Skip to content

Microsoft SCEP

Microsoft SCEP Logo

About

Endpoint Protection manages antimalware policies and Windows Defender Firewall security for client computers in your Configuration Manager hierarchy. Beginning with Windows 10 and Windows Server 2016 computers, Microsoft Defender Antivirus is already installed. For these operating systems, a management client for Microsoft Defender Antivirus is installed when the Configuration Manager client installs. On Windows 8.1 and earlier computers, the Endpoint Protection client is installed with the Configuration Manager client.

Product Details

Vendor URL: Microsoft SCEP

Product Type: Antivirus

Product Tier: Tier I

Integration Method: Syslog

Integration URL: Microsoft SCEP Log Forwarding

Log Guide: N/A

Parser Details

Log Format: Syslog

Expected Normalization Rate: 90%

Data Label: MICROSOFT_SCEP

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
description metadata.description
details security_result.description
Microsoft metadata.vendor_name
observer observer.hostname
product_event metadata.product_event_type
SCEP metadata.product_name
summary security_result.summary
target_file target.file.full_path
thread metadata.product_log_id

Product Event Types

product_event UDM Event Classification
all others GENERIC_EVENT

Log Sample

Results refreshed for collection collection, 0 entries changed.  $$<SMS_COLLECTION_EVALUATOR><12-19-2022 16:51:21.461+300><thread=20572 (0x505C)>
username

Sample Parsing

metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Microsoft"
metadata.product_name = "System Center Configuration Manager"
metadata.product_event_type = "SMS_COLLECTION_EVALUATOR"
metadata.description = "Results refreshed for collection collection, 0 entries changed. "

Parser Alerting

This product currently does not have any Parser-based Alerting.