Security Monitoring

microsoft defender security monitoring

What is Microsoft Defender?

Microsoft Defender is a robust antimalware software suite developed and distributed by Microsoft. As a built-in component of modern Windows operating systems, Microsoft Defender serves as a first line of defense against various digital threats, continuously monitoring devices for suspicious activities.

At its core, Microsoft Defender provides real-time monitoring of devices to swiftly identify potential threats. This includes scanning for malicious software, harmful downloads, and suspicious system changes. Moreover, it receives regular updates from Microsoft's threat intelligence network, ensuring it stays up-to-date with the latest known threats and malware variants.

Microsoft Defender boasts an array of features designed to safeguard Windows digital environments. These include real-time protection, which scans for malware and other threats in real-time, and cloud-based protection, which leverages Microsoft's vast threat detection network to spot new and emerging threats. Additionally, Microsoft Defender includes a ransomware protection feature, enabling users to protect their files from unauthorized changes.

How to monitor Microsoft Defender?

ServicePilot maks it easy to monitor Microsoft Defender by simply installing a ServicePilot Windows Agent on the target server. Then use the ServicePilot web interface to add a resource from the ServicePilot security-microsoft-defender package.

Individual Microsoft Defender events are kept for analysis and monitoring metrics are also gathered including:

  • Scan Failed: Number of antimalware failed scans
  • Malware Detected: Number of times malware was found by the antimalware engine
  • Quarantine Delete Failed: Number of times the antimalware platform could not delete an item from quarantine
  • Malware Behavior Detected: Number of detected suspicious behavior by the the antimalware platform
  • Signature Update Failed: Number of failed security intelligence updates
  • Engine Update Failed: Number of failed antimalware engine updates
  • and others...

How to install a microsoft-defender resource?

  1. Use your ServicePilot OnPremise installation or a SaaS account.
  2. Add a new microsoft-defender resource via the web interface (/prmviews or /prmresources) or via API (/prmpackages page), the default ServicePilot agent or another agent will be provisioned automatically.

Details of the microsoft-defender package are located in the /prmpackages page of the software.


ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.

By correlating the technology MICROSOFT DEFENDER with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.

This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.

Start with a free trial of our SaaS solution. Explore our plans or contact us to find what works best for you.



Learn more

Free installation in
a few clicks

SaaS Plateform

Flexible deployment according to your needs (SaaS, hybrid, on-premise) to speed up supervision implementation.
  • No on-premise software setup, servicing and configuration complexity
  • Instant setup, complete and pre-configured to ensure robust monitoring

OnPremise Plateform

Flexible deployment according to your needs (SaaS, hybrid, on-premise) to speed up supervision implementation.
  • Contracts and commitments over time ( > 1 year)
  • Performance, Data Storage and Infrastructure Management
  • 2 additional solutions: VoIP and Mainframe monitoring