title | description | search.appverid | ms.service | ms.subservice | f1.keywords | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic | ms.date | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ExposureGraphNodes table in the advanced hunting schema |
Learn about the ExposureGraphNodes table of the advanced hunting schema, which provides attack surface information, to help you understand how potential threats might reach, and compromise, valuable assets. |
met150 |
defender-xdr |
adv-hunting |
|
v-mjosephy |
mjosephym |
medium |
rayne-wiselman |
ITPro |
|
reference |
03/12/2024 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
- Microsoft Defender XDR
- Microsoft Security Exposure Management (public preview)
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The ExposureGraphNodes
table in the advanced hunting schema contains organizational entities and their properties. These include entities like devices, identities, user groups, and cloud assets such as virtual machines (VMs), storage, and containers. Each node corresponds to an individual entity and encapsulates information about its characteristics, attributes, and security related insights within the organizational structure. Use this reference to construct queries that return information from this table.
For information on other tables in the advanced hunting schema, see the advanced hunting reference.
Column name | Data type | Description |
---|---|---|
NodeId |
string |
Unique node identifier |
NodeLabel |
string |
Node label |
NodeName |
string |
Node display name |
Categories |
dynamic |
Categories of the node in JSON format |
NodeProperties |
dynamic |
Properties of the node, including insights related to the resource, such as whether the resource is exposed to the internet, or vulnerable to remote code execution. Values are JSON formatted raw data (unstructured). |
EntityIds |
dynamic |
All known node identifiers in JSON format |