Multiple Malware Detections on a Single Host

This is a simple enough query for detecting a host with multiple infections/detections. The reason for the bucket and incorporating a search over a longer time span (say 60m) is I found it to provide better results and less false negatives if the infrastructure isn’t setup to ingest data in near real-time.

Continue Reading →

Malware Detection

I’m reposting this query I stumbled upon in a blog here. The description states that it can be used to detect malware reporting out to the web. Check out the article it’s a decent read.

Continue Reading →

Microsoft Antimalware Virus Remediation Details

This query will return detailed results on malware/virus remediation.

Continue Reading →

Microsoft Antimalware Malware Detection Details

This query will return results if malware is detected, and return detailed information on the Malware detected.

Continue Reading →