Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows Defender Antivirus #1729

Open
15 tasks
jamiehynds opened this issue Sep 15, 2021 · 6 comments
Open
15 tasks

Windows Defender Antivirus #1729

jamiehynds opened this issue Sep 15, 2021 · 6 comments
Labels
Category: EDR/EPP/XDR New Integration Issue or pull request for creating a new integration package. Team:Security-Windows Platform Security Windows Platform Team [elastic/sec-windows-platform]

Comments

@jamiehynds
Copy link

jamiehynds commented Sep 15, 2021
edited
Loading

Description

Microsoft Defender Antivirus, formerly known as Windows Defender, is an antivirus program bundled with Windows 10. Microsoft Defender Antivirus has many features, including substantial security settings for individual users and groups.

Architecture

Similar to PowerShell events, Windows Defender writes events to a Windows Event channel - Windows Defender/Operational. While users can leverage our Custom Windows Event integration to ingest these events, ECS mappings are not applied.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

  • Change follows the contributing guidelines
  • Supported versions of the monitoring target are documented
  • Supported operating systems are documented (if applicable)
  • Integration or System tests exist
  • Documentation exists
  • Fields follow ECS and naming conventions
  • At least a manual test with ES / Kibana / Agent has been performed.
  • Required Kibana version set to:

New Package

  • Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

  • Dashboards exists
  • Screenshots added or updated
  • Datastream filters added to visualizations

Log dataset changes

  • Pipeline tests exist (if applicable)
  • Generated output for at least 1 log file exists
  • Sample event (sample_event.json) exists
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@jamiehynds jamiehynds added New Integration Issue or pull request for creating a new integration package. Category: EDR/EPP/XDR labels Sep 15, 2021
@marc-gr marc-gr self-assigned this Jan 27, 2022
@botelastic
Copy link

botelastic bot commented Jan 27, 2023

Hi! We just realized that we haven't looked into this issue in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Jan 27, 2023
@infosecwatchman
Copy link

+1

@botelastic botelastic bot removed the Stalled label Jan 27, 2023
@botelastic
Copy link

botelastic bot commented Jan 27, 2024

Hi! We just realized that we haven't looked into this issue in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Jan 27, 2024
@marc-gr marc-gr removed the Stalled label Jan 29, 2024
@narph narph added Team:Security-Windows Platform Security Windows Platform Team [elastic/sec-windows-platform] and removed Team:Security-External Integrations labels Jan 29, 2024
@nicpenning
Copy link
Contributor

This integration will still be relevant and useful today. This will also help with: #4564

@nicpenning nicpenning mentioned this issue Jun 21, 2024
Merged
4 tasks
@nicpenning
Copy link
Contributor

Phase 1 complete with initial data stream created as beta.
Phase 2 will be improved alignment with ECS, Dashboard, and any bug fixes along the way to solidify it as GA.

@marc-gr marc-gr removed their assignment Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category: EDR/EPP/XDR New Integration Issue or pull request for creating a new integration package. Team:Security-Windows Platform Security Windows Platform Team [elastic/sec-windows-platform]
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@narph @nicpenning @marc-gr @elasticmachine @infosecwatchman @jamiehynds