Virus Total Detection
Hello I was wondering if there is any chance of alerting when there is detection of malware in Virus Total but not ATP. Multiple times there have been malware executing with no detection in ATP but a high number of hits in VT (~50). Is it possible to detect this with Advanced hunting? I was looking at the ActionType "Antivirusreport" but it does not mention VT.
Export Microsoft Defender event data to a log analytics workspace
In the Defender ATP portal (securitycenter.windows.com) it is possible to create custom detections, but the smallest time frame is 1 hour. Even though 1 hour is better than the mean time to detection of a breach reported via Ponemon, Verizon, etc. I'm trying to cut that down even further by piecing together different Azure cloud services i.e. Event Hubs, Blob Storage, Search Services, Log Analytics, etc. Is there a way to leverage the raw streaming API and perform searching with a log analytics workspace? This would speed up detection to within 5 minutes of an event occurring rather than 1 hour