Create Endpoint Linux AV Signature and Platform Versions
This query will identify the Microsoft Defender Antivirus Engine version and Microsoft Defender Antivirus Security Intelligence version for Linux Servers.
This commit is contained in:
Phillip Bracher
GitHub
Родитель
8e120c3db4
Коммит
3442ac3da7
|
|
@ -0,0 +1,23 @@
|
|||
|
||||
name: Endpoint Linux AV Signature and Platform Versions
|
||||
description: |
|
||||
This query will identify the Microsoft Defender Antivirus Engine version and Microsoft Defender Antivirus Security Intelligence version for Linux Servers.
|
||||
requiredDataConnectors:
|
||||
- connectorId: MicrosoftThreatProtection
|
||||
dataTypes:
|
||||
- DeviceTvmSecureConfigurationAssessment
|
||||
tactics:
|
||||
- Configuration Assessment
|
||||
- General Queries
|
||||
- Linux
|
||||
query: |
|
||||
DeviceTvmSecureConfigurationAssessment
|
||||
| where ConfigurationId == "scid-6095" and isnotnull(Context)
|
||||
| where OSPlatform =="Linux"
|
||||
| extend avdata=parsejson(Context)
|
||||
| extend AVSigVersion = tostring(avdata[0][0])
|
||||
| extend AVEngineVersion = tostring(avdata[0][1])
|
||||
| extend AVSigLastUpdateTime = tostring(avdata[0][2])
|
||||
| extend AVProductVersion = tostring(avdata[0][3])
|
||||
| project DeviceId, DeviceName, OSPlatform, AVSigVersion, AVEngineVersion, AVSigLastUpdateTime, AVProductVersion, IsCompliant, IsApplicable
|
||||
|
||||
Загрузка…
Ссылка в новой задаче