Forum Discussion
Lars_Gjulem
Feb 29, 2024Copper Contributor
Reference sheet/document for the SCID's used by Defender.
Where can I find a reference sheet/document for the SCID's used by Defender.
I would like to have a list of all SCID´s.
Is there a SCID# for almost all security settings like CIS benchmark?
- Lars_GjulemCopper ContributorThanks for the reply
- am1357Brass Contributor
You can get an overview of all SCIDs with Advanced Hunting. The query will display all SCIDs that apply to your devices onboarded to MDE.
//name: Overview of SCIDs from Threat and Vulnerability Management (TVM) module recommendations in MDE //description: //This query will provide a list of all SCIDs in Defender XDR //Line 2 in the query can be adjusted to your needs to get a list for a specific config category (e.g. Antivirus), if that category applies to the devices in your instance and //if devices onboarded to MDE in your instance are compliant to specific category items. //IsCompliant == 1 will also return TVM category items even if some devices are still exposed to the specific item. DeviceTvmSecureConfigurationAssessment //| where ConfigurationSubcategory == 'Antivirus' and IsApplicable == 1 and IsCompliant == 0 | join kind=leftouter ( DeviceTvmSecureConfigurationAssessmentKB | project ConfigurationId, ConfigurationName, ConfigurationDescription, RiskDescription, Tags, ConfigurationImpact ) on ConfigurationId | summarize any(*) by ConfigurationId | project ConfigurationId, any_ConfigurationName, any_ConfigurationCategory, any_ConfigurationSubcategory, any_ConfigurationDescription, any_RiskDescription