Created
November 21, 2021 01:21
-
-
Save codingoutloud/ce06b915fed1e7f534fa831b31dd6aca to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
Actual activity-log entry, redacted (...) and anonymized. | |
category = "Security" | |
level = "Informational" | |
The threatName and threatID values under properties match this: | |
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AScript%2FConteban.A!ml&threatid=2147735508 | |
--> | |
{ | |
"channels": "Operation", | |
"correlationId": "...", | |
"description": "Antimalware Action Taken. Microsoft Antimalware has taken an action to protect this machine from malware or other potentially unwanted software.", | |
"eventDataId": "...", | |
"eventName": { | |
"value": "Antimalware Action Taken", | |
"localizedValue": "Antimalware Action Taken" | |
}, | |
"category": { | |
"value": "Security", | |
"localizedValue": "Security" | |
}, | |
"eventTimestamp": "2021-31-01T23:59:59Z", | |
"id": "/subscriptions/.../resourceGroups/myrg/providers/Microsoft.Security/locations/eastus/alerts/.../events/.../ticks/...", | |
"level": "Informational", | |
"operationId": "...", | |
"operationName": { | |
"value": "Microsoft.Security/locations/alerts/activate/action", | |
"localizedValue": "Activate Alert" | |
}, | |
"resourceGroupName": "myrg", | |
"resourceProviderName": { | |
"value": "Microsoft.Security", | |
"localizedValue": "Microsoft.Security" | |
}, | |
"resourceType": { | |
"value": "Microsoft.Security/locations/alerts", | |
"localizedValue": "Microsoft.Security/locations/alerts" | |
}, | |
"resourceId": "/subscriptions/.../resourceGroups/myrg/providers/Microsoft.Security/locations/eastus/alerts/...", | |
"status": { | |
"value": "Active", | |
"localizedValue": "Active" | |
}, | |
"subStatus": { | |
"value": "", | |
"localizedValue": "" | |
}, | |
"submissionTimestamp": "2021-11-19T23:46:41.1573581Z", | |
"subscriptionId": "...", | |
"tenantId": "", | |
"properties": { | |
"actionTaken": "Blocked", | |
"threatStatus": "Quarantined", | |
"protectionType": "Windows Defender", | |
"threatName": "Trojan:Script/Conteban.A!ml", | |
"category": "Trojan", | |
"threatID": "2147735508", | |
"filePath": "c:\\users\\myname\\Downloads\\BadFile.zip", | |
"resourceType": "Virtual Machine", | |
"severity": "Low", | |
"intent": "[\"Unknown\"]", | |
"compromisedEntity": "myvm.example.org", | |
"remediationSteps": "[\"No user action is necessary\"]", | |
"attackedResourceType": "Virtual Machine" | |
}, | |
"relatedEvents": [] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment