Where to find exact file location for Defender for Cloud - Machines should have vulnerability findings resolved

Matt Mohoney 0 Reputation points
2023-11-20T15:19:23.95+00:00

We have one machine that has triggered the "Machines should have vulnerability findings resolved" recommendation with the particular violation of "Update Openssl Openssl" - software version 3.1.1 and 3.0.8. I have searched for the files on the machine but without much success. Is there a way to see the exact file locations that triggered the alert? I believe Intune gives the exact Software Evidence file locations making these easy to find and make decisions how to proceed. Hoping Microsoft Defender for Cloud has something similar I am just missing.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,349 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Matt Mohoney 0 Reputation points
    2023-11-20T20:24:10.2766667+00:00

    Ended up finding the Software Evidence. Needed to head to the device first, then software inventory. Searched for OpenSSL and found the results.

    Documentation: https://learn.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory?view=o365-worldwide

    0 comments No comments

  2. Givary-MSFT 32,311 Reputation points Microsoft Employee
    2023-11-21T06:32:10.9766667+00:00

    @Matt Mohoney I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others (Opens in new window or tab)", I'll repost your solution in case you'd like to "Accept (Opens in new window or tab)" the answer.

    Issue: We have one machine that has triggered the "Machines should have vulnerability findings resolved" recommendation with the particular violation of "Update Openssl Openssl" - software version 3.1.1 and 3.0.8. I have searched for the files on the machine but without much success. Is there a way to see the exact file locations that triggered the alert? I believe Intune gives the exact Software Evidence file locations making these easy to find and make decisions how to proceed. Hoping Microsoft Defender for Cloud has something similar I am just missing.

    Resolved by @Matt Mohoney finding the Software Evidence. Needed to head to the device first, then software inventory. Searched for OpenSSL and found the results.

    Documentation: https://learn.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory?view=o365-worldwide

    If you have any other questions or are still running into more issues, please let me know.
    Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.