deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update tvm-dashboard-insights.md

Browse Source
This commit is contained in:
DulceMV 2019-04-15 13:58:10 -07:00 committed by GitHub
parent 75e60b484e
commit 8ffda3150d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md
View File

@ -36,9 +36,6 @@ You can use the Threat & Vulnerability Management capability in [Microsoft Defen
- View exposure and configuration scores side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed machines - View exposure and configuration scores side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed machines
- Correlate EDR insights with endpoint vulnerabilities and process them - Correlate EDR insights with endpoint vulnerabilities and process them
- Select remediation options, triage and track the remediation tasks - Select remediation options, triage and track the remediation tasks
- File and track exceptions
>[!Note]
> The exceptions workflow will be available in the coming months.
## Threat & Vulnerability Management in Microsoft Defender Security Center ## Threat & Vulnerability Management in Microsoft Defender Security Center
When you open the portal, youll see the main areas of the capability: When you open the portal, youll see the main areas of the capability:
@ -56,16 +53,16 @@ Area | Description
(1) Menu | Select menu to expand the navigation pane and see the names of the Threat and Vulnerability Management capabilities. (1) Menu | Select menu to expand the navigation pane and see the names of the Threat and Vulnerability Management capabilities.
(2) Threat & Vulnerability Management navigation pane | Use the navigation pane to move across the **Threat and Vulnerability Management Dashboard**, **Security recommendations**, **Remediation**, and **Software inventory**. (2) Threat & Vulnerability Management navigation pane | Use the navigation pane to move across the **Threat and Vulnerability Management Dashboard**, **Security recommendations**, **Remediation**, and **Software inventory**.
**Dashboards** | Get a high-level view of the organization exposure score, MDATP configuration score, top remediation activities, top security recommendations, top vulnerable software, and top exposed machines data. **Dashboards** | Get a high-level view of the organization exposure score, MDATP configuration score, top remediation activities, top security recommendations, top vulnerable software, and top exposed machines data.
**Security recommendations** | See the list of security recommendations, their related components, insights, number or exposed devices, impact, and request for remediation. You can click each item on the list and it will open a flyout pane where you will see vulnerability details, and have the option to open the software page, see the remediation options, or create exceptions. **Security recommendations** | See the list of security recommendations, their related components, insights, number or exposed devices, impact, and request for remediation. You can click each item on the list and it will open a flyout pane where you will see vulnerability details, and have the option to open the software page, and see the remediation options.
**Remediation** | See the remediation activity, related component, remediation type, status, due date, option to export the remediation progress data to CSV, exceptions, and its corresponding details. **Remediation** | See the remediation activity, related component, remediation type, status, due date, option to export the remediation and process data to CSV.
**Software inventory** | See the list of applications, versions, weaknesses, whether theres an exploit found on the application, prevalence in the organization, how many were installed, how many exposed devices are there, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the vulnerabilities and misconfigurations associated and its machine and version distribution details. **Software inventory** | See the list of applications, versions, weaknesses, whether theres an exploit found on the application, prevalence in the organization, how many were installed, how many exposed devices are there, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the vulnerabilities and misconfigurations associated and its machine and version distribution details.
(3) Threat & Vulnerability Management dashboard | Access the **Exposure score**, **Configuration score**, **Exposure distribution**, **Top security recommendations**, **Top vulnerable software**, **Top remediation activities**, **Top exposed machines**, and **Threat campaigns**. (3) Threat & Vulnerability Management dashboard | Access the **Exposure score**, **Configuration score**, **Exposure distribution**, **Top security recommendations**, **Top vulnerable software**, **Top remediation activities**, **Top exposed machines**, and **Threat campaigns**.
**Organization Exposure score** | See the current state of your organizations device exposure to threats and vulnerabilities. Several factors affect your organizations exposure score: weaknesses discovered in your devices, likelihood of your devices to be breached, value of the devices to your organization, and relevant alerts discovered with your devices. The goal is to lower down your organizations exposure score to be more secure. To reduce the score, you need to remediate the related security configuration issues listed in the security recommendations. **Organization Exposure score** | See the current state of your organizations device exposure to threats and vulnerabilities. Several factors affect your organizations exposure score: weaknesses discovered in your devices, likelihood of your devices to be breached, value of the devices to your organization, and relevant alerts discovered with your devices. The goal is to lower down your organizations exposure score to be more secure. To reduce the score, you need to remediate the related security configuration issues listed in the security recommendations.
**MDATP Configuration score** | See the security posture of your organizations operating system, applications, network, accounts and security controls. The goal is to increase your configuration score by remediating the related security configuration issues. You can click the bars and it will take you to the **Security reccommendation** page for details. **MDATP Configuration score** | See the security posture of your organizations operating system, applications, network, accounts and security controls. The goal is to increase your configuration score by remediating the related security configuration issues. You can click the bars and it will take you to the **Security reccommendation** page for details.
**Machine exposure distribution** | See how many machines are exposed based on their exposure level. You can click the sections in the doughnut chart and it will take you to the **Machines list** page where you'll see the affected machine names, exposure level side by side with risk level, among other details such as domain, OS platform, its health state, when it was last seen, and its tags. **Machine exposure distribution** | See how many machines are exposed based on their exposure level. You can click the sections in the doughnut chart and it will take you to the **Machines list** page where you'll see the affected machine names, exposure level side by side with risk level, among other details such as domain, OS platform, its health state, when it was last seen, and its tags.
**Top security recommendations** | See the collated security recommendations which are sorted and prioritized based on your organizations risk exposure and the urgency that it requires. You can drill down on the security recommendation to see the potential risks, list of exposed machines, and read the insights. Thus, providing you with an informed decision to either proceed with a remediation request or create an exception. Click **Show more** to see the rest of the security recommendations in the list. **Top security recommendations** | See the collated security recommendations which are sorted and prioritized based on your organizations risk exposure and the urgency that it requires. You can drill down on the security recommendation to see the potential risks, list of exposed machines, and read the insights. Thus, providing you with an informed decision to either proceed with a remediation request. Click **Show more** to see the rest of the security recommendations in the list.
**Top vulnerable software** | Get real-time visibility into the organizational software inventory, with stack-ranked list of vulnerable software installed on your networks devices and how they impact on your organizational exposure score. **Top vulnerable software** | Get real-time visibility into the organizational software inventory, with stack-ranked list of vulnerable software installed on your networks devices and how they impact on your organizational exposure score.
**Top remediation activities** | Track the remediation activities generated from the security recommendations. You can click each item on the list and it will take you to the **Remediation** page where you'll see remediation and exception activity details. **Top remediation activities** | Track the remediation activities generated from the security recommendations. You can click each item on the list and it will take you to the **Remediation** page where you'll see remediation activity details.
**Top exposed machines** | See the exposed machine names and their exposure level. You can click the machine name and it will take you to the machine page where you can view the alerts, risks, incidents, security recommendations, installed software, discovered vulnerabilities associated with the exposed machines. You can also do other EDR-related tasks in it, such as: manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate machine. **Top exposed machines** | See the exposed machine names and their exposure level. You can click the machine name and it will take you to the machine page where you can view the alerts, risks, incidents, security recommendations, installed software, discovered vulnerabilities associated with the exposed machines. You can also do other EDR-related tasks in it, such as: manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate machine.
See [Microsoft Defender ATP icons](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection#windows-defender-atp-icons) for more information on the icons used throughout the portal. See [Microsoft Defender ATP icons](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection#windows-defender-atp-icons) for more information on the icons used throughout the portal.