diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index fb08490413..90c803649e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -38,6 +38,7 @@ #### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md) #### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md) #### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md) +#### [Event timeline](microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md) #### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md) ### [Attack surface reduction]() diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bug-caution-icon2.png b/windows/security/threat-protection/microsoft-defender-atp/images/bug-caution-icon2.png new file mode 100644 index 0000000000..0da9ac0e88 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bug-caution-icon2.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bug-lightning-icon2.png b/windows/security/threat-protection/microsoft-defender-atp/images/bug-lightning-icon2.png new file mode 100644 index 0000000000..36a6a2509c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bug-lightning-icon2.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/event-insights-page.png b/windows/security/threat-protection/microsoft-defender-atp/images/event-insights-page.png new file mode 100644 index 0000000000..7fe365f9a8 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/event-insights-page.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/report-warning-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/report-warning-icon.png new file mode 100644 index 0000000000..b3e9f9a8ad Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/report-warning-icon.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-black-bug-icon.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-black-bug-icon.png new file mode 100644 index 0000000000..33cf4ffe61 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-black-bug-icon.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-dates.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-dates.png new file mode 100644 index 0000000000..e2998ed7aa Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-dates.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-drilldown.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-drilldown.png new file mode 100644 index 0000000000..d0ad1e7017 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-drilldown.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score.png new file mode 100644 index 0000000000..91950ddc48 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score400.png new file mode 100644 index 0000000000..84cf422fdc Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-exposure-score400.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-flyout500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-flyout500.png new file mode 100644 index 0000000000..972824d9d2 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-flyout500.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview-mixed-type.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview-mixed-type.png new file mode 100644 index 0000000000..d2de753251 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-overview-mixed-type.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software-pages.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software-pages.png new file mode 100644 index 0000000000..26b7c166bb Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-event-timeline-software-pages.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-page-example.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-page-example.png index e42ff5b807..3b67159481 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-page-example.png and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-page-example.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-events-card.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-events-card.png new file mode 100644 index 0000000000..437d371dc8 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-top-events-card.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index 7a336fa1a5..57650a46c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -115,6 +115,7 @@ See the following topics for related APIs: - [Remediation and exception](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) - [Weaknesses](tvm-weaknesses.md) +- [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md new file mode 100644 index 0000000000..f0fc7f9e71 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md @@ -0,0 +1,132 @@ +--- +title: Event timeline +description: Event timeline is a "risk news feed" which will help you interpret how risk is introduced into the organization and which mitigations happened to reduce it. +keywords: event timeline, mdatp event timeline, mdatp tvm event timeline, threat and vulnerability management, Microsoft Defender Advanced Threat Protection +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: ellevin +author: levinec +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- +# Event timeline + +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Event timeline is a risk news feed which helps you interpret how risk, through new vulnerabilities or exploits, is introduced into the organization. You can view events which may impact your organization's risk. For example, you can find new vulnerabilities that were introduced, vulnerabilities that became exploitable, exploit that was addd to an exploit kit, and more. + +Event timeline also tells the story of your [exposure score](tvm-exposure-score.md) so you can determine the cause of large changes. Reduce you exposure score by addressing what needs to be remediated based on the prioritized [security recommendations](tvm-security-recommendation.md). + +## Navigate to the Event timeline page + +You can access Event timeline mainly through three ways: + +- In the Threat & Vulnerability Management navigation menu in the Microsoft Defender Security Center +- Top events card in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md). The highest impact events (for example, affect the most machines or critical vulnerabilities) +- Hovering over the Exposure Score graph in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) + +### Navigation menu + +Go to the Threat & Vulnerability Management navigation menu and select **Event timeline** to view impactful events. + +### Top events card + +In the Threat & Vulnerability Management dashboard, the "Top events" card displays the three most impactful events in the last 7 days. Select **Show more** to go to the Event timeline page. + +![Event timeline page](images/tvm-top-events-card.png) + +### Exposure score graph + +In the Threat & Vulnerability Management dashboard, hover over the Exposure score graph to view top events from that day that impacted your machines. If there are no events, then none will be shown. + +![Event timeline page](images/tvm-event-timeline-exposure-score400.png) + +Selecting **Show all events from this day** will lead you to the Event timeline page with a pre-populated custom date range for that day. + +![Event timeline page](images/tvm-event-timeline-drilldown.png) + +Select **Custom range** to change the date range to another custom one, or a pre-set time range. + +![Event timeline date range options](images/tvm-event-timeline-dates.png) + +## Event timeline overview + +On the Event timeline page, you can view the all the necesssary info related to an event. + +Features: + +- Customize columns +- Filter by event type or percent of impacted machines +- View 30, 50, or 100 items per page + +The two large numbers at the top of the page show the number of new vulnerabilities and exploitable vulnerabilities, not events. Some events can have multiple vulnerabilities, and some vulnerabilities can have multiple events. + +![Event timeline page](images/tvm-event-timeline-overview-mixed-type.png) + +### Columns + +- **Date**: month, day, year +- **Event**: impactful event, including component, type, and number of impacted machines +- **Related component**: software +- **Originally impacted machines**: the number, and percentage, of impacted machines when this event originally occurred. You can also filter by the percent of originally impacted machines, out of your total number of machines. +- **Currently impacted machines**: the current number, and percentage, of machines that this event currently impacts. You can find this field by selecting **Customize columns**. +- **Types**: reflect time-stamped events that impact the score. They can be filtered. + - Exploit added to an exploit kit + - Exploit was verified + - New public exploit + - New vulnerability +- **Score trend**: exposure score trend + +### Icons + +The following icons show up next to events: + +- ![bug icon](images/tvm-black-bug-icon.png) New public exploit +- ![report warning icon](images/report-warning-icon.png) New vulnerability was published +- ![exploit kit](images/bug-lightning-icon2.png) Exploit found in exploit kit +- ![bug icon](images/bug-caution-icon2.png) Exploit verified + +### Drill down to a specific event + +Once you select an event, a flyout will appear listing the details and current CVEs that affect your machines. You can show more CVEs or view the related recommendation. + +The arrow below "score trend" helps you determine whether this event potentially raised or lowered your organizational exposure score. Higher exposure score means machines are more vulnerable to exploitation. + +![Event timeline flyout](images/tvm-event-timeline-flyout500.png) + +From there, select **Go to related security recommendation** to go to the [security recommendations page](tvm-security-recommendation.md) and the recommendation that will address the new software vulnerability. After reading the description and vulnerability details in the security recommendation, you can [submit a remediation request](tvm-security-recommendation.md#request-remediation), and track the request in the [remediation page](tvm-remediation.md). + +## View Event timelines in software pages + +To open a software page, select an event > select the hyperlinked software name (like Visual Studio 2017) in the section called "Related component" in the flyout. [Learn more about software pages](tvm-software-inventory.md#software-pages) + +A full page will appear with all the details of a specific software, including an event timeline tab. From there you can view all the events related to that software, along with security recommendations, discovered vulnerabilities, installed machines, and version distribution. + +![Software page with an Event timeline tab](images/tvm-event-timeline-software-pages.png) + +## Related topics + +- [Supported operating systems and platforms](tvm-supported-os.md) +- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md) +- [Configuration score](configuration-score.md) +- [Security recommendations](tvm-security-recommendation.md) +- [Remediation and exception](tvm-remediation.md) +- [Software inventory](tvm-software-inventory.md) +- [Weaknesses](tvm-weaknesses.md) +- [Scenarios](threat-and-vuln-mgt-scenarios.md) +- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Score APIs](software.md) +- [Vulnerability APIs](vulnerability.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index aa09248fe1..d9ae5aa265 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -61,6 +61,7 @@ DeviceName=any(DeviceName) by DeviceId, AlertId - [Remediation and exception](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) - [Weaknesses](tvm-weaknesses.md) +- [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [Advanced hunting overview](overview-hunting.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index f3e37477b9..0c1b4cf7e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -93,6 +93,7 @@ See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-ico - [Remediation and exception](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) - [Weaknesses](tvm-weaknesses.md) +- [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index 43b92d5790..792253121c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -22,8 +22,14 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) + Your Exposure score is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. It reflects how vulnerable your organization is to cybersecurity threats. Low exposure score means your devices are less vulnerable from exploitation. +- Quickly understand and identify high-level takeaways about the state of security in your organization. +- Detect and respond to areas that require investigation or action to improve the current state. +- Communicate with peers and management about the impact of security efforts. + The card gives you a high-level view of your exposure score trend over time. Any spikes in the chart gives you a visual indication of a high cybersecurity threat exposure that you can investigate further. ![Exposure score card](images/tvm_exp_score.png) @@ -61,6 +67,7 @@ Lower your threat and vulnerability exposure by remediating [security recommenda - [Remediation and exception](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) - [Weaknesses](tvm-weaknesses.md) +- [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index b896af9637..9a028202c2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -103,6 +103,7 @@ Select **Show exceptions** at the bottom of the **Top security recommendations** - [Security recommendations](tvm-security-recommendation.md) - [Software inventory](tvm-software-inventory.md) - [Weaknesses](tvm-weaknesses.md) +- [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index f6fa46930d..fe34c442c5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -22,8 +22,7 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -> [!TIP] -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) [!include[Prerelease information](../../includes/prerelease.md)] @@ -80,7 +79,7 @@ Useful icons also quickly calls your attention to: - ![red bug](images/tvm_bug_icon.png) associated public exploits - ![light bulb](images/tvm_insight_icon.png) recommendation insights -### Investigate +### Explore security recommendation options Select the security recommendation that you want to investigate or process. @@ -97,6 +96,14 @@ From the flyout, you can do any of the following: >[!NOTE] >When a change is made on a device, it may take up to two hours for the data to be reflected in the Microsoft Defender Security Center. +### Investigate changes in machine exposure or impact + +If there is a large jump in the number of exposed machines, or a sharp increase in the impact on your organization exposure score and configuration score, then that security recommendation is worth investigating. + +1. Select the recommendation and **Open software page** +2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md) +3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request + ## Request remediation The Threat & Vulnerability Management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune. @@ -209,6 +216,7 @@ After you have identified which software and software versions are vulnerable du - [Remediation and exception](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) - [Weaknesses](tvm-weaknesses.md) +- [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 71a557d488..645cd0f01c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -48,7 +48,13 @@ Select the software that you want to investigate and a flyout panel opens up wit ## Software pages -Once you are in the Software inventory page and have opened the flyout panel by selecting a software to investigate, select **Open software page** (see image in the previous section). A full page will appear with all the details of a specific software and the following information: +You can view software pages a few different ways: + +- Software inventory page > Select a software name > Select **Open software page** in the flyout +- [Security recommendations page](tvm-security-recommendation.md) > Select a recommendation > Select **Open software page** in the flyout +- [Event timeline page](threat-and-vuln-mgt-event-timeline.md) > Select an event > Select the hyperlinked software name (like Visual Studio 2017) in the section called "Related component" in the flyout + + A full page will appear with all the details of a specific software and the following information: - Side panel with vendor information, prevalence of the software in the organization (including number of devices it is installed on, and exposed devices that are not patched), whether and exploit is available, and impact to your exposure score - Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs of the number of exposed devices @@ -84,6 +90,7 @@ You can report a false positive when you see any vague, inaccurate version, inco - [Security recommendations](tvm-security-recommendation.md) - [Remediation and exception](tvm-remediation.md) - [Weaknesses](tvm-weaknesses.md) +- [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index 849743a1aa..79a095f15f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -51,6 +51,7 @@ Some of the above prerequisites might be different from the [Minimum requirement - [Remediation and exception](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) - [Weaknesses](tvm-weaknesses.md) +- [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 29ac035edd..6811d01917 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -131,6 +131,7 @@ You can report a false positive when you see any vague, inaccurate, incomplete, - [Security recommendations](tvm-security-recommendation.md) - [Remediation and exception](tvm-remediation.md) - [Software inventory](tvm-software-inventory.md) +- [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) \ No newline at end of file