Threat and Vulnerability management with Defender ATP
Until today you had to keep track on vulnerabilities in applications, create your custom dashboards and use 3rd party systems for the inventory.
Today microsoft released Threat and Vulnerability Management Dashboard as a part of Defender ATP.
This dashboard provides a lot of insight in your environment with cloud scale, even the systems which are never in the office.
You can find the new dashboard by clicking on the little castle with the flag in the menu bar.
Dashboard
This part gives you a full overview of vulnerabilities like
- Exposure Score
- Configuration Score
- Top vulnerable applications
- Top exposed machines
- Top remediation activities
- Exposure distribution
You are also presented with the top security recommendations
Security Recommendations
In the security recommendations view you can view and sort based on components, remediation type etc
If we look at the details for one of the entries we can se a description, vulernability details, the affected machines and related CVE’s
If we from this view clicks on Open Sofware page, we can see further details
If we from this view opens one of the items, we can see the risks, category and other ID’s
Working with remedation plans
We can create activities and set the due date for that activity
This an also be exported to a CSV file
When we have selected items for remediation we can look in the remediation view for follow up
Sofware Inventory
In this part we get an overview of all applications, weaknesses and if there are any known exploits.
The information from TVM is also linked to the machine page
Happy Hunting!