Security events

Knox Asset Intelligence — when integrated with Microsoft Sentinel — provides a wide range of security events that enable security operations teams with threat detection, threat hunting, incident investigations, and compliance use-cases.

The following types of events are available from Knox Asset Intelligence:

• Suspicious URLs: SOC analysts can monitor suspicious URLs encountered on devices for early detection of potential phishing attacks.
• Unauthorized privilege escalations: Alerts for process privilege escalation help detect and respond to malware threats.
• Malicious use of accessibility APIs: The solution can alert on potentially malicious use of accessibility APIs.
• Indicators of spyware and malware: Knox can detect various indicators of spyware and other forms of malware.
• Policy violations: Alerts related to policy violations help identify potential insider threats or unintentional security breaches.
• Unsanctioned use of device admin roles: This helps monitor and respond to potential misuse of device administrator privileges.

Accessing the events list

To help prevent unauthorized usage, security events and metadata are exclusively accessible to Knox Asset Intelligence customers who have integrated with Microsoft Sentinel.

To view the available security events, go to your dashboard Settings > SECURITY tab, then click the Events list link under SECURITY LOG SETTINGS.