Hello N-M
Happy to help here with your query..
Yes, you can manage vulnerabilities in Microsoft Defender for Cloud. You can disable findings with severity below medium, disable findings that are non-patchable, disable findings with CVSS score below 6.5, or disable specific findings with specific text in the security check or category. To create a rule, you need permissions to edit a policy in Azure Policy.
You can learn more about this in Azure RBAC permissions in Azure Policy
To create a rule, you can follow these steps:
- From the recommendations detail page for Machines should have vulnerability findings resolved, select Disable rule.
- Select the relevant scope.
- Define your criteria.
- You can use any of the following criteria: Finding ID, Category, Security check, CVSS scores (v2, v3), Severity, Patchable status.
- Select Apply rule
Please note that changes might take up to 24 hours to take effect
You can also view, override, or delete a rule by selecting Disable rule. From the scope list, subscriptions with active rules show as Rule applied. To view or delete the rule, select the ellipsis menu ("...")
You can also receive regular updates of the vulnerability assessment status for your database by using the customizable Azure Logic Apps template
You can manage vulnerability assessments programmatically using the REST API. The express configuration is supported in the latest REST API version with various functionalities.
I hope this information helps you manage vulnerabilities in Microsoft Defender for Cloud. Let me know if you need further assistance
Refer to the following links for the details on the above
https://learn.microsoft.com/en-us/azure/defender-for-cloud/partner-integration
https://learn.microsoft.com/en-us/azure/defender-for-cloud/remediate-vulnerability-findings-vm
If this does answer your question, please feel free to mark it as the answer as a token of appreciation.