deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 07:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3416 from MicrosoftDocs/tvm-updates

Browse Source 
Tvm updates
This commit is contained in:
Beth Woodbury 2020-07-31 16:39:25 -07:00 committed by GitHub
commit b320168fa5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 28 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/TOC.md
View File

@ -573,7 +573,7 @@
###### [Vulnerability]()
####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md)
####### [List vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md)
####### [List vulnerabilities by Machine and Software](microsoft-defender-atp/get-all-vulnerabilities-by-machines.md)
####### [List vulnerabilities by machine and software](microsoft-defender-atp/get-all-vulnerabilities-by-machines.md)
####### [Get vulnerability by Id](microsoft-defender-atp/get-vulnerability-by-id.md)
####### [List machines by vulnerability](microsoft-defender-atp/get-machines-by-vulnerability.md)

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-cve-detection-logic.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-weakness-flyout.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-weakness-flyout400.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 74 KiB

6
windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
View File

@ -112,7 +112,11 @@ From there, select **Go to related security recommendation** to go to the [secur
To open a software page, select an event > select the hyperlinked software name (like Visual Studio 2017) in the section called "Related component" in the flyout. [Learn more about software pages](tvm-software-inventory.md#software-pages)
A full page will appear with all the details of a specific software, including an event timeline tab. From there you can view all the events related to that software, along with security recommendations, discovered vulnerabilities, installed machines, and version distribution.
A full page will appear with all the details of a specific software. Mouse over the graph to see the timeline of events for that specific software.
![Software page with an Event timeline graph](images/tvm-event-timeline-software.png)
You can also navigate to the event timeline tab to view all the events related to that software, along with security recommendations, discovered vulnerabilities, installed machines, and version distribution.
![Software page with an Event timeline tab](images/tvm-event-timeline-software-pages.png)

34
windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
View File

@ -25,9 +25,9 @@ ms.topic: conceptual
[!include[Prerelease information](../../includes/prerelease.md)]
Threat and vulnerability management leverages the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities.
Threat and vulnerability management uses the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities.
The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization by listing the Common Vulnerabilities and Exposures (CVE) ID, the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, and threat insights.
The **Weaknesses** page lists down the vulnerabilities found in the infected software running in your organization by listing the Common Vulnerabilities and Exposures (CVE) ID, the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more.
>[!IMPORTANT]
>To boost your vulnerability assessment detection rates, you can download the following mandatory security updates and deploy them in your network:
@ -50,21 +50,21 @@ Go to the threat and vulnerability management navigation menu and select **Weakn
### Vulnerabilities in global search
1. Go to the global search drop-down menu.
2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you are looking for.
2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you're looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you're looking for.
![Global search box with the dropdown option "vulnerability" selected and an example CVE.](images/tvm-vuln-globalsearch.png)
3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates.
3. Select the CVE and a flyout panel opens up with more information, including the vulnerability description, details, threat insights, and exposed devices.
To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search.
To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then select search.
## Weaknesses overview
If the **Exposed Devices** column shows 0, that means you are not at risk. If exposed devices exist, the next step is to remediate the vulnerabilities in those devices to reduce the risk to your assets and organization.
If exposed devices exist, the next step is to remediate the vulnerabilities in those devices to reduce the risk to your assets and organization. If the **Exposed Devices** column shows 0, that means you are not at risk.
![tvm-breach-insights](images/tvm-weaknesses-overview.png)
![Weaknesses landing page.](images/tvm-weaknesses-overview.png)
### Breach and threat insights
You can view the related breach and threat insights in the **Threat** column when the icons are colored red.
View related breach and threat insights in the **Threat** column when the icons are colored red.
>[!NOTE]
> Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight icon ![Simple drawing of a red bug.](images/tvm_bug_icon.png) and breach insight icon ![Simple drawing of an arrow hitting a target.](images/tvm_alert_icon.png).
@ -76,6 +76,14 @@ The threat insights icon is highlighted if there are associated exploits in the
![Threat insights text that that could show up when hovering over icon. This one has multiple bullet points and linked text.](images/tvm-threat-insights.png)
### Gain vulnerability insights
If you select a CVE, a flyout panel will open with more information, including the vulnerability description, details, threat insights, and exposed devices.
The "OS Feature" category is shown in relevant scenarios.
![Weakness flyout example.](images/tvm-weakness-flyout400.png)
## View Common Vulnerabilities and Exposures (CVE) entries in other places
### Top vulnerable software in the dashboard
@ -84,9 +92,9 @@ The threat insights icon is highlighted if there are associated exploits in the
![Top vulnerable software card with four columns: software, weaknesses, threats, exposed devices.](images/tvm-top-vulnerable-software500.png)
2. Select the software that you want to investigate to go a drill down page.
2. Select the software you want to investigate to go to a drill down page.
3. Select the **Discovered vulnerabilities** tab.
4. Select the vulnerability that you want to investigate. A flyout panel will appear with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.
4. Select the vulnerability you want to investigate for more information on vulnerability details
![Windows Server 2019 drill down overview.](images/windows-server-drilldown.png)
@ -102,7 +110,7 @@ View related weaknesses information in the device page.
3. The device page will open with details and response options for the device you want to investigate.
4. Select **Discovered vulnerabilities**.
[Screenshot of the device page with details and response options](images/tvm-discovered-vulnerabilities.png)
![Screenshot of the device page with details and response options](images/tvm-discovered-vulnerabilities.png)
5. Select the vulnerability that you want to investigate to open up a flyout panel with the CVE details, such as: vulnerability description, threat insights, and detection logic.
@ -110,7 +118,9 @@ View related weaknesses information in the device page.
Similar to the software evidence, we now show the detection logic we applied on a device in order to state that it's vulnerable. This is a new section called "Detection Logic" (in any discovered vulnerability in the device page) that shows the detection logic and source.
![Detection Logic example which lists the software detected on the device and the KBs.](images/cve-detection-logic.png)
The "OS Feature" category is also shown in relevant scenarios. For example, a CVE affects devices that run a vulnerable OS, only if a specific OS component is enabled on these devices. Let's say Windows Server 2019 has vulnerability in its DNS component. With this new capability, well attach this CVE only to the Windows Server 2019 devices with DNS capability enabled in their OS.
![Detection Logic example which lists the software detected on the device and the KBs.](images/tvm-cve-detection-logic.png)
## Report inaccuracy