Microsoft Antimalware
Version: Microsoft Antimalware for Microsoft Azure.
Microsoft Antimalware is an antivirus software (AV) product that fights malware (malicious software), including computer viruses, spyware, Trojan horses and rootkits. Microsoft Antimalware Service provides real-time protection, constantly monitoring activities on the computer and scanning new files as they are downloaded or created and disabling detected threats.
Netsurion Open XDR monitors detected malware activity, action taken against malware activity, Quarantined malware restored, Removed history of malware and service status and generates flex reports, flex dashboards and alerts for rogue access point detected and system state changed.
Netsurion Data Source Integration for Microsoft Antimalware allows you to monitor the following components:-
- Security – Detected malware activity and action taken against malware activity.
- Operation – Configuration changes and status of services.
Once Microsoft Antimalware is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | MS Antimalware – Detected malware activity | This alert is generated when any malware activity is detected. |
| Security | MS Antimalware – Action taken against malware activity | This alert is generated when an action is taken against the detected malware. |
| Security | MS Antimalware – Quarantined malware restored | This alert is generated when a quarantined malware is restored. |
| Security | MS Antimalware – Removed history of malware | This alert is generated when the malware history is removed or deleted. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | MS Antimalware – Detected malware activity | This report provides details about all the malwares that are detected by Microsoft Antimalware. |
| Security | MS Antimalware – Action taken against malware activity | This report provides details about all the action taken against malware activities. |
| Security | MS Antimalware – Quarantined malware restored | This report provides details on all the quarantined malwares that were restored. |
| Security | MS Antimalware – Removed history of malware | This report provides details about the malware history that was removed. |
| Operations | MS Antimalware – Configuration changes | This report provides details about all the configuration changes that are done. |
| Operations | MS Antimalware – Service stopped | This report provides details about all the services that are stopped. |
Documentation
The configuration details are consistent with Netsurion Open XDR 8.x and later, Microsoft Antimalware for Microsoft Azure.
Download Integration Guide for configuration instructions and more information.