Hello,
Is there a way to pull Top 10 Attack types report within SEPM in a given time, say 1 year?
Thanks.
You should be able to get this from the Risk report section. If you keep logs for a year then yes but depends on how long you retain them
In our environment, I have gone to reports, Risks and Risk Distribution by Name . One of the names that comes up is Microsoft Windows Operating Systems, along with other virus names. What does Microsoft Windows Operating System means in this report?
It means it's a MS Windows file (svchost possibly) or a valid signed file by MS that the risk injected itself into. Do you have have logging turned on for DNS or HOSTS changes?
yes, so even if we have logging turned on that means researching these hosts individually?
Yep