200s = some, but insufficient protection in place.Use the table below as reference to interpret those numbers: Threat Status Notice that the output for ThreatStatusRank and ProtectionStatusRank are numbers. | project DeviceName, Threat, ThreatStatus, ThreatStatusDetails, ThreatStatusRank, ProtectionStatus, ProtectionStatusRank, ProtectionStatusDetails Also, there are many columns available in this table, if you want to focus only on the relevant ones, change your query to: Keep in mind that this query’s result might be long, and ideally you should also filter by computer’s name to narrow it down to the computer you want to know more details about the threat that was remediated. | where ThreatStatus contains "remediate" Now you can start your query by using the sample below: Under the Run button, click Advanced Analytics option.Ĥ. Select the workspace that you are using.ģ. Click Search in Security Center dashboardĢ.
You can use the Search functionality in Security Center to launch Log Analytics and query your workspace for more information on that. While this alert brings awareness about the current threat status, which in this case it was remediated, sometimes you want to know more information about the threat itself (threat name, process, etc). Azure Security Center leverages Microsoft Antimalware engine to trigger antimalware related alerts such as the one shown below:
0 kommentar(er)
