title: DN_0084_av_alert
description: >
  Anti-virus alert
loggingpolicy:
  - None          # well, some of them require additional configuraiotn to provide filehash
references:
  - None
category: AV Alerts
platform: antivirus
type: None
channel: None
provider: None
fields:
  - Hostname
  - Signature
  - AlertTitle
  - Category
  - Severity
  - Sha1
  - FileName
  - FilePath
  - IpAddress
  - UserName
  - UserDomain
  - FileHash
  - Hashes
  - Imphash
  - Sha256hash
  - Sha1hash
  - Md5hash
sample: |
  {
    "AlertTime":"2017-01-23T07:32:54.1861171Z",
    "ComputerDnsName":"desktop-bvccckk",
    "AlertTitle":"Suspicious PowerShell commandline",
    "Category":"SuspiciousActivity",
    "Severity":"Medium",
    "AlertId":"636207535742330111_-1114309685",
    "Actor":null,
    "LinkToWDATP":"https://securitycenter.windows.com/alert/636207535742330111_-1114309685",
    "IocName":null,
    "IocValue":null,
    "CreatorIocName":null,
    "CreatorIocValue":null,
    "Sha1":"69484ca722b4285a234896a2e31707cbedc59ef9",
    "FileName":"powershell.exe",
    "FilePath":"C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0",
    "IpAddress":null,
    "Url":null,
    "IoaDefinitiondId":"7f1c3609-a3ff-40e2-995b-c01770161d68",
    "UserName":null,
    "AlertPart":0,
    "FullId":"636207535742330111_-1114309685:9DE735BA9FF87725E392C6DFBEB2AF279035CDE229FCC00D28C0F3242C5A50AF",
    "LastProcessedTimeUtc":"2017-01-23T11:33:45.0760449Z",
    "ThreatCategory":null,
    "ThreatFamily":null,
    "ThreatName":null,
    "RemediationAction":null,
    "RemediationIsSuccess":null,
    "Source":"Windows Defender ATP",
    "Md5":null,
    "Sha256":null,
    "WasExecutingWhileDetected":null,
    "FileHash":"69484ca722b4285a234896a2e31707cbedc59ef9",
    "IocUniqueId":"9DE735BA9FF87725E392C6DFBEB2AF279035CDE229FCC00D28C0F3242C5A50AF"
  }