Microsoft Defender Secure Score Event Monitor Reference Guide
MS Defender Secure Score Event Monitor
The Microsoft Defender Secure Score Event Monitor integrates with Microsoft Defender to alert about secure scores.
Overview
This event monitor connects via Microsoft Azure and lets you receive alerts about secure scores for data, identity, devices, apps, and more.
Use Cases
- Receiving timely alerts about lowered secure scores
- Keeping a table of Defender scores to compare and contrast over time
Monitoring Options
This event monitor provides the following options:
Alert with [Info/Warning/Error/Critical] if Azure cannot be contacted
This option will send you an alert if the event monitor cannot contact Azure.
Alert if a specified amount of time has passed since the last control score synchronization
Use this option to receive alerts when it's been too long since the last control score sync.
Alert if the total secure score is less than a specified percentage
This option will send an alert if the total secure score is less than the percentage you specify.
Alert if the apps secure score is less than a specified percentage
This option will send you an alert if the apps secure score is less than a specified percentage.
Alert if the data secure score is less than a specified percentage
Use this option to get alerted if the data secure score is less than a certain percentage.
Alert if the device secure score is less than a specified percentage
This option will send you an alert if the device secure score is less than a specified percentage.
Alert if the identity secure score is less than a specified percentage
This option will send you an alert if the identity secure score is less than a specified percentage.
Alert if the infrastructure secure score is less than a specified percentage
This option will send you an alert if the infrastructure secure score is less than a specified percentage.
Alert with [Info/Warning/Error/Critical] if the total secure score is lower than the previous check
This option will alert you with your choice of alert level if the total secure score is found to be lower than the last time the event monitor ran.
Alert with [Info/Warning/Error/Critical] if the apps secure score is lower than the previous check
This option will alert you with your choice of alert level if the apps secure score is found to be lower than the last time the event monitor ran.
Alert with [Info/Warning/Error/Critical] if the data secure score is lower than the previous check
This option will alert you with your choice of alert level if the data secure score is found to be lower than the last time the event monitor ran.
Alert with [Info/Warning/Error/Critical] if the device secure score is lower than the previous check
This option will alert you with your choice of alert level if the device secure score is found to be lower than the last time the event monitor ran.
Alert with [Info/Warning/Error/Critical] if the identity secure score is lower than the previous check
This option will alert you with your choice of alert level if the identity secure score is found to be lower than the last time the event monitor ran.
Alert with [Info/Warning/Error/Critical] if the infrastructure secure score is lower than the previous check
This option will alert you with your choice of alert level if the infrastructure secure score is found to be lower than the last time the event monitor ran.
Alert if any control score is less than a specified percentage
Use this option to get alerted if any Defender control score is less than a percentage you specify.
Alert if any apps control score is less than a specified percentage
This option will send an alert if any apps control score is less than a percentage you specify.
Alert if any data control score is less than a specified percentage
This option sends alerts if one or more data control scores are less than a percentage you specify.
Alert if any identity control score is less than a specified percentage
Use this option to get alerts if any identity control score is found to be less than a percentage you specify.
Alert if any device control score is less than a specified percentage
This option will send you an alert if any device control score drops below the percentage you specify.
Alert if any infrastructure control score is less than a specified percentage
This option alerts you if any infrastructure control score is less than a percentage you specify.
Include a table of control scores [before all/after all] event text
Select this option and FrameFlow will generate a table with all control scores alongside the event text generated each time the monitor runs.
Control scores to ignore
Enter the names of control scores you want the event monitor to ignore here, with each entry on a new line.
Authentication and Security
The account used to authenticate must have SecurityEvents.Read.All at the application level.
Protocols
Data Points
This event monitor generates the following data points:
| Data Point | Description |
|---|---|
| Comparative Secure Score (All Tenants) | The comparative secure score for all tenants. |
| Comparative Secure Score (Total Seats) | The comparative secure score based on total seats available in your license. |
| Secure Score | The total secure score detected the last time the event monitor ran. |
| Secure Score "Apps" | The "Apps" secure score detected the last time the event monitor ran. |
| Secure Score "Data" | The "Data" secure score detected the last time the event monitor ran. |
| Secure Score "Device" | The "Device" secure score detected the last time the event monitor ran. |
| Secure Score "Identity" | The "Identity" secure score detected the last time the event monitor ran. |
| Secure Score "Infrastructure" | The "Infrastructure" secure score detected the last time the event monitor ran. |
Sample Output
Comments
Add a comment