This article is contributed. See the original author and article here.
We are happy to announce that Threat and Vulnerability Management (TVM) tables in advanced hunting are being updated with an improved structure and additional data – now available in public preview.
The existing ‘DeviceTvmSoftwareInventoryVulnerabilities’ table in advanced hunting, which currently combines both software inventory and vulnerabilities, is being deprecated and split into two new dedicated tables.
This change is aimed at creating better clarity and reducing noise/complexity when using advanced hunting for common threat and vulnerability management scenarios.
Newly introduced tables:
To avoid breaking existing flows in the short term, the old advanced hunting table will continue to be available in the back-end for querying. However, to avoid future issues it’s strongly encouraged you switch to using the new tables at your earliest convenience.
New table schemas:
For more information on advanced hunting tables in Microsoft Defender for Endpoint, read our advanced hunting documentation.
To get access to Microsoft Defender for Endpoint public preview capabilities, we encourage you to turn on preview features in the Microsoft Defender Security Center. We’re looking forward to hearing any feedback you may have.
Microsoft Defender for Endpoint is an industry leading, cloud powered endpoint security solution offering vulnerability management, endpoint protection, endpoint detection and response, and mobile threat defense. With our solution, threats are no match. If you’re not yet taking advantage of Microsoft’s unrivaled threat optics and proven capabilities, sign up for a free Microsoft Defender for Endpoint trial today.
Microsoft Defender for Endpoint team
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.