deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #2409 from MicrosoftDocs/tvm-updates

Browse Source 
Tvm updates
This commit is contained in:
Beth Levin 2020-03-27 15:41:19 -07:00 committed by GitHub
commit 4726d753d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 47 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/security/threat-protection/microsoft-defender-atp/images/cve-detection-logic.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-discovered-vulnerabilities.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-vulnerable-software.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 16 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-vulnerable-software500.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-weaknesses-overview.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 105 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm_machine_page_flyout.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 37 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm_machineslist.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 51 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/windows-server-drilldown.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 179 KiB

97
windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
View File

@ -29,6 +29,13 @@ Threat & Vulnerability Management leverages the same signals in Microsoft Defend
The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, corresponding breach, and threat insights. The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization, their severity, Common Vulnerability Scoring System (CVSS) rating, its prevalence in your organization, corresponding breach, and threat insights.
You can access the list of vulnerabilities in a few places in the portal:
- Global search
- Weaknesses option in the navigation menu
- Top vulnerable software widget in the dashboard
- Discovered vulnerabilities page in the machine page
>[!IMPORTANT] >[!IMPORTANT]
>To boost your vulnerability assessment detection rates, you can download the following mandatory security updates and deploy them in your network: >To boost your vulnerability assessment detection rates, you can download the following mandatory security updates and deploy them in your network:
>- 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941) >- 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
@ -36,15 +43,29 @@ The **Weaknesses** page lists down the vulnerabilities found in the infected sof
>- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045) >- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045)
>- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071) >- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
## Navigate to your organization's weaknesses page ## Navigate to the Weaknesses page
You can access the list of vulnerabilities in a few places in the portal: When new vulnerabilities are released, you can find out how many of your assets are exposed in the **Weaknesses** page of the Threat & Vulnerability Management navigation menu. If the **Exposed Machines** column shows 0, that means you are not at risk. If exposed machines exist, the next step is to remediate the vulnerabilities in those machines to reduce the risk to your assets and organization.
- Global search
- Weaknesses option in the navigation menu
- Top vulnerable software widget in the dashboard
- Discovered vulnerabilities page in the machine page
### Vulnerabilities in global search ![tvm-breach-insights](images/tvm-weaknesses-overview.png)
### Breach and threat insights
You can view the related breach and threat insights in the **Threat** column when the icons are colored red.
>[!NOTE]
> Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight ![threat insight](images/tvm_bug_icon.png) icon and breach insight ![possible active alert](images/tvm_alert_icon.png) icon.
The breach insights icon is highlighted if there is a vulnerability found in your organization.
![tvm-breach-insights](images/tvm-breach-insights.png)
The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit or connected to specific advanced persistent campaigns or activity groups. Threat Analytics report links are provided that you can read with zero-day exploitation news, disclosures, or related security advisories.
![tvm-threat-insights](images/tvm-threat-insights.png)
## Vulnerabilities in global search
1. Go to the global search drop-down menu. 1. Go to the global search drop-down menu.
2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you are looking for. 2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you are looking for.
@ -53,68 +74,45 @@ You can access the list of vulnerabilities in a few places in the portal:
To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search. To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search.
### Weaknesses page in the menu ## Top vulnerable software in the dashboard
1. Go to the Threat & Vulnerability Management navigation menu and select **Weaknesses** to open up the list of vulnerabilities found in your organization. 1. Go to the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time.
2. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, dates when it was published and updated, related software, exploit kits available, vulnerability type, link to useful reference, and number of exposed machines which users can also export. ![top vulnerable software card](images/tvm-top-vulnerable-software500.png)
2. Select the software that you want to investigate to go a drill down page.
![Screenshot of the CVE details in the flyout pane in the Weaknesses page](images/tvm-weaknesses-page.png) 3. Select the **Discovered vulnerabilities** tab.
### Top vulnerable software widget in the dashboard
1. Go to the Threat & Vulnerability Management dashboard and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time.
![tvm-top-vulnerable-software](images/tvm-top-vulnerable-software.png)
2. Click the software that you want to investigate and it takes you to the software page. You will see the weaknesses found in your machine per severity level, in which machines are they installed, version distribution, and the corresponding security recommendation.
3. Select the **Discovered vulnerabilities** tab.
4. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates. 4. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.
### Discovered vulnerabilities in the machine page ![Windows server drill down overview](images/windows-server-drilldown.png)
## Discover vulnerabilities in the machine page
1. Go to the left-hand navigation menu bar, then select the machine icon. The **Machines list** page opens. 1. Go to the left-hand navigation menu bar, then select the machine icon. The **Machines list** page opens.
<br>![Screenshot of Machines list page](images/tvm_machineslist.png)</br> 2. In the **Machines list** page, select the machine name that you want to investigate.
2. In the **Machines list** page, select the machine that you want to investigate.
<br>![Screenshot of machine list with selected machine to investigate](images/tvm_machinetoinvestigate.png)</br> <br>![Screenshot of machine list with selected machine to investigate](images/tvm_machinetoinvestigate.png)</br>
<br>A flyout pane opens with machine details and response action options.</br> 3. The machine page will open with details and response options for the machine you want to investigate.
![Screenshot of the flyout pane with machine details and response options](images/tvm_machine_page_flyout.png)
3. In the flyout pane, select **Open machine page**. A page opens with details and response options for the machine you want to investigate.
<br>![Screenshot of the machine page with details and response options](images/tvm_machines_discoveredvuln.png)</br>
4. Select **Discovered vulnerabilities**. 4. Select **Discovered vulnerabilities**.
5. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates. <br>![Screenshot of the machine page with details and response options](images/tvm-discovered-vulnerabilities.png)</br>
5. Select the vulnerability that you want to investigate to open up a flyout panel with the CVE details, such as: vulnerability description, threat insights, and detection logic.
## How it works ### CVE Detection logic
When new vulnerabilities are released, you would want to know how many of your assets are exposed. You can see the list of vulnerabilities and the details in the **Weaknesses** page. Similar to the software evidence, we now show the detection logic we applied on a machine in order to state that it's vulnerable. This is a new section called "Detection Logic" (in any discovered vulnerability in the machine page) that shows the detection logic and source.
If the **Exposed Machines** column shows 0, that means you are not at risk. ![Screenshot of the machine page with details and response options](images/cve-detection-logic.png)
If exposed machines exist, that means you need to remediate the vulnerabilities in those machines because they put the rest of your assets and your organization at risk.
You can also see the related alert and threat insights in the **Threat** column.
The breach insights icon is highlighted if there is a vulnerability found in your organization. Prioritize an investigation because it means there might be a breach in your organization.
![tvm-breach-insights](images/tvm-breach-insights.png)
The threat insights icons are highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit, connected to specific advanced persistent campaigns or activity groups for which, Threat Analytics report links are provided that you can read, has zero-day exploitation news, disclosures, or related security advisories.
![tvm-threat-insights](images/tvm-threat-insights.png)
>[!NOTE]
> Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight ![threat insight](images/tvm_bug_icon.png) icon and breach insight ![possible active alert](images/tvm_alert_icon.png) icon.
## Report inaccuracy ## Report inaccuracy
You can report a false positive when you see any vague, inaccurate, missing, or already remediated vulnerability information in the machine page. You can report a false positive when you see any vague, inaccurate, missing, or already remediated vulnerability information in the machine page.
1. Select the **Discovered vulnerabilities** tab. 1. Select the **Discovered vulnerabilities** tab.
2. Click **:** beside the vulnerability that you want to report about, and then select **Report inaccuracy**. 2. Click **:** beside the vulnerability that you want to report about, and then select **Report inaccuracy**.
![Screenshot of Report inaccuracy control from the machine page in the Discovered vulnerabilities tab](images/tvm_report_inaccuracy_vuln.png) ![Screenshot of Report inaccuracy control from the machine page in the Discovered vulnerabilities tab](images/tvm_report_inaccuracy_vuln.png)
<br>A flyout pane opens.</br> <br>A flyout pane opens.</br>
![Screenshot of Report inaccuracy flyout pane](images/tvm_report_inaccuracy_vulnflyout.png) ![Screenshot of Report inaccuracy flyout pane](images/tvm_report_inaccuracy_vulnflyout.png)
3. From the flyout pane, select the inaccuracy category from the **Discovered vulnerability inaccuracy reason** drop-down menu. 3. From the flyout pane, select the inaccuracy category from the **Discovered vulnerability inaccuracy reason** drop-down menu.
<br>![Screenshot of discovered vulnerability inaccuracy reason drop-down menu](images/tvm_report_inaccuracy_vulnoptions.png)</br> <br>![Screenshot of discovered vulnerability inaccuracy reason drop-down menu](images/tvm_report_inaccuracy_vulnoptions.png)</br>
4. Include your email address so Microsoft can send you feedback regarding the inaccuracy you reported. 4. Include your email address so Microsoft can send you feedback regarding the inaccuracy you reported.
@ -122,11 +120,10 @@ You can report a false positive when you see any vague, inaccurate, missing, or
5. Include your machine name for investigation context. 5. Include your machine name for investigation context.
> [!NOTE] > [!NOTE]
> You can also provide details regarding the inaccuracy you reported in the **Tell us more (optional)** field to give the threat and vulnerability management investigators context. > You can also provide details regarding the inaccuracy you reported in the **Tell us more (optional)** field to give the threat and vulnerability management investigators context.
6. Click **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context. 6. Click **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context.
## Related topics ## Related topics
- [Supported operating systems and platforms](tvm-supported-os.md) - [Supported operating systems and platforms](tvm-supported-os.md)
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)