Antimalware monitoring

%3CLINGO-SUB%20id%3D%22lingo-sub-1416239%22%20slang%3D%22en-US%22%3EAntimalware%20monitoring%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1416239%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%20I'm%20trying%20to%20figure%20out%20how%20to%20get%20antimalware%20monitoring%20from%20Log%20Analytics.%20In%20the%20%22olden%20days%22%20I%20know%20you%20could%20implement%20a%20solution%2C%20but%20since%20Solutions%20appear%20to%20be%20going%20away%20in%20favor%20of%20workbooks%2C%20but%20I%20have%20no%20idea%20where%20to%20find%20in%20what%20table%20there%20should%20be%20logs%20of%20the%20antimalware%20extension.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20info%20on%20this%20and%20is%20it%20even%20possible%20without%20installing%20the%20solution%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1416239%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1502624%22%20slang%3D%22en-US%22%3ERe%3A%20Antimalware%20monitoring%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502624%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F671042%22%20target%3D%22_blank%22%3E%40-Akos-%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EYou%20can%20definitely%20still%20install%20the%20AntiMalware%20solution%2C%20and%20then%20query%20the%20ProtectionStatus%20table.%3C%2FP%3E%0A%3CP%3Ea.%20Go%20to%20your%20workspace%20and%20click%20the%20%22View%20solutions%22%20link%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ViewSolutions.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202821i9372F3BF8F980431%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22ViewSolutions.png%22%20alt%3D%22ViewSolutions.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3Bb.%20Click%20%22Add%22%2C%20which%20will%20open%20the%20marketplace%3C%2FP%3E%0A%3CP%3Ec.%20Search%20for%20the%20Anti%20Malware%20solution%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AntiMalware_Solution.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202824iC4550CBC08D9EB2D%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22AntiMalware_Solution.png%22%20alt%3D%22AntiMalware_Solution.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3Ed.%20In%20your%20workspace's%20Logs%20area%2C%20run%20this%20query%20(or%20similar)%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3EProtectionStatus%20%7C%20where%20TimeGenerated%20%26gt%3B%20ago(1d)%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1556141%22%20slang%3D%22en-US%22%3ERe%3A%20Antimalware%20monitoring%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1556141%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F54923%22%20target%3D%22_blank%22%3E%40Noa%20Kuperberg%3C%2FA%3E%26nbsp%3BAwesome%2C%20thank%20you%20for%20the%20answer!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi all, I'm trying to figure out how to get antimalware monitoring from Log Analytics. In the "olden days" I know you could implement a solution, but since Solutions appear to be going away in favor of workbooks, but I have no idea where to find in what table there should be logs of the antimalware extension.

 

Is there any info on this and is it even possible without installing the solution?

2 Replies

Hi @-Akos-

You can definitely still install the AntiMalware solution, and then query the ProtectionStatus table.

a. Go to your workspace and click the "View solutions" link:

ViewSolutions.png

 b. Click "Add", which will open the marketplace

c. Search for the Anti Malware solution:

AntiMalware_Solution.png

d. In your workspace's Logs area, run this query (or similar) 

ProtectionStatus | where TimeGenerated > ago(1d)

@Noa Kuperberg Awesome, thank you for the answer!