And, if you develop some crazy-cool new KQL queries and Analytics Rules from this, don’t hesitate to share with the rest of us. Microsoft Antimalware for Azure is a real-time protection solution that helps identify and remove spyware, viruses, and other malicious software from Azure. If this provides value for you, let me know. Run getshema to see all the query potential Run the getschema KQL operator to see the columns you can query against. Creating the assessment in the LAWĪfter a short bit of waiting for Azure deploying the assessment, you can then go into Azure Sentinel and start kicking the tires.Ī new table called ProtectionStatus gets created under the Antimalware Assessment area as shown in the next image. Once you select the correct one, click the Create button. This is where the data from this assessment will reside. Locating it in the MarketplaceĪfter you click on the Antimalware Assessment component to initiate it, you’ll need to select the Log Analytics Workspace that is being utilized for Azure Sentinel. The Antimalware Assessment will show up in the Marketplace section. In the search space in the Azure portal, search for antimalware. Adding the Antimalware Assessment to the Log Analytics Workspace for Azure Sentinel With all this valuable information wouldn’t it be great for use to help bolster and enhance security operations for Azure Sentinel environments? The Antimalware Assessment has been part of the Azure Marketplace for a long while and contains some valuable information like Threat Status Rank, Threat Status, Threat Status Details, Protection Status Rank, Protection Status, Protection Status Details, Type of Protection, Scan Date, Date Collected, Product Version, and others.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |