Advanced Threat Hunting Shema

Unable to do certain threat hunts as we only have a Defender Plan 1 license as part of Business Prem. Required E5. 



Business Prem limits our hunts to specific schemas (tables) which don't include Device Events, Networking Events, Email Events, Email Attachment info and several others. 

https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-schema-tables

What we currently have access to under Plan 1: