diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 17bf4fe48e..e282446cf6 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -27,7 +27,7 @@ ### [Threat & Vulnerability Management]() #### [Overview of Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) #### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md) -#### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md) +#### [Dashboard insights](microsoft-defender-atp/tvm-dashboard-insights.md) #### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md) #### [Configuration score](microsoft-defender-atp/configuration-score.md) #### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-evidence.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-evidence.png index 90f381e3f2..48af27eb1f 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-evidence.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-evidence.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index e35d189282..05264dcf03 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -1,5 +1,5 @@ --- -title: Threat & Vulnerability Management dashboard overview +title: Threat & Vulnerability Management dashboard insights description: The Threat & Vulnerability Management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience. keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score search.appverid: met150 @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Threat & Vulnerability Management dashboard overview +# Threat & Vulnerability Management dashboard insights **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 14d39dfac1..4859488e84 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -23,7 +23,7 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) > [!TIP] -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) [!include[Prerelease information](../../includes/prerelease.md)] @@ -61,7 +61,7 @@ Go to the Threat & Vulnerability Management navigation menu and select **Securit In a given day as a Security Administrator, you can take a look at the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [configuration score](configuration-score.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's security configuration to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal. -![Screenshot of security recommendations page](images/top-security-recommendations350.png) +![Example of Top security recommendations card, with four security recommendations.](images/top-security-recommendations350.png) The top security recommendations lists the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details about the recommendation. @@ -71,11 +71,11 @@ View recommendations, the number of weaknesses found, related components, threat The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the number of exposed machines, the color of the graph will change into green. -![Screenshot of security recommendations page](images/tvmsecrec-updated.png) +![Example of the landing page for software inventory.](images/tvmsecrec-updated.png) ### Icons -Useful icons also quickly calls your attention to:
+Useful icons also quickly calls your attention to:
### Investigate diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 59ae257e87..2f1c8da158 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -42,11 +42,11 @@ View software on specific machines in the individual machines pages from the [ma ## Software inventory overview The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed machines, impact to exposure score, and tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support. -![Screenshot of software inventory page](images/software_inventory_filter.png) +![Example of the landing page for software inventory.](images/software_inventory_filter.png) Select the software that you want to investigate and a flyout panel opens up with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**. -![Screenshot of software inventory flyout](images/tvm-software-inventory-flyout500.png) +![Flyout example page of "Visual Studio 2017" from the software inventory page.](images/tvm-software-inventory-flyout500.png) ## Software pages @@ -56,7 +56,7 @@ Once you are in the Software inventory page and have opened the flyout panel by - Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs of the number of exposed machines - Tabs with lists of the corresponding security recommendations for the weaknesses and vulnerabilities identified, the named CVEs of discovered vulnerabilities, the names of the machines that the software is installed on, and the specific versions of the software with the number of machines that have each version installed and number of vulnerabilities. -![Screenshot of software page example](images/tvm-software-page-example.png) +![Software example page for Visual Studio 2017 with the software details, weaknesses, exposed devices, and more.](images/tvm-software-page-example.png) ## Software evidence @@ -65,7 +65,7 @@ You can find it on any machines found in the [machines list](machines-view-overv From the Microsoft Defender Security Center navigation panel, go to **Machines list** > select the name of a machine to open the machine page (like Computer1) > select the **Software inventory** tab > select the software name to open the flyout and view software evidence. -![Screenshot of software evidence example](images/tvm-software-evidence.png) +![Software evidence example of Windows 10 from the machines list, showing software evidence registry path.](images/tvm-software-evidence.png) ## Report inaccuracy diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index d7cad2e5aa..64933d374c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -34,14 +34,14 @@ Windows 7 | Operating System (OS) vulnerabilities Windows 8.1 | Not supported Windows 10 1607-1703 | Operating System (OS) vulnerabilities Windows 10 1709+ |Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment -Windows Server 2008R2 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment -Windows Server 2012R2 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment +Windows Server 2008 R2 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment +Windows Server 2012 R2 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment Windows Server 2016 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment Windows Server 2019 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment MacOS | Not supported (planned) Linux | Not supported (planned) -Some of the above prerequisites might be different from the [Minimum requirements for Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements) list. +Some of the above prerequisites might be different from the [Minimum requirements for Microsoft Defender ATP](minimum-requirements.md) list. ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 7df8d6c770..4b7a5cb97e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -51,7 +51,7 @@ Go to the Threat & Vulnerability Management navigation menu and select **Weaknes 1. Go to the global search drop-down menu. 2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you are looking for. -![tvm-vuln-globalsearch](images/tvm-vuln-globalsearch.png) +![Global search box with the dropdown option "vulnerability" selected and an example CVE.](images/tvm-vuln-globalsearch.png) 3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates. To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search. @@ -67,26 +67,26 @@ If the **Exposed Machines** column shows 0, that means you are not at risk. If e You can view the related breach and threat insights in the **Threat** column when the icons are colored red. >[!NOTE] - > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight ![threat insight](images/tvm_bug_icon.png) icon and breach insight ![possible active alert](images/tvm_alert_icon.png) icon. + > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight icon ![Simple drawing of a red bug.](images/tvm_bug_icon.png) and breach insight icon ![Simple drawing of an arrow hitting a target.](images/tvm_alert_icon.png). The breach insights icon is highlighted if there is a vulnerability found in your organization. -![tvm-breach-insights](images/tvm-breach-insights.png) +![Example of a breach insights text that could show up when hovering over icon. This one says "possible active alert is associated with this recommendation.](images/tvm-breach-insights.png) The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit or connected to specific advanced persistent campaigns or activity groups. Threat Analytics report links are provided that you can read with zero-day exploitation news, disclosures, or related security advisories. -![tvm-threat-insights](images/tvm-threat-insights.png) +![Threat insights text that that could show up when hovering over icon. This one has multiple bullet points and linked text.](images/tvm-threat-insights.png) ## View Common Vulnerabilities and Exposures (CVE) entries in other places ### Top vulnerable software in the dashboard 1. Go to the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time. -![top vulnerable software card](images/tvm-top-vulnerable-software500.png) +![Top vulnerable software card with four columns: software, weaknesses, threats, exposed machines.](images/tvm-top-vulnerable-software500.png) 2. Select the software that you want to investigate to go a drill down page. 3. Select the **Discovered vulnerabilities** tab. 4. Select the vulnerability that you want to investigate. A flyout panel will appear with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates. -![Windows server drill down overview](images/windows-server-drilldown.png) +![Windows Server 2019 drill down overview.](images/windows-server-drilldown.png) ### Discover vulnerabilities in the machine page @@ -104,7 +104,7 @@ View related weaknesses information in the machine page. Similar to the software evidence, we now show the detection logic we applied on a machine in order to state that it's vulnerable. This is a new section called "Detection Logic" (in any discovered vulnerability in the machine page) that shows the detection logic and source. -![Screenshot of the machine page with details and response options](images/cve-detection-logic.png) +![Detection Logic example which lists the software detected on the device and the KBs.](images/cve-detection-logic.png) ## Report inaccuracy