Managed Sentinel – Alert 204

Alert IDMS-A204
Alert NameAzure Security Center - Antimalware Activity
DescriptionThis alert identifies antimalware activity detected by the Azure Security Center. The alert details are based on the type of antimalware installed on the host but typically includes the host name, the affected file, the action taken and some additional information related to the nature of the threat.
Severity LevelHigh
Threat IndicatorMalware
MITRE ATT&CK TacticsInitial Access
Execution
Log sourcesAzure Security Center alerts
False PositivesBenign applications identified as malicious by the antimalware software.
Malware detection testing.
Recommendations1. Identify the system(s) that have been affected
2. Run a full antimalware scan
3. Contact the user for additional details such as any abnormal computer behavior, suspicious files, etc.
4. Search for additional alerts related to the affected computer
5. If available, use an EDR application for further investigation