mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-21 17:57:22 +00:00
Merge branch 'master' into tvm-event-insights
This commit is contained in:
Beth Levin
commit
674bbfa82f
@ -51,12 +51,15 @@ The following table lists the SQL Server versions that the App-V Management data
|
||||
|
||||
|SQL Server version|Service pack|System architecture|
|
||||
|---|---|---|
|
||||
|Microsoft SQL Server 2019||32-bit or 64-bit|
|
||||
|Microsoft SQL Server 2017||32-bit or 64-bit|
|
||||
|Microsoft SQL Server 2016|SP2|32-bit or 64-bit|
|
||||
|Microsoft SQL Server 2014||32-bit or 64-bit|
|
||||
|Microsoft SQL Server 2012|SP2|32-bit or 64-bit|
|
||||
|Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit|
|
||||
|
||||
For more information on user configuration files with SQL server 2016 or later, see the [support article](https://support.microsoft.com/help/4548751/app-v-server-publishing-might-fail-when-you-apply-user-configuration-f).
|
||||
|
||||
### Publishing server operating system requirements
|
||||
|
||||
The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
### [Threat & Vulnerability Management]()
|
||||
#### [Overview of Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
|
||||
#### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
|
||||
#### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
|
||||
#### [Dashboard insights](microsoft-defender-atp/tvm-dashboard-insights.md)
|
||||
#### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
|
||||
#### [Configuration score](microsoft-defender-atp/configuration-score.md)
|
||||
#### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 115 KiB |
@ -54,7 +54,7 @@ OK https://cdn.x.cp.wd.microsoft.com/ping
|
||||
> [!WARNING]
|
||||
> PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used.
|
||||
>
|
||||
> Intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception.
|
||||
> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
|
||||
|
||||
If a static proxy is required, add a proxy parameter to the above command, where `proxy_address:port` correspond to the proxy address and port:
|
||||
|
||||
|
||||
@ -119,6 +119,11 @@ Microsoft Defender ATP can discover a proxy server by using the following discov
|
||||
|
||||
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Microsoft Defender ATP. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md).
|
||||
|
||||
> [!WARNING]
|
||||
> PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used.
|
||||
>
|
||||
> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
|
||||
|
||||
For troubleshooting steps, see the [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md) page.
|
||||
|
||||
## How to update Microsoft Defender ATP for Linux
|
||||
|
||||
@ -79,11 +79,17 @@ The following table lists the services and their associated URLs that your netwo
|
||||
| United States | unitedstates.x.cp.wd.microsoft.com <br/> us-v20.events.data.microsoft.com <br/> ussus1eastprod.blob.core.windows.net <br/> ussus1westprod.blob.core.windows.net |
|
||||
|
||||
Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
|
||||
- Proxy auto-config (PAC)
|
||||
- Web Proxy Auto-discovery Protocol (WPAD)
|
||||
- Manual static proxy configuration
|
||||
|
||||
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.
|
||||
|
||||
> [!WARNING]
|
||||
> Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used.
|
||||
>
|
||||
> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
|
||||
|
||||
To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser.
|
||||
|
||||
If you prefer the command line, you can also check the connection by running the following command in Terminal:
|
||||
|
||||
@ -29,8 +29,9 @@ ms.topic: article
|
||||
|
||||
## APIs
|
||||
|
||||
Threat and vulnerability management supports multiple APIs. See the following topics for related APIs:
|
||||
Threat and Vulnerability Management supports multiple APIs. Microsoft Defender Advanced Threat Protection (ATP) Threat & Vulnerability Management APIs are soon to be generally available. See the following topics for related APIs:
|
||||
|
||||
- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
|
||||
- [Machine APIs](machine.md)
|
||||
- [Recommendation APIs](vulnerability.md)
|
||||
- [Score APIs](score.md)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Threat & Vulnerability Management dashboard overview
|
||||
title: Threat & Vulnerability Management dashboard insights
|
||||
description: The Threat & Vulnerability Management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience.
|
||||
keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score
|
||||
search.appverid: met150
|
||||
@ -16,7 +16,7 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
---
|
||||
# Threat & Vulnerability Management dashboard overview
|
||||
# Threat & Vulnerability Management dashboard insights
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ ms.topic: conceptual
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
> [!TIP]
|
||||
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
[!include[Prerelease information](../../includes/prerelease.md)]
|
||||
|
||||
@ -61,7 +61,7 @@ Go to the Threat & Vulnerability Management navigation menu and select **Securit
|
||||
|
||||
In a given day as a Security Administrator, you can take a look at the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [configuration score](configuration-score.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's security configuration to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
|
||||
|
||||
|
||||
|
||||
|
||||
The top security recommendations lists the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details about the recommendation.
|
||||
|
||||
@ -71,11 +71,11 @@ View recommendations, the number of weaknesses found, related components, threat
|
||||
|
||||
The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the number of exposed machines, the color of the graph will change into green.
|
||||
|
||||
|
||||
|
||||
|
||||
### Icons
|
||||
|
||||
Useful icons also quickly calls your attention to: <ul><li>  possible active alerts</li><li> associated public exploits</li><li> recommendation insights</li></ul><br>
|
||||
Useful icons also quickly calls your attention to: <ul><li>  possible active alerts</li><li> associated public exploits</li><li> recommendation insights</li></ul><br>
|
||||
|
||||
### Investigate
|
||||
|
||||
|
||||
@ -37,14 +37,16 @@ Since it is real-time, in a matter of minutes, you will see vulnerability inform
|
||||
|
||||
You can access the Software inventory page by selecting **Software inventory** from the Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md).
|
||||
|
||||
View software on specific machines in the individual machines pages from the [machines list](machines-view-overview.md).
|
||||
|
||||
## Software inventory overview
|
||||
|
||||
The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed machines, impact to exposure score, and tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support.
|
||||
|
||||
|
||||
|
||||
Select the software that you want to investigate and a flyout panel opens up with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**.
|
||||
|
||||
|
||||
|
||||
|
||||
## Software pages
|
||||
|
||||
@ -54,7 +56,16 @@ Once you are in the Software inventory page and have opened the flyout panel by
|
||||
- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs of the number of exposed machines
|
||||
- Tabs with lists of the corresponding security recommendations for the weaknesses and vulnerabilities identified, the named CVEs of discovered vulnerabilities, the names of the machines that the software is installed on, and the specific versions of the software with the number of machines that have each version installed and number of vulnerabilities.
|
||||
|
||||
|
||||
|
||||
|
||||
## Software evidence
|
||||
|
||||
We now show evidence of where we detected a specific software on a machine from the registry, disk or both machine on where we detected a certain software.
|
||||
You can find it on any machines found in the [machines list](machines-view-overview.md) in a section called "Software Evidence."
|
||||
|
||||
From the Microsoft Defender Security Center navigation panel, go to **Machines list** > select the name of a machine to open the machine page (like Computer1) > select the **Software inventory** tab > select the software name to open the flyout and view software evidence.
|
||||
|
||||
|
||||
|
||||
## Report inaccuracy
|
||||
|
||||
|
||||
@ -34,14 +34,14 @@ Windows 7 | Operating System (OS) vulnerabilities
|
||||
Windows 8.1 | Not supported
|
||||
Windows 10 1607-1703 | Operating System (OS) vulnerabilities
|
||||
Windows 10 1709+ |Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
|
||||
Windows Server 2008R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
|
||||
Windows Server 2012R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
|
||||
Windows Server 2008 R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
|
||||
Windows Server 2012 R2 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
|
||||
Windows Server 2016 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
|
||||
Windows Server 2019 | Operating System (OS) vulnerabilities<br/>Software product vulnerabilities<br/>Operating System (OS) configuration assessment<br/>Security controls configuration assessment<br/>Software product configuration assessment
|
||||
MacOS | Not supported (planned)
|
||||
Linux | Not supported (planned)
|
||||
|
||||
Some of the above prerequisites might be different from the [Minimum requirements for Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements) list.
|
||||
Some of the above prerequisites might be different from the [Minimum requirements for Microsoft Defender ATP](minimum-requirements.md) list.
|
||||
|
||||
## Related topics
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ Go to the Threat & Vulnerability Management navigation menu and select **Weaknes
|
||||
|
||||
1. Go to the global search drop-down menu.
|
||||
2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you are looking for.
|
||||
|
||||
|
||||
3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates.
|
||||
|
||||
To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search.
|
||||
@ -67,26 +67,26 @@ If the **Exposed Machines** column shows 0, that means you are not at risk. If e
|
||||
You can view the related breach and threat insights in the **Threat** column when the icons are colored red.
|
||||
|
||||
>[!NOTE]
|
||||
> Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight  icon and breach insight  icon.
|
||||
> Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight icon  and breach insight icon .
|
||||
|
||||
The breach insights icon is highlighted if there is a vulnerability found in your organization.
|
||||
|
||||
|
||||
|
||||
The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit or connected to specific advanced persistent campaigns or activity groups. Threat Analytics report links are provided that you can read with zero-day exploitation news, disclosures, or related security advisories.
|
||||
|
||||
|
||||
|
||||
|
||||
## View Common Vulnerabilities and Exposures (CVE) entries in other places
|
||||
|
||||
### Top vulnerable software in the dashboard
|
||||
|
||||
1. Go to the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time.
|
||||
|
||||
|
||||
2. Select the software that you want to investigate to go a drill down page.
|
||||
3. Select the **Discovered vulnerabilities** tab.
|
||||
4. Select the vulnerability that you want to investigate. A flyout panel will appear with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.
|
||||
|
||||
|
||||
|
||||
|
||||
### Discover vulnerabilities in the machine page
|
||||
|
||||
@ -104,7 +104,7 @@ View related weaknesses information in the machine page.
|
||||
|
||||
Similar to the software evidence, we now show the detection logic we applied on a machine in order to state that it's vulnerable. This is a new section called "Detection Logic" (in any discovered vulnerability in the machine page) that shows the detection logic and source.
|
||||
|
||||
|
||||
|
||||
|
||||
## Report inaccuracy
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user