mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-23 18:57:22 +00:00
new page and images
This commit is contained in:
Beth Levin
parent
e4d0c4bbf5
commit
5f934ed5cc
Binary file not shown.
|
After Width: | Height: | Size: 32 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 43 KiB |
@ -22,17 +22,29 @@ ms.topic: conceptual
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Event insights is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center.
|
||||
Event insights is a "risk news feed" which will help you interpret how risk is introduced into the organization and which mitigations happened to reduce it.
|
||||
|
||||
The goal of event insights is to tell the story of the exposure score.
|
||||
With events insight, you can check which impactful events occurred in your organization. For example, new vulnerabilities that were introduced, vulnerabilities that became exploitable, the number of impacted machines, and more.
|
||||
|
||||
The goal of event insights is to tell the story of your [exposure score](tvm-exposure-score.md).
|
||||
|
||||
- Quickly understand and identify high-level takeaways about the state of security in your organization.
|
||||
- Detect and respond to areas that require investigation or action to improve the current state.
|
||||
- Communicate with peers and management about the impact of security efforts.
|
||||
|
||||
Reduce the exposure score by addressing what needs to be remediated based on the prioritized security recommendations. See [Security recommendations](tvm-security-recommendation.md) for details.
|
||||
You can reduce you exposure score by addressing what needs to be remediated based on the prioritized security recommendations. See [Security recommendations](tvm-security-recommendation.md) for details.
|
||||
|
||||
|
||||
## Navigation
|
||||
|
||||
You can access Event insights through the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) or in the navigation menu of the Microsoft Defender Security Center.
|
||||
|
||||
On the Event insights page, you can view the date, event, related component, number of impacted machines, and type. You can also filter by type, or percent impacted machines.
|
||||
|
||||
|
||||
|
||||
Once you select an event insight, a flyout will appear listing the details and related CVEs. You can show more CVEs or view the related recommendation.
|
||||
|
||||
|
||||
|
||||
## Event types
|
||||
|
||||
@ -45,47 +57,10 @@ The following event types reflect time-stamped events that impact the score:
|
||||
|
||||
## Icons
|
||||
|
||||
- A vulnerability was published
|
||||
- A vulnerability became exploitable
|
||||
- Verified exploit
|
||||
- Exploit added to an exploit kit
|
||||
The following icons show up next to events:
|
||||
|
||||
## From figma
|
||||
|
||||
- Weaknesses (weakness discovered, weakness updated, weakness resolved)
|
||||
- New recommendation created
|
||||
- New threat
|
||||
- Exploitation attempt
|
||||
|
||||
### Weakness discovered
|
||||
|
||||
New weakness was discovered (score reduced) on a software. This event is triggered if one of the following occur:
|
||||
|
||||
- In the last 24 hours "X vulnerabilities" affected "Y machines"
|
||||
- New vulnerabilities were discovered (CVE) on a specific product
|
||||
- A (dynamic) configuration has been broken (e.g. AV stopped updating)
|
||||
- A (static) configuration has changed from configured to misconfigured state
|
||||
- New vulnerable software was installed
|
||||
- New vulnerable software was discovered
|
||||
- New machines were onboarded to ATP and introduced new vulnerabilities
|
||||
|
||||
### Weakness updated
|
||||
|
||||
Existing weakness was updated with new information (score reduced). This event is triggered if one of the following occur:
|
||||
|
||||
- In the last 24 hours "X vulnerabilities" became exploitable
|
||||
- A vulnerability was updated with an exploit
|
||||
- An exploit is now part of an exploit kit
|
||||
- A vulnerability has become a threat
|
||||
|
||||
### Weakness resolved
|
||||
|
||||
Existing weakness was remediated or mitigated (score increase). This event is triggered if one of the following occur:
|
||||
|
||||
- A remediation task was completed (or was marked as completed)
|
||||
- A remediation task was marked as dismissed (business justification)
|
||||
- A remediation or mitigation took place
|
||||
- A vulnerable application was removed/uninstalled (as part of a remediation request or manually by the user)
|
||||
-  New public exploit. A vulnerability became exploitable.
|
||||
- [page with caution symbol] New vulnerability was published.
|
||||
|
||||
## Related topics
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user