VOOZH

URL: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/queries/protectionstatus

⇱ Example log table queries for ProtectionStatus - Azure Monitor | Microsoft Learn

Note

Access to this page requires authorization. You can try signing in or .

Access to this page requires authorization. You can try .

Queries for the ProtectionStatus table

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

Signatures out of date

Devices with Signatures out of date.

// To create an alert for this query, click '+ New alert rule'
ProtectionStatus
| summarize Rank = max(ProtectionStatusRank) by Computer, _ResourceId
| where Rank == "250"

Protection Status updates

Protection Status updates per day.

// To create an alert for this query, click '+ New alert rule'
ProtectionStatus
| summarize AggregatedValue = count(ScanDate) by bin(TimeGenerated, 1d), Computer, _ResourceId
| sort by TimeGenerated desc

Malware detection

Malware detected grouped by threat.

// To create an alert for this query, click '+ New alert rule'
ProtectionStatus
| where ThreatStatus != "No threats detected"
| summarize AggregatedValue = count() by Threat, Computer, _ResourceId

Feedback

Was this page helpful?

Additional resources

Last updated on