You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/advanced-hunting-deviceinfo-table.md
+12-4Lines changed: 12 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ ms.custom:
18
18
- cx-ti
19
19
- cx-ah
20
20
ms.topic: reference
21
-
ms.date: 12/04/2024
21
+
ms.date: 02/17/2025
22
22
---
23
23
24
24
# DeviceInfo
@@ -79,10 +79,18 @@ For information on other tables in the advanced hunting schema, [see the advance
79
79
|`AzureResourceId`|`string`| Unique identifier of the Azure resource associated with the device |
80
80
|`AwsResourceName`|`string`| Unique identifier specific to Amazon Web Services devices, containing the Amazon resource name |
81
81
|`GcpFullResourceName`|`string`| Unique identifier specific to Google Cloud Platform devices, containing a combination of zone and ID for GCP|
82
+
|`HardwareUuid`|`string`| Universally Unique Identifier (UUID) of the device's hardware |
83
+
|`CloudPlatforms`|`string`| The cloud platforms that the device belongs to. Can be Azure, Amazon Web Services, Google Cloud Platform and Azure Arc. |
84
+
|`AzureVmId`|`string`| Unique identifier assigned to the device in Azure |
85
+
|`AzureVmSubscriptionId`|`string`| Unique identifier of the Azure subscription associated with the device |
86
+
|`IsTransient`|`string`| Indicates whether this device is classified as short-lived or transient based on the frequency of appearance of the device on the network |
87
+
|`OsBuildRevision`|`string`| Build revision number of the operating system running on the machine |
88
+
|`MitigationStatus`|`string`| Indicates the mitigation action applied to a device |
89
+
|`IsPartiallyIdentified`|`string`| A device is classified as partially identified if it does not have a strong identifier to uniquely determine its identity. |
90
+
|`Site`|`string`| Represents the physical location where the device is located |
91
+
|`DiscoverySources`|`string`| Products or services that have seen or reported the device, including when they last reported it. |
82
92
83
-
84
-
85
-
The `DeviceInfo` table provides device information based on periodic reports or signals (heartbeats) from a device. Complete reports are sent every hour and every time a change happens to a previous heartbeat.
93
+
The DeviceInfo table is updated continuously, and all updates contain the full current device data for that device.
86
94
87
95
You can use the following sample query to get the latest state of a device:
0 commit comments