| title | Microsoft Defender XDR streaming event types supported in Event Streaming API | ||
|---|---|---|---|
| description | Learn which streaming event types (tables) are supported by the streaming API | ||
| search.appverid | met150 | ||
| ms.service | defender-xdr | ||
| ms.author | edbaynash | ||
| author | EdB-MSFT | ||
| ms.localizationpriority | medium | ||
| manager | dansimp | ||
| audience | ITPro | ||
| ms.collection |
|
||
| ms.topic | concept-article | ||
| ms.date | 09/09/2021 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
Note
Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn.
[!includePrerelease information]
The Event Streaming API is constantly being expanded to support more event types. Learn which hunting tables are generally available, currently in public preview, or not yet supported.
The following table includes that status of support for tables in the streaming API, and is not inclusive of all AH schema. For a full list of the API see, Learn the schema tables.
Note
Streaming data is only available for columns or fields that are in general availability in Microsoft Defender XDR.
| Table name | Status (Commercial) |
GCC | GCC High | DoD |
|---|---|---|---|---|
| AlertEvidence | GA | GA | GA | GA |
| AlertInfo | GA | GA | GA | GA |
| BehaviorEntities | Not available | Not available | Not available | Not available |
| BehaviorInfo | Not available | Not available | Not available | Not available |
| CloudAppEvents | GA | GA | GA | GA |
| DeviceEvents | GA | GA | GA | GA |
| DeviceFileCertificateInfo | GA | GA | GA | GA |
| DeviceFileEvents | GA | GA | GA | GA |
| DeviceImageLoadEvents | GA | GA | GA | GA |
| DeviceInfo | GA | GA | GA | GA |
| DeviceLogonEvents | GA | GA | GA | GA |
| DeviceNetworkEvents | GA | GA | GA | GA |
| DeviceNetworkInfo | GA | GA | GA | GA |
| DeviceProcessEvents | GA | GA | GA | GA |
| DeviceRegistryEvents | GA | GA | GA | GA |
| EmailAttachmentInfo | GA | GA | GA | GA |
| EmailEvents | GA | GA | GA | GA |
| EmailPostDeliveryEvents | GA | GA | GA | GA |
| EmailUrlInfo | GA | GA | GA | GA |
| IdentityLogonEvents | GA | GA | GA | GA |
| IdentityQueryEvents | GA | GA | GA | GA |
| IdentityDirectoryEvents | GA | GA | GA | GA |
| UrlClickEvents | GA | GA | GA | GA |
Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn [!INCLUDE Microsoft Defender XDR rebranding]