Managed Sentinel – Alert 110
| Alert ID | MS-A110 |
| Alert Name | Malware detected in a Office 365 repository |
| Description | This alert triggers when Office 365 antivirus engine detects malware in a file hosted in Sharepoint or OneDrive. |
| Severity Level | High |
| Threat Indicator | Malicious Content |
| MITRE ATT&CK Tactics | Execution Command and Control |
| Log sources | Office 365 |
| False Positive | N/A |
| Recommendations | 1. Remove malware from O365 repository 2. Use Azure Sentinel to identify the Office 365 user account(s) who downloaded the respective malicious file on their local computers 3. Perform on a full EDR scan on local computers 4. Disconnect computers from your corporate network until the scan is completed and malware removed |