Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema contains the list of vulnerabilities Microsoft Defender Vulnerability Management assesses devices for. Use this reference to construct queries that return information from the table.
This advanced hunting table is populated by records from Microsoft Defender for Endpoint. If your organization hasn't deployed the service in Microsoft Defender, queries that use the table aren't going to work or return any results. For more information about how to deploy Defender for Endpoint in the Defender portal, read Deploy supported services.
For information on other tables in the advanced hunting schema, see the advanced hunting reference.
Important
This Defender Vulnerability Management (TVM) table isn't ingested into Microsoft Sentinel. In Microsoft Sentinel, this table is exposed for schema visibility only (for example, autocomplete and query validation), not for data ingestion. As a result, Microsoft Sentinel can accept queries that reference this table, but those queries return no results.
To query this table’s data, run the query in Defender XDR Advanced Hunting, where the data is available. Using TVM table data directly in Microsoft Sentinel analytics and detections isn't currently supported unless you build a custom ingestion path. For more information, see Which Defender XDR tables aren't supported in Microsoft Sentinel.
| Column name | Data type | Description |
|---|---|---|
CveId |
string |
Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
CvssScore |
string |
Severity score assigned to the security vulnerability under the Common Vulnerability Scoring System (CVSS) |
IsExploitAvailable |
boolean |
Indicates whether exploit code for the vulnerability is publicly available |
VulnerabilitySeverityLevel |
string |
Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
LastModifiedTime |
datetime |
Date and time the item or related metadata was last modified |
PublishedDate |
datetime |
Date vulnerability was disclosed to the public |
VulnerabilityDescription |
string |
Description of the vulnerability and associated risks |
AffectedSoftware |
dynamic |
List of all software products affected by the vulnerability |
Related topics
- Proactively hunt for threats
- Learn the query language
- Use shared queries
- Hunt across devices, emails, apps, and identities
- Understand the schema
- Apply query best practices
- Overview of Microsoft Defender Vulnerability Management
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.