Forum Discussion

Lars_Gjulem's avatar
Lars_Gjulem
Copper Contributor
Feb 29, 2024

Reference sheet/document for the SCID's used by Defender.

Where can I find a reference sheet/document for the SCID's used by Defender.

I would like to have a list of all SCID´s.

Is there a SCID# for almost all security settings like CIS benchmark?

  • am1357's avatar
    am1357
    Brass Contributor

    Lars_Gjulem 

     

    You can get an overview of all SCIDs with Advanced Hunting. The query will display all SCIDs that apply to your devices onboarded to MDE.

     

    //name: Overview of SCIDs from Threat and Vulnerability Management (TVM) module recommendations in MDE
    //description:
    //This query will provide a list of all SCIDs in Defender XDR
    //Line 2 in the query can be adjusted to your needs to get a list for a specific config category (e.g. Antivirus), if that category applies to the devices in your instance and
    //if devices onboarded to MDE in your instance are compliant to specific category items.
    //IsCompliant == 1 will also return TVM category items even if some devices are still exposed to the specific item. 
    
    DeviceTvmSecureConfigurationAssessment
    //| where ConfigurationSubcategory == 'Antivirus' and IsApplicable == 1 and IsCompliant == 0
    | join kind=leftouter (
        DeviceTvmSecureConfigurationAssessmentKB
        | project ConfigurationId, ConfigurationName, ConfigurationDescription, RiskDescription, Tags, ConfigurationImpact
    ) on ConfigurationId
    | summarize any(*) by ConfigurationId
    | project ConfigurationId, any_ConfigurationName, any_ConfigurationCategory, any_ConfigurationSubcategory, any_ConfigurationDescription, any_RiskDescription

     

Resources