How to configure Defender365 Vulnerability Management

N-M 191 Reputation points
2023-02-19T21:57:38.12+00:00

Hello,

How can I configure Defender 365 to show me and focus on some specific vulnerabilities, such as security vulnerabilities?

My score on dashboard is terrible, and it is just because of software updates.

I know updating software is important, but now, I want to avoid defender365 paying attention to that and counting them.

Can I manage vulnerabilities in defender365?

Although I used exception to postpone some security recommendation, my score didn't change.

I really appreciate any help you can provide.

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
39,113 questions
{count} votes

Accepted answer
  1. Tech-Hyd-1989 5,796 Reputation points
    2023-02-20T10:17:30.7233333+00:00

    Hello N-M

    Happy to help here with your query..

    Yes, you can manage vulnerabilities in Microsoft Defender for Cloud. You can disable findings with severity below medium, disable findings that are non-patchable, disable findings with CVSS score below 6.5, or disable specific findings with specific text in the security check or category. To create a rule, you need permissions to edit a policy in Azure Policy.

    You can learn more about this in Azure RBAC permissions in Azure Policy

    To create a rule, you can follow these steps:

    1. From the recommendations detail page for Machines should have vulnerability findings resolved, select Disable rule.
    2. Select the relevant scope.
    3. Define your criteria.
    4. You can use any of the following criteria: Finding ID, Category, Security check, CVSS scores (v2, v3), Severity, Patchable status.
    5. Select Apply rule

    Please note that changes might take up to 24 hours to take effect

    You can also view, override, or delete a rule by selecting Disable rule. From the scope list, subscriptions with active rules show as Rule applied. To view or delete the rule, select the ellipsis menu ("...")

    You can also receive regular updates of the vulnerability assessment status for your database by using the customizable Azure Logic Apps template

    You can manage vulnerability assessments programmatically using the REST API. The express configuration is supported in the latest REST API version with various functionalities.

    I hope this information helps you manage vulnerabilities in Microsoft Defender for Cloud. Let me know if you need further assistance

    Refer to the following links for the details on the above

    https://learn.microsoft.com/en-us/azure/defender-for-cloud/partner-integration
    https://learn.microsoft.com/en-us/azure/defender-for-cloud/remediate-vulnerability-findings-vm

    If this does answer your question, please feel free to mark it as the answer as a token of appreciation.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.