共用方式為

ProtectionStatus 數據表的查詢

  • 發行項

如需在 Azure 入口網站 使用這些查詢的資訊,請參閱Log Analytics教學課程。 如需 REST API,請參閱 查詢

簽章過期

具有簽章過期的裝置。

// To create an alert for this query, click '+ New alert rule'
ProtectionStatus
| summarize Rank = max(ProtectionStatusRank) by Computer, _ResourceId
| where Rank == "250"

保護狀態更新

保護狀態每天更新。

// To create an alert for this query, click '+ New alert rule'
ProtectionStatus
| summarize AggregatedValue = count(ScanDate) by bin(TimeGenerated, 1d), Computer, _ResourceId
| sort by TimeGenerated desc

惡意程式碼偵測

偵測到由威脅分組的惡意代碼。

// To create an alert for this query, click '+ New alert rule'
ProtectionStatus
| where ThreatStatus != "No threats detected" 
| summarize AggregatedValue = count() by Threat, Computer, _ResourceId