Merge branch 'main' into linux-fix

denisebmsft · web-flow · commit c7926c2cb66d · 2025-03-20T09:07:01.000-07:00
diff --git a/defender-xdr/advanced-hunting-deviceevents-table.md b/defender-xdr/advanced-hunting-deviceevents-table.md
@@ -103,6 +103,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 |`IsProcessRemoteSession` | `bool` | Indicates whether the created process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `ProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the created process's RDP session was initiated |
 | `ProcessRemoteSessionIP` | `string` | IP address of the remote device from which the created process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 
diff --git a/defender-xdr/advanced-hunting-devicefileevents-table.md b/defender-xdr/advanced-hunting-devicefileevents-table.md
@@ -96,6 +96,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 > [!NOTE]
diff --git a/defender-xdr/advanced-hunting-deviceimageloadevents-table.md b/defender-xdr/advanced-hunting-deviceimageloadevents-table.md
@@ -80,6 +80,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 ## Related topics
diff --git a/defender-xdr/advanced-hunting-devicelogonevents-table.md b/defender-xdr/advanced-hunting-devicelogonevents-table.md
@@ -89,6 +89,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 > [!NOTE]
diff --git a/defender-xdr/advanced-hunting-devicenetworkevents-table.md b/defender-xdr/advanced-hunting-devicenetworkevents-table.md
@@ -85,6 +85,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 ## Related topics
diff --git a/defender-xdr/advanced-hunting-deviceprocessevents-table.md b/defender-xdr/advanced-hunting-deviceprocessevents-table.md
@@ -107,6 +107,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 |`IsProcessRemoteSession` | `bool` | Indicates whether the created process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `ProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the created process's RDP session was initiated |
 | `ProcessRemoteSessionIP` | `string` | IP address of the remote device from which the created process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 ## Related topics
diff --git a/defender-xdr/advanced-hunting-deviceregistryevents-table.md b/defender-xdr/advanced-hunting-deviceregistryevents-table.md
@@ -81,6 +81,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 ## Related topics
