You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/advanced-hunting-cloudprocessevents-table.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,20 +28,20 @@ ms.date: 11/11/2024
28
28
**Applies to:**
29
29
- Microsoft Defender XDR
30
30
31
-
The `CloudProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about process events in multicloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine. Use this reference to construct queries that return information from this table.
31
+
The `CloudProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about process events in multicloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine as protected by the organization's [Microsoft Defender for Cloud](/azure/defender-for-cloud/concept-integration-365#advanced-hunting-in-xdr). Use this reference to construct queries that return information from this table.
32
32
33
33
> [!IMPORTANT]
34
34
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
35
35
36
-
For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
36
+
For information on other tables in the advanced hunting schema, see the [advanced hunting reference](advanced-hunting-schema-tables.md).
37
37
38
38
| Column name | Data type | Description |
39
39
|-------------|-----------|-------------|
40
40
|`Timestamp`|`datetime`| Date and time when the event was recorded |
41
41
|`AzureResourceId`|`string`| Unique identifier of the Azure resource associated with the process |
42
42
|`AwsResourceName`|`string`| Unique identifier specific to Amazon Web Services devices, containing the Amazon resource name|
43
43
|`GcpFullResourceName`|`string`| Unique identifier specific to Google Cloud Platform devices, containing a combination of zone and ID for GCP |
44
-
|`ContainerImageName`|`string`|UThe container image name or ID, if it exists |
44
+
|`ContainerImageName`|`string`|The container image name or ID, if it exists |
45
45
|`KubernetesNamespace`|`string`| The Kubernetes namespace name |
46
46
|`KubernetesPodName`|`string`| The Kubernetes pod name |
47
47
|`KubernetesResource`|`string`| Identifier value that includes namespace, resource type and name |
@@ -76,7 +76,7 @@ To hunt for process events including a given term (represented by "x" in the que
76
76
CloudProcessEvents | where ProcessCommandLine has "x"
77
77
```
78
78
79
-
### Rare process events for a pod in a Kuberentes cluster
79
+
### Rare process events for a pod in a Kubernetes cluster
80
80
To investigate unusual process events invoked as part of a pod in a Kubernetes cluster:
0 commit comments