This query will return detailed results on malware/virus remediation. sourcetype=”WinEventLog:System” SourceName=”Microsoft Antimalware” EventCode=1117 |eval Date=strftime(_time, “%Y/%m/%d”)| stats count by host, Category, Name, Severity, Date, Action_Status
Microsoft Antimalware Malware Detection Details
This query will return results if malware is detected, and return detailed information on the Malware detected. sourcetype=”WinEventLog:System” SourceName=”Microsoft Antimalware” EventCode=1116 |eval Date=strftime(_time, “%Y/%m/%d”)| stats count by host, Category, Name, Path, Severity, Date