Подія
Створення програм і агентів AI
17 бер., 21 - 21 бер., 10
Приєднайтеся до серії нарад, щоб створити масштабовані рішення зі ШІ на основі реальних випадків використання з колегами-розробниками та експертами.
Зареєструватися заразDeviceTvmSoftwareVulnerabilities
Captures various identity-related events, like password changes, password expiration, and user principal name (UPN) changes.
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Security |
| Solutions | SecurityInsights |
| Basic log | No |
| Ingestion-time transformation | Yes |
| Sample Queries | Yes |
| Column | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| CveId | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system |
| CveTags | dynamic | Array of tags relevant to the CVE; example: ZeroDay, NoSecurityUpdate |
| DeviceId | string | Unique identifier for the device in the service |
| DeviceName | string | Fully qualified domain name (FQDN) of the device |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| OSArchitecture | string | Architecture of the operating system running on the machine |
| OSPlatform | string | Platform of the operating system running on the device. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7 |
| OSVersion | string | Version of the operating system running on the machine |
| RecommendedSecurityUpdate | string | Name or description of the security update provided by the software vendor to address the vulnerability |
| RecommendedSecurityUpdateId | string | Identifier of the applicable security updates or identifier for the corresponding guidance or knowledge base (KB) articles |
| SoftwareName | string | Name of the software product |
| SoftwareVendor | string | Name of the software vendor |
| SoftwareVersion | string | Version number of the software product |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | Date and time when the record was generated |
| Type | string | The name of the table |
| VulnerabilitySeverityLevel | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape |
Додаткові ресурси
Навчання
Модуль
Utilize Vulnerability Management in Microsoft Defender for Endpoint - Training
Utilize Vulnerability Management in Microsoft Defender for Endpoint
Сертифікація
Microsoft Certified: Security Operations Analyst Associate - Certifications
Дослідіть, виконайте пошук і пом'якшення загроз за допомогою Microsoft Sentinel, Microsoft Defender для хмари та Microsoft 365 Defender.
Документація
-
Azure Monitor Logs reference - DeviceTvmSoftwareInventory - Azure Monitor
Reference for DeviceTvmSoftwareInventory table in Azure Monitor Logs.
-
Azure Monitor Logs reference - DeviceTvmSecureConfigurationAssessment - Azure Monitor
Reference for DeviceTvmSecureConfigurationAssessment table in Azure Monitor Logs.
-
Vectra XDR (using Azure Functions) connector for Microsoft Sentinel
Learn how to install the connector Vectra XDR (using Azure Functions) to connect your data source to Microsoft Sentinel.