diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-evidence.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-evidence.png new file mode 100644 index 0000000000..90f381e3f2 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-evidence.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 6d27373c84..d69c963e40 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -29,8 +29,9 @@ ms.topic: article ## APIs -Threat and vulnerability management supports multiple APIs. See the following topics for related APIs: +Threat and Vulnerability Management supports multiple APIs. Microsoft Defender Advanced Threat Protection (ATP) Threat & Vulnerability Management APIs are soon to be generally available. See the following topics for related APIs: +- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md) - [Machine APIs](machine.md) - [Recommendation APIs](vulnerability.md) - [Score APIs](score.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 84165fe568..59ae257e87 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -37,6 +37,8 @@ Since it is real-time, in a matter of minutes, you will see vulnerability inform You can access the Software inventory page by selecting **Software inventory** from the Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md). +View software on specific machines in the individual machines pages from the [machines list](machines-view-overview.md). + ## Software inventory overview The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed machines, impact to exposure score, and tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support. @@ -56,6 +58,15 @@ Once you are in the Software inventory page and have opened the flyout panel by ![Screenshot of software page example](images/tvm-software-page-example.png) +## Software evidence + +We now show evidence of where we detected a specific software on a machine from the registry, disk or both machine on where we detected a certain software. +You can find it on any machines found in the [machines list](machines-view-overview.md) in a section called "Software Evidence." + +From the Microsoft Defender Security Center navigation panel, go to **Machines list** > select the name of a machine to open the machine page (like Computer1) > select the **Software inventory** tab > select the software name to open the flyout and view software evidence. + +![Screenshot of software evidence example](images/tvm-software-evidence.png) + ## Report inaccuracy You can report a false positive when you see any vague, inaccurate version, incomplete, or already remediated software inventory information.