Merge pull request #65 from squaredup/work/jd/PLUG-4656

jame2O · web-flow · commit 6c9ac76e8845 · 2026-06-16T14:15:25.000+01:00
PLUG-4656: MicrosoftDefender - Fix Device Import not working
diff --git a/plugins/MicrosoftDefender/v1/dataStreams/listDevices.json b/plugins/MicrosoftDefender/v1/dataStreams/listDevices.json
@@ -13,7 +13,7 @@
     "expandInnerObjects": true,
     "endpointPath": "runHuntingQuery",
     "postBody": {
-      "Query": "DeviceInfo | summarize arg_max(Timestamp, *) by DeviceId | where DeviceName != \"\""
+      "Query": "DeviceInfo | where isnotempty(DeviceName) | project Timestamp, DeviceId, DeviceName | summarize arg_max(Timestamp, *) by DeviceId"
     },
     "pathToData": "results",
     "getArgs": [],
diff --git a/plugins/MicrosoftDefender/v1/indexDefinitions/default.json b/plugins/MicrosoftDefender/v1/indexDefinitions/default.json
@@ -11,15 +11,7 @@
                 "name": "DeviceName",
                 "type": {
                     "value": "Device"
-                },
-                "properties": [
-                    "OSPlatform",
-                    "OSProcessor",
-                    "OSVersion",
-                    "PublicIP",
-                    "OSBuild",
-                    "OSArchitecture"
-                ]
+                }
             }
         }
     ]
diff --git a/plugins/MicrosoftDefender/v1/metadata.json b/plugins/MicrosoftDefender/v1/metadata.json
@@ -1,7 +1,7 @@
 {
     "name": "microsoft-defender",
     "displayName": "Microsoft Defender",
-    "version": "1.0.0",
+    "version": "1.0.2",
     "author": {
         "name": "SquaredUp Labs",
         "type": "labs"

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "microsoft-defender",`
`3`	`3`	`"displayName": "Microsoft Defender",`
`4`		`- "version": "1.0.0",`
	`4`	`+ "version": "1.0.2",`
`5`	`5`	`"author": {`
`6`	`6`	`"name": "SquaredUp Labs",`
`7`	`7`	`"type": "labs"`