deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Added TVM hunting scenario

Browse Source
This commit is contained in:
Dulce Montemayor
2019-10-27 23:27:36 -07:00
committed by GitHub
parent a634cb25f5
commit 0368e24c70
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
View File

@ -150,6 +150,29 @@ When an exception is created for a recommendation, the recommendation is no long
6. Navigate to the **Remediation** page under the **Threat & Vulnerability Management** menu and click the **Exceptions** tab to view all your exceptions (current and past).
## Use Advanced hunting query to search for machines with High active alerts or Critical CVE public exploit
1. Go to **Advanced hunting** from the left-hand navigation pane.
2. Scroll down to the TVM advanced hunting schemas to familiarize yourself with the column names.
3. Enter the following queries:
```
// Search for machines with High active alerts or Critical CVE public exploit
DeviceTvmSoftwareInventoryVulnerabilities
| join kind=inner(DeviceTvmSoftwareVulnerabilitiesKB) on CveId
| where IsExploitAvailable == 1 and CvssScore >= 7
| summarize NumOfVulnerabilities=dcount(CveId),
ComputerName=any(ComputerName) by MachineId
| join kind =inner(AlertEvents) on MachineId
| summarize NumOfVulnerabilities=any(NumOfVulnerabilities),
ComputerName=any(ComputerName) by MachineId, AlertId
| project ComputerName, NumOfVulnerabilities, AlertId
| order by NumOfVulnerabilities desc
```
## Related topics
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)