You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/agentless-malware-scanning.md
+15-2Lines changed: 15 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -37,9 +37,22 @@ You can learn more about [agentless machine scanning](concept-agentless-data-col
37
37
> [!IMPORTANT]
38
38
> Security alerts appear on the portal only in cases where threats are detected on your environment. If you do not have any alerts it may be because there are no threats on your environment. You can [test to see if the agentless malware scanning capability has been properly onboarded and is reporting to Defender for Cloud](enable-agentless-scanning-vms.md#test-the-agentless-malware-scanners-deployment).
39
39
40
-
On the Security alerts page, you can [manage and respond to security alerts](managing-and-responding-alerts.md). You can also [review the agentless malware scanner's results](managing-and-responding-alerts.md#review-the-agentless-scans-results). Security alerts can also be [exported to Sentinel](export-to-siem.md).
40
+
### Defender for Cloud security alerts
41
41
42
-
:::image type="content" source="media/agentless-malware-scanning/agentless-alerts-results.png" alt-text="Screenshot of the Alerts page in Defender for Cloud that shows how the agentless scan's results appear on that page." lightbox="media/agentless-malware-scanning/agentless-alerts-results.png":::
42
+
When a malicious file is detected, Microsoft Defender for Cloud generates a [Microsoft Defender for Cloud security alert](alerts-overview.md#what-are-security-alerts). To see the alert, go to **Microsoft Defender for Cloud** security alerts.
43
+
The security alert contains details and context on the file, the malware type, and recommended investigation and remediation steps. To use these alerts for remediation, you can:
44
+
45
+
1. View [security alerts](https://portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/7) in the Azure portal by navigating to **Microsoft Defender for Cloud** > **Security alerts**.
46
+
1.[Configure automations](workflow-automation.md) based on these alerts.
47
+
1.[Export security alerts](alerts-overview.md#exporting-alerts) to a SIEM. You can continuously export security alerts Microsoft Sentinel (Microsoft’s SIEM) using [Microsoft Sentinel connector](../sentinel/connect-defender-for-cloud.md), or another SIEM of your choice.
48
+
49
+
Learn more about [responding to security alerts](../event-grid/custom-event-quickstart-portal.md#subscribe-to-custom-topic).
50
+
51
+
### Handling possible false positives
52
+
53
+
If you believe a file is being incorrectly detected as malware (false positive), you can submit it for analysis through the [sample submission portal](/microsoft-365/security/intelligence/submission-guide). The submitted file will be analyzed by Defender's security analysts. If the analysis report will indicate that the file is in fact clean, then the file will no longer trigger new alerts from now on.
54
+
55
+
Defender for Cloud allows you to [suppress false positive alerts](alerts-suppression-rules.md). Make sure to limit the suppression rule by using the malware name or file hash.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments