Managed Sentinel – Alert 110

Alert IDMS-A110
Alert Name Malware detected in a Office 365 repository
DescriptionThis alert triggers when Office 365 antivirus engine detects malware in a file hosted in Sharepoint or OneDrive.
Severity LevelHigh
Threat IndicatorMalicious Content
MITRE ATT&CK TacticsExecution
Command and Control
Log sourcesOffice 365
False PositiveN/A
Recommendations1. Remove malware from O365 repository
2. Use Azure Sentinel to identify the Office 365 user account(s) who downloaded the respective malicious file on their local computers
3. Perform on a full EDR scan on local computers
4. Disconnect computers from your corporate network until the scan is completed and malware removed