Virus Total Detection
Hello I was wondering if there is any chance of alerting when there is detection of malware in Virus Total but not ATP. Multiple times there have been malware executing with no detection in ATP but a high number of hits in VT (~50). Is it possible to detect this with Advanced hunting? I was looking at the ActionType "Antivirusreport" but it does not mention VT.
Export Microsoft Defender event data to a log analytics workspace
In the Defender ATP portal (securitycenter.windows.com) it is possible to create custom detections, but the smallest time frame is 1 hour. Even though 1 hour is better than the mean time to detection of a breach reported via Ponemon, Verizon, etc. I'm trying to cut that down even further by piecing together different Azure cloud services i.e. Event Hubs, Blob Storage, Search Services, Log Analytics, etc. Is there a way to leverage the raw streaming API and perform searching with a log analytics workspace? This would speed up detection to within 5 minutes of an event occurring rather than 1 hour
Defender for IoT Automating processes
Hello, I am trying to automate some processes we are performing using Defender for IoT, running on a virtual machine in Azure. Part of the tasks can be performed using the Defender For IoT Cli, another part can be done using the API functionalities. However, there are some tasks that I cannot yet find a way how to perform. A good example of such a task is playing pcap files. You can upload the pcap files to the desired location using a script. Is it possible to play the files using a script/ some other way? Any input will be much appreciated. Thank you for your time. Kind regards, Vanina