Forum Discussion
Solved
Hunting query for MacOS - Antivirus version report
Hello all, I've been testing for defender for few weeks and I have 2 questions. 1) Is there Antiviurs version report for MacOS. 2) Is there any resources for MacOS query. I'm looking for a re...
Hi M_Rice19044,
You can use the following query to get MacOS version information via Advanced Hunting:
DeviceTvmSecureConfigurationAssessment
| where ConfigurationId == "scid-5095" and isnotnull(Context)
| where OSPlatform =="macOS"
| extend avdata=parsejson(Context)
| extend AVSigVersion = tostring(avdata[0][0])
| extend AVEngineVersion = tostring(avdata[0][1])
| extend AVSigLastUpdateTime = tostring(avdata[0][2])
| extend AVProductVersion = tostring(avdata[0][3])
| project DeviceId, DeviceName, OSPlatform, AVSigVersion, AVEngineVersion, AVSigLastUpdateTime,AVProductVersion, IsCompliant, IsApplicable
Thanks,
Thomas
You can use the following query to get MacOS version information via Advanced Hunting:
DeviceTvmSecureConfigurationAssessment
| where ConfigurationId == "scid-5095" and isnotnull(Context)
| where OSPlatform =="macOS"
| extend avdata=parsejson(Context)
| extend AVSigVersion = tostring(avdata[0][0])
| extend AVEngineVersion = tostring(avdata[0][1])
| extend AVSigLastUpdateTime = tostring(avdata[0][2])
| extend AVProductVersion = tostring(avdata[0][3])
| project DeviceId, DeviceName, OSPlatform, AVSigVersion, AVEngineVersion, AVSigLastUpdateTime,AVProductVersion, IsCompliant, IsApplicable
Thanks,
Thomas