Query Details
Malware File Detected
Query
# Malware File Detected In Office 365 ## Query Information #### Description This detects a malware file in your Office 365 environment. #### Risk Active malware is detected and can spread through the organisation. #### References - https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection?view=o365-worldwide ## Sentinel ``` OfficeActivity | where Operation == "FileMalwareDetected" | project-reorder TimeGenerated, OfficeWorkload, SourceFileName, OfficeObjectId, UserId ```
Explanation
This query detects any malware files in your Office 365 environment. It looks for the specific operation "FileMalwareDetected" in the OfficeActivity table and retrieves the time generated, Office workload, source file name, Office object ID, and user ID associated with the detected malware file. The presence of active malware poses a risk as it can spread throughout the organization. For more information, you can refer to the provided Microsoft documentation.
Details
Bert-Jan Pals
Released: February 14, 2023
Tables
OfficeActivity
Keywords
OfficeActivity,Operation,FileMalwareDetected,TimeGenerated,OfficeWorkload,SourceFileName,OfficeObjectId,UserId
Operators
where==project-reorder