Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Windows Defender ATP

 

Use the JSA Windows Defender ATP Content Extension to closely monitor your Windows Defender ATP deployment.

JSA Windows Defender ATP Content Extension V1.0.1

The following table shows the new custom properties in JSA Windows Defender ATP Content Extension V1.0.1.

Table 1: New Custom Properties in JSA Windows Defender ATP Content Extension V1.0.1

Name

Optimized

Enabled

Regex

File Directory

1

1

FilePath":"(.*?)",

The following table shows the changed custom properties in JSA Windows Defender ATP Content Extension V1.0.1.

Table 2: Changed Custom Properties in JSA Windows Defender ATP Content Extension V1.0.1

Name

Optimized

Filename

1

File Extension

1

Urlhost

1

The following table shows the removed custom properties in JSA Windows Defender ATP Content Extension V1.0.1.

Table 3: Removed Custom Properties in JSA Windows Defender ATP Content Extension V1.0.1

Name

Replaced With

File Path

File Directory

JSA Windows Defender ATP Content Extension V1.0

The following table shows the custom properties in JSA Windows Defender ATP Content Extension V1.0.

Table 4: Custom Properties in JSA Windows Defender ATP Content Extension V1.0

Name

Capture Group

Regex

Filename

1

FileName":"(.*?)",

File Path

1

FilePath":"(.*?)",

File Hash

1

FileHash":"(.*?)",

MD5 Hash

1

Md5":"(.*?)",

SHA1 Hash

1

Sha1":"(.*?)",

SHA256 Hash

1

Sha256":"(.*?)",

Computer Name

1

MachineName":"(.*?)"

Threat Name

1

ThreatName":"(.*?)",

Threat Severity

1

Severity":"(.*?)"

Threat Category

1

ThreatCategory":"(.*?)",

Threat Family

1

ThreatFamily":"(.*?)",

Action

1

RemediationAction":"(.*?)",

Action Result

1

RemediationIsSuccess":(.*?),

URL

1

Url\"\:\"(.*?)\",

URLHost

1

Url\"\:\"(?:.*?:\/\/)?(?:www\.)?([^\/:\,\"]+)

IOC Name

1

IocName":"(.*?)",

IOC Value

1

IocValue":"(.*?)",

Execution Status

1

WasExecutingWhileDetected":(.*?),

Alert

1

AlertTitle":"(.*?)",

Alert_Category

1

Category":"(.*?)",

Alert_Severity

1

Severity":"(.*?)",

Reference Link

1

LinkToWDATP":"(.*?)",

Detection Engine

1

Source":"(.*?)",

File Extension

1

FileName":"[^\"\.]*\.([^\"]*?)"

Related Documentation