference |
| 21 | +ms.date: 11/08/2024 |
| 22 | +--- |
| 23 | + |
| 24 | +# CloudProcessEvents |
| 25 | + |
| 26 | +[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)] |
| 27 | + |
| 28 | +**Applies to:** |
| 29 | +- Microsoft Defender XDR |
| 30 | + |
| 31 | +The `CloudProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about events involving accounts and objects in Office 365 and other [cloud apps and services](#apps-and-services-covered). Use this reference to construct queries that return information from this table. |
| 32 | + |
| 33 | + |
| 34 | +For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md). |
| 35 | + |
| 36 | +| Column name | Data type | Description | |
| 37 | +|-------------|-----------|-------------| |
| 38 | +| `Timestamp` | `datetime` | Date and time when the event was recorded | |
| 39 | +| `ActionType` | `string` | Type of activity that triggered the event | |
| 40 | +| `Application` | `string` | Application that performed the recorded action | |
| 41 | +| `ApplicationId` | `int` | Unique identifier for the application | |
| 42 | + |
| 43 | + |
| 44 | + |
| 45 | + |
| 46 | +## Apps and services covered |
| 47 | + |
| 48 | +The __CloudAppEvents__ table contains enriched logs from all SaaS applications connected to Microsoft Defender for Cloud Apps, such as: |
| 49 | +- Office 365 and Microsoft Applications, including: |
| 50 | + - Exchange Online |
| 51 | + - SharePoint Online |
| 52 | + - Microsoft Teams |
| 53 | + - Dynamics 365 |
| 54 | + - Skype for Business |
| 55 | + - Viva Engage |
| 56 | + - Power Automate |
| 57 | + - Power BI |
| 58 | + - Dropbox |
| 59 | + - Salesforce |
| 60 | + - GitHub |
| 61 | + - Atlassian |
| 62 | + |
| 63 | +Connect supported cloud apps for instant, out-of-the-box protection, deep visibility into the app's user and device activities, and more. For more information, see [Protect connected apps using cloud service provider APIs](/defender-cloud-apps/protect-connected-apps). |
| 64 | + |
| 65 | +## Related topics |
| 66 | + |
| 67 | +- [Advanced hunting overview](advanced-hunting-overview.md) |
| 68 | +- [Learn the query language](advanced-hunting-query-language.md) |
| 69 | +- [Use shared queries](advanced-hunting-shared-queries.md) |
| 70 | +- [Hunt across devices, emails, apps, and identities](advanced-hunting-query-emails-devices.md) |
| 71 | +- [Understand the schema](advanced-hunting-schema-tables.md) |
| 72 | +- [Apply query best practices](advanced-hunting-best-practices.md) |
| 73 | + |
0 commit comments