deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 13:47:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updating text and screenshots

Browse Source
This commit is contained in:
Beth Levin 2020-04-02 12:00:14 -07:00
parent 2f31392f7f
commit c15ad0a2cc
7 changed files with 43 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-remediation-activities-card.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-inventory-flyout.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-inventory-flyout500.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-page-example.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 145 KiB

7
windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
View File

@ -32,7 +32,10 @@ Lower your organization's exposure from vulnerabilities and increase your securi
## Navigate to the Remediation page ## Navigate to the Remediation page
You can access the remediation page though the navigation menu, and top remediation activities in the dashboard. You can access the Remediation page though the following ways:
- Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md)
- Top remediation activities card in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
### Navigation menu ### Navigation menu
@ -43,6 +46,8 @@ Go to the Threat & Vulnerability Management navigation menu and select **Remedia
View **Top remediation activities** in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md). Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task. View **Top remediation activities** in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md). Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task.
![Screenshot of the remediation page flyout for a software which reached end-of-support](images/tvm-remediation-activities-card.png)
## Remediation activities ## Remediation activities
When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune. When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune.

14
windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
View File

@ -31,7 +31,7 @@ Cybersecurity weaknesses identified in your organization are mapped to actionabl
Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment. Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
## Criteria ## How it works
Each machine in the organization is scored based on three important factors to help customers to focus on the right things at the right time. Each machine in the organization is scored based on three important factors to help customers to focus on the right things at the right time.
@ -41,9 +41,17 @@ Each machine in the organization is scored based on three important factors to h
- **Business value** - Your organization's assets, critical processes, and intellectual properties - **Business value** - Your organization's assets, critical processes, and intellectual properties
## Navigate to security recommendations ## Navigate to the Security recommendations page
You can access security recommendations from the Microsoft Defender ATP Threat & Vulnerability Management navigation menu, dashboard, software page, and machine page. Access the Security recommendations page a few different ways:
- Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md)
- Top security recommendations in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
View related security recommendations in the following pages:
- Software page
- Machine page
### Navigation menu ### Navigation menu

42
windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
View File

@ -27,37 +27,47 @@ ms.topic: conceptual
Microsoft Defender ATP Threat & Vulnerability management's discovery capability shows in the **Software inventory** page. The software inventory includes the name of the product or vendor, the latest version it is in, and the number of weaknesses and vulnerabilities detected with it. Microsoft Defender ATP Threat & Vulnerability management's discovery capability shows in the **Software inventory** page. The software inventory includes the name of the product or vendor, the latest version it is in, and the number of weaknesses and vulnerabilities detected with it.
## Navigate through your software inventory
1. Select **Software inventory** from the Threat & Vulnerability management navigation menu. The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed machines, impact to exposure score, tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support.
![Screenshot of software inventory page](images/software_inventory_filter.png)
2. In the **Software inventory** page, select the software that you want to investigate and a flyout panel opens up with the same details mentioned above but in a more compact view. You can either dive deeper into the investigation and select **Open software page** or flag any technical inconsistencies by selecting **Report inaccuracy**.
3. Select **Open software page** to dive deeper into your software inventory to see how many weaknesses are discovered in the software, devices exposed, installed machines, version distribution, and the corresponding security recommendations for the weaknesses and vulnerabilities identified.
## How it works ## How it works
In the field of discovery, we are leveraging the same set of signals in Microsoft Defender ATP's endpoint detection and response that's responsible for detection, for vulnerability assessment. In the field of discovery, we are leveraging the same set of signals in Microsoft Defender ATP's endpoint detection and response that's responsible for detection, for vulnerability assessment.
Since it is real-time, in a matter of minutes, you will see vulnerability information as they get discovered. The engine automatically grabs information from multiple security feeds. In fact, you'll will see if a particular software is connected to a live threat campaign. It also provides a link to a Threat Analytics report soon as it's available. Since it is real-time, in a matter of minutes, you will see vulnerability information as they get discovered. The engine automatically grabs information from multiple security feeds. In fact, you'll will see if a particular software is connected to a live threat campaign. It also provides a link to a Threat Analytics report soon as it's available.
## Navigate to the Software inventory page
You can access the Software inventory page by selecting **Software inventory** from the Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md)
## Software inventory overview
The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed machines, impact to exposure score, and tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support.
![Screenshot of software inventory page](images/software_inventory_filter.png)
Select the software that you want to investigate and a flyout panel opens up with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page** or flag any technical inconsistencies by selecting **Report inaccuracy**.
![Screenshot of software inventory flyout](images/tvm-software-inventory-flyout500.png)
## Software pages
Select **Open software page** from the software flyout panel to view all the details of a specific software.
The side panel
to see how many weaknesses are discovered in the software, devices exposed, installed machines, version distribution, and the corresponding security recommendations for the weaknesses and vulnerabilities identified.
![Screenshot of software inventory flyout](images/tvm-software-page-example.png)
## Report inaccuracy ## Report inaccuracy
You can report a false positive when you see any vague, inaccurate version, incomplete, or already remediated software inventory information in the machine page. You can report a false positive when you see any vague, inaccurate version, incomplete, or already remediated software inventory information in the machine page.
1. Select one of the software rows. A flyout will appear. 1. Select **Report inaccuracy** from the software flyout panel
2. Select "Report inaccuracy" in the flyout 2. Select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy.
![Screenshot of Report inaccuracy control](images/software-inventory-report-inaccuracy500.png) 3. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts.
3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy.
![Screenshot of Report inaccuracy flyout pane](images/report-inaccuracy-flyout500.png) ![Screenshot of Report inaccuracy flyout pane](images/report-inaccuracy-flyout500.png)
4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts.
## Related topics ## Related topics
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) - [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)