Forum Discussion

mfalde's avatar
mfalde
Brass Contributor
Mar 29, 2021

Colum header meanings in vulnerabilities export files

When I export a csv from a machine's "Discovered Vulnerabilities" tab, what do the "has exploit", "has known threats", and "has associated alerts" column headers mean respectively? Also, do I need both AV and EDR turned on for both of these to be true?

    • mfalde's avatar
      mfalde
      Brass Contributor
      After working with Defender longer and doing some more research, the "has known threats" and "has associated alerts" make sense. As far as I understand:

      "has known threats" = there is a threat under the "Threat Analytics" blade that directly correlates somehow with that vulnerability.

      "has associated alerts" = there is an alert in your environment that is somehow tied to that vulnerability. Maybe it is saying someone in your org tried to take action to exploit that vulnerability.

      "has exploit" = XXX What goes here? This seems very vague if it is saying there is a known exploit. There are a lot of known exploits. How is this decided?

Resources