Security monitoring
How to monitor MICROSOFT-DEFENDER?


ServicePilot security-microsoft-defender


What is Microsoft Defender?

Microsoft Defender is antimalware software provided by Microsoft. It provides threats monitoring on devices, runs scans and gets updates to detect new threats.

Microsoft Defender monitoring

This package is built to monitor Microsoft Defender collecting Event IDs specifically generated by this tool.

This package automatically configures the ServicePilot Manager to collect statistics from Windows Servers on which the ServicePilot Agent has been configured.

Individual Microsoft Defender events are kept for analysis and monitoring metrics are also gathered including:

  • Scan Failed: number of times an antimalware scan failed
  • Malware Detected: number of times malware was found by the antimalware engine
  • Quarantine Delete Failed: number of times the antimalware platform could not delete an item from quarantine
  • Malware Behavior Detected: number of times the antimalware platform detected suspicious behavior
  • Signature Update Failed: number of times the security intelligence update failed
  • Engine Update Failed: number of times the antimalware engine update failed
  • and others...