deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-24 11:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

event insights

Browse Source
This commit is contained in:
Beth Levin 2020-03-11 17:21:45 -07:00
parent b111c07584
commit f6b5b83428
1 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
View File

@ -16,7 +16,7 @@ audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
--- ---
# Exposure score # Exposure score and Event Insights
**Applies to:** **Applies to:**
@ -39,6 +39,53 @@ Several factors affect your organization exposure score:
Reduce the exposure score by addressing what needs to be remediated based on the prioritized security recommendations. See [Security recommendations](tvm-security-recommendation.md) for details. Reduce the exposure score by addressing what needs to be remediated based on the prioritized security recommendations. See [Security recommendations](tvm-security-recommendation.md) for details.
## Event insights
The goal of event insights is to tell the story of the Exposure score.
- Quickly understand and identify high-level takeaways about the state of security in your organization.
- Detect and respond to areas that require investigation or action to improve the current state.
- Communicate with peers and management about the impact of security efforts.
### Event types
The following event types reflect time-stamped events that impact the score:
- Weaknesses (weakness discovered, weakness updated, weakness resolved)
- New recommendation created
- New threat
- Exploitation attempt
#### Weakness discovered
New weakness was discovered (score reduced) on a software. This event is triggered if one of the following occur:
- In the last 24 hours "X vulnerabilities" affected "Y machines"
- New vulnerabilities were discovered (CVE) on a specific product
- A (dynamic) configuration has been broken (e.g. AV stopped updating)
- A (static) configuration has changed from configured to misconfigured state
- New vulnerable software was installed
- New vulnerable software was discovered
- New machines were onboarded to ATP and introduced new vulnerabilities
#### Weakness updated
Existing weakness was updated with new information (score reduced). This event is triggered if one of the following occur:
- In the last 24 hours "X vulnerabilities" became exploitable
- A vulnerability was updated with an exploit
- An exploit is now part of an exploit kit
- A vulnerability has become a threat
#### Weakness resolved
Existing weakness was remediated or mitigated (score increase). This event is triggered if one of the following occur:
- A remediation task was completed (or was marked as completed)
- A remediation task was marked as dismissed (business justification)
- A remediation or mitigation took place
- A vulnerable application was removed/uninstalled (as part of a remedi ation request or manually by the user)
## Related topics ## Related topics
- [Supported operating systems and platforms](tvm-supported-os.md) - [Supported operating systems and platforms](tvm-supported-os.md)