From 893dfd221cfc0ae5d259c5d7e7065245f75e8f8c Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 17 Feb 2021 14:32:25 -0800 Subject: [PATCH 1/3] new tables --- .../microsoft-defender-atp/tvm-hunt-exposed-devices.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md index 3ee21c13f2..c5037d0005 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md @@ -38,11 +38,16 @@ Advanced hunting is a query-based threat-hunting tool that lets you explore up t ### Schema tables -- [DeviceTvmSoftwareInventoryVulnerabilities](advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md) - Inventory of software on devices as well as any known vulnerabilities in these software products +- DeviceTvmSoftwareInventory– A complete list of all software on your devices, whether or not they have any vulnerabilities. + - You’ll have a single row for each software installed on every device. + - EndOfSupportStatus and EndOfSupportDate will have the end-of-support state (if applicable) for specific software versions installed on devices. + +- DeviceTvmSoftwareVulnerabilities – Discover vulnerabilities (CVEs) in existing software across all your devices. + - RecommendedSecurityUpdate and RecommendedSecurityUpdateId will have missing security updates / KBs for installed software. - [DeviceTvmSoftwareVulnerabilitiesKB](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md) - Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available -- [DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md) - Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices +- [DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md) - Threat and vulnerability management assessment events, indicating the status of various security configurations on devices - [DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md) - Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks From 82113bddd1289f00956a0f20182bc57b2a7e0658 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 17 Feb 2021 14:32:41 -0800 Subject: [PATCH 2/3] space --- .../microsoft-defender-atp/tvm-hunt-exposed-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md index c5037d0005..28bb47b42e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md @@ -38,7 +38,7 @@ Advanced hunting is a query-based threat-hunting tool that lets you explore up t ### Schema tables -- DeviceTvmSoftwareInventory– A complete list of all software on your devices, whether or not they have any vulnerabilities. +- DeviceTvmSoftwareInventory – A complete list of all software on your devices, whether or not they have any vulnerabilities. - You’ll have a single row for each software installed on every device. - EndOfSupportStatus and EndOfSupportDate will have the end-of-support state (if applicable) for specific software versions installed on devices. From 9c7c2bc6322ec696e53163a185613f9505d0e555 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 19 Feb 2021 15:50:24 -0800 Subject: [PATCH 3/3] config changes --- .../microsoft-defender-atp/tvm-security-recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 2c151888d9..0e8b95ad50 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -105,7 +105,7 @@ From the flyout, you can choose any of the following options: - [**Exception options**](tvm-exception.md) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue yet. >[!NOTE] ->When a software change is made on a device, it typically takes 2 hours for the data to be reflected in the security portal. Configuration changes can take 12 hours. However, it may sometimes take longer. +>When a software change is made on a device, it typically takes 2 hours for the data to be reflected in the security portal. However, it may sometimes take longer. Configuration changes can take anywhere from 4 to 24 hours. ### Investigate changes in device exposure or impact