Managed Sentinel – Alert 204
| Alert ID | MS-A204 |
| Alert Name | Azure Security Center - Antimalware Activity |
| Description | This alert identifies antimalware activity detected by the Azure Security Center. The alert details are based on the type of antimalware installed on the host but typically includes the host name, the affected file, the action taken and some additional information related to the nature of the threat. |
| Severity Level | High |
| Threat Indicator | Malware |
| MITRE ATT&CK Tactics | Initial Access Execution |
| Log sources | Azure Security Center alerts |
| False Positives | Benign applications identified as malicious by the antimalware software. Malware detection testing. |
| Recommendations | 1. Identify the system(s) that have been affected 2. Run a full antimalware scan 3. Contact the user for additional details such as any abnormal computer behavior, suspicious files, etc. 4. Search for additional alerts related to the affected computer 5. If available, use an EDR application for further investigation |