Microsoft Azure Operational Insights Preview Series – Malware Assessment (Part 2)


After taking look at System Update Assessment Intelligence Pack next on the table is Malware Assessment:

image

As with the others Intelligence Packs you have a tie on the Overview page where you can see short information about the Malware status of your server. Clicking on the tile will give you some more information:

image

Notice that in the upper right corner we have option to set date timeframe. If for example we change the time frame from 7 days to 1 day different results will be shown:

image

This time frame option is important because you will probably monitor your day to day status from other consoles/tools on premise but with this Intelligence Pack in Advisor you can see the Malware status in your environment over certain period of time. Such information is helpful if you want to find some patterns in your environment related to Malware.

Again if you click on one of the results:

image

You will be redirected to the search page:

image

Here may be the most interesting option is to play with the time bar on right to get more interesting results. I couldn’t think of any other scenarios as honestly this is not my favorite topic but I guess if you are in environment that have threats detected you can think of more interesting queries.

I should mention also that the current version of this Intelligence Pack supports only Windows Defender and System Center Endpoint Protection.

Hope this was helpful for you.

Advertisements

14 thoughts on “Microsoft Azure Operational Insights Preview Series – Malware Assessment (Part 2)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s