Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home KQL

How to Add the Antimalware Assessment to Your Azure Sentinel Workspace

Azure Sentinel News Editor by Azure Sentinel News Editor
December 28, 2020
in KQL
0
Microsoft suspends 18 Azure accounts tied to China-based hackers
4.5kViews
166 Shares Share on Facebook Share on Twitter

The Antimalware Assessment has been part of the Azure Marketplace for a long while and contains some valuable information like Threat Status Rank, Threat Status, Threat Status Details, Protection Status Rank, Protection Status, Protection Status Details, Type of Protection, Scan Date, Date Collected, Product Version, and others.

With all this valuable information wouldn’t it be great for use to help bolster and enhance security operations for Azure Sentinel environments?

Of course it would. And, here’s how to enable it.

Adding the Antimalware Assessment to the Log Analytics Workspace for Azure Sentinel

In the search space in the Azure portal, search for antimalware. The Antimalware Assessment will show up in the Marketplace section. Click on it.

Locating it in the Marketplace

After you click on the Antimalware Assessment component to initiate it, you’ll need to select the Log Analytics Workspace that is being utilized for Azure Sentinel. This is where the data from this assessment will reside. Once you select the correct one, click the Create button.

Creating the assessment in the LAW

After a short bit of waiting for Azure deploying the assessment, you can then go into Azure Sentinel and start kicking the tires.

A new table called ProtectionStatus gets created under the Antimalware Assessment area as shown in the next image.

Run the getschema KQL operator to see the columns you can query against.

Run getshema to see all the query potential

If this provides value for you, let me know. And, if you develop some crazy-cool new KQL queries and Analytics Rules from this, don’t hesitate to share with the rest of us. 🙂

What You Get

Here’s the list of all columns available to query against…

TenantId
SourceSystem
TimeGenerated
SourceComputerId
DeviceName
DetectionId
Threat
ThreatStatusRank
ThreatStatus
ThreatStatusDetails
ProtectionStatusRank
ProtectionStatus
ProtectionStatusDetails
SignatureVersion
TypeofProtection
ScanDate
DateCollected
AMProductVersion
MG
ManagementGroupName
Computer
ComputerIP_Hidden
ResourceId
ComputerEnvironment
Resource
SubscriptionId
ResourceGroup
ResourceProvider
ResourceType
VMUUID
Type
_ResourceId

Reference: https://azurecloudai.blog/2020/10/15/how-to-add-the-antimalware-assessment-to-your-azure-sentinel-workspace/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

What’s new: Microsoft Teams connector in Public Preview
KQL

New Azure Sentinel Learning Modules Released

February 1, 2021
What’s new: Microsoft Teams connector in Public Preview
KQL

How to Connect the New Intune Devices Log Azure Sentinel

January 26, 2021
What’s new: Microsoft Teams connector in Public Preview
KQL

How to Create a Backup Notification in the Event an Unauthorized User Accesses Azure Sentinel

January 11, 2021
Next Post
Microsoft introduces integrated Darktrace-a-like, Azure Sentinel

How to Obtain and Import Data into the Azure Sentinel Watchlist Preview

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services

How to Use HTML and Markdown in Azure Sentinel Incident Comments

Vectra AI and Microsoft partner on security integration

How to Automate the Backup of Azure Sentinel Tables to Long-term Storage Using Cloud Shell

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

3 months ago
Microsoft renames and unifies more products under Microsoft Defender brand

Azure Sentinel Incident Bi-directional sync with ServiceNow

3 months ago
After Partner Feedback, Microsoft Releases Azure Sentinel SIEM Service

After Partner Feedback, Microsoft Releases Azure Sentinel SIEM Service

3 months ago
Making Security More Intelligent, Microsoft Releases Azure Sentinel

Hunting for anomalous sessions in your data with Azure Sentinel

2 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News