Merge branch 'main' into v-mathavale-9922848

Author: Ruchika-mittal01

defender-endpoint/microsoft-defender-endpoint-linux.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 03/17/2025
+ms.date: 03/20/2025
 ---
 
 # Microsoft Defender for Endpoint on Linux
@@ -127,11 +127,7 @@ Additionally, they can use live response for a remote shell connection to perfor
 
 Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you're using Defender for Endpoint on Linux.
 
-For more information, see [Privacy for Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-privacy)
-
-## Resources for troubleshooting, diagnostics, and configuration 
-
-If you run into any issues with Defender for Endpoint on Linux, or you just want some tips on configuring capabilities or exclusions, see [Resources](/defender-endpoint/linux-resources)
+For more information, see [Privacy for Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-privacy).
 
 ## Common applications that Defender for Endpoint impacts 
 

defender-xdr/advanced-hunting-deviceevents-table.md

@@ -103,6 +103,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 |`IsProcessRemoteSession` | `bool` | Indicates whether the created process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `ProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the created process's RDP session was initiated |
 | `ProcessRemoteSessionIP` | `string` | IP address of the remote device from which the created process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 

defender-xdr/advanced-hunting-devicefileevents-table.md

@@ -96,6 +96,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 > [!NOTE]

defender-xdr/advanced-hunting-deviceimageloadevents-table.md

@@ -80,6 +80,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 ## Related topics

defender-xdr/advanced-hunting-devicelogonevents-table.md

@@ -89,6 +89,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 > [!NOTE]

defender-xdr/advanced-hunting-devicenetworkevents-table.md

@@ -85,6 +85,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 ## Related topics

defender-xdr/advanced-hunting-deviceprocessevents-table.md

@@ -107,6 +107,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 |`IsProcessRemoteSession` | `bool` | Indicates whether the created process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `ProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the created process's RDP session was initiated |
 | `ProcessRemoteSessionIP` | `string` | IP address of the remote device from which the created process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 ## Related topics

defender-xdr/advanced-hunting-deviceregistryevents-table.md

@@ -81,6 +81,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 ## Related topics