2.2 KiB

Исходник Постоянная ссылка Ответственный История

Endpoint Agent Health Status Report

This query will provide a report of many of the best practice configurations for Defender ATP deployment. Special Thanks to Gilad Mittelman for the initial inspiration and concept.

Any tests which are reporting "BAD" as a result imply that the associated capability is not configured per best practice recommendation.

Query

DeviceTvmSecureConfigurationAssessment
| where ConfigurationId in ('scid-91', 'scid-2000', 'scid-2001', 'scid-2002', 'scid-2003', 'scid-2010', 'scid-2011', 'scid-2012', 'scid-2013', 'scid-2014', 'scid-2016')
| extend Test = case(
    ConfigurationId == "scid-2000", "SensorEnabled",
    ConfigurationId == "scid-2001", "SensorDataCollection",
    ConfigurationId == "scid-2002", "ImpairedCommunications",
    ConfigurationId == "scid-2003", "TamperProtection",
    ConfigurationId == "scid-2010", "AntivirusEnabled",
    ConfigurationId == "scid-2011", "AntivirusSignatureVersion",
    ConfigurationId == "scid-2012", "RealtimeProtection",
    ConfigurationId == "scid-91", "BehaviorMonitoring",
    ConfigurationId == "scid-2013", "PUAProtection",
    ConfigurationId == "scid-2014", "AntivirusReporting",
    ConfigurationId == "scid-2016", "CloudProtection",
    "N/A"),
    Result = case(IsApplicable == 0, "N/A", IsCompliant == 1, "GOOD", "BAD")
| extend packed = pack(Test, Result)
| summarize Tests = make_bag(packed), DeviceName = any(DeviceName) by DeviceId
| evaluate bag_unpack(Tests)

Contributor info

Contributor: Michael Melone

GitHub alias: mjmelone

Organization: Microsoft

Contact info: @PowershellPoet

Technique, tactic, or state	Covered? (v=yes)	Notes
Initial access
Execution
Persistence
Privilege escalation
Defense evasion
Credential Access
Discovery
Lateral movement
Collection
Command and control
Exfiltration
Impact
Vulnerability
Misconfiguration	v
Malware, component

2.2 KiB Исходник Постоянная ссылка Ответственный История

Endpoint Agent Health Status Report

Query

Category

Contributor info

2.2 KiB

Исходник Постоянная ссылка Ответственный История