Edit

Detect internet exposed IP addresses

This article shows you how to find internet-exposed IP addresses in Microsoft Defender for Cloud. You learn how to use cloud security explorer and attack path analysis to find and prioritize risk.

Microsoft Defender for Cloud integrates with Defender External Attack Surface Management (Defender EASM). In cloud security explorer, this capability appears as Defender EASM (DEASM) findings. This integration provides recommendations and attack path visualizations that help reduce risk.

Prerequisites

Before you begin, make sure that you meet the following requirements:

Detect internet exposed IP addresses with the cloud security explorer

Use cloud security explorer to build queries, such as outside-in scans, that detect internet-exposed IP addresses in your environment.

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud > Cloud security explorer.

  3. In the dropdown menu, search for and select IP addresses.

    Screenshot that shows where to navigate to in Defender for Cloud to search for and select the IP addresses option.

  4. Select Done.

  5. Select +.

  6. In the select condition dropdown menu, select DEASM Findings.

    Screenshot that shows where to locate the DEASM Findings option.

  7. Select the + button.

  8. In the select condition dropdown menu, select Routes traffic to.

  9. In the select resource type dropdown menu, select Select all.

    Screenshot that shows where the select all option is located.

  10. Select Done.

  11. Select the + button.

  12. In the select condition dropdown menu, select Routes traffic to.

  13. In the select resource type dropdown menu, select Virtual machine.

  14. Select Done.

  15. Select Search.

    Screenshot that shows the fully built query and where the search button is located.

  16. Select a result to review the findings.

Detect exposed IP addresses with attack path analysis

Use attack path analysis to view paths that an attacker could use to reach critical assets.

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud > Attack path analysis.

  3. Search for Internet exposed.

  4. Review and select a result.

  5. Remediate the attack path.

Next step

Identify and remediate attack paths

  • Last updated on