Forum Discussion
Last Vulnerability Detection Date in MDVM
I recently started using MDVM and am trying to understand when a vulnerability was last seen on a device. When I zero in on a vulnerability (CVE) I see three dates Published On, First Detected, and Updated On:
Published On: which I believe is the date the CVE was published
First Detected: this is the date the vulnerability was first detected on the device
Updated On: this is where I am not sure what this means.
Is this the last date the vulnerability was detected on the device?
Is it the last the device was scanned?
If no to a & b, then how do I know when the vulnerability was last seen by the scanner. then how do I know when the vulnerability was last seen by the scanner. Is there a Last Date detected?
I have been researching this for a while but have not been able to find an answer to this point and am hopeful this community can assist!
Thanks in advance
Winston
- BradHutchinsCopper ContributorRequired disclaimer, wait for an official response from Microsoft (or someone smarter than me).
From what I understand, Defender MDVM is a point in time picture of vulnerability status. It does not currently hold historic data, so a "last seen" date isn't available.
I am currently working to pull MDVM data into a third party tool that will provide historic context, trending analysis, etc. A more native way of doing this would be to pull data into an Azure SQL database and build the views you need in PowerBI.- WinstonConstantineCopper Contributor
Thank you BradHutchins, I appreciate the insight.
If there is no historical data and is reflective of a point-in-time, is it reasonable to assume that if a vulnerability is reported, it was it was seen the last time the device was scanned or reported in?
Thank you again,
Winston
- BradHutchinsCopper Contributor
Maybe "no historic data" is a little unfair. It does show when the vulnerability was discovered. I supposed, if you are using the integrated remediation options with Intune ticketing, you would be able to correlate to a closure time as well.
- dullinternet_1989Copper Contributor
Published On: which I believe is the date the CVE was published :white_heavy_check_mark: Correct.
First Detected: this is the date the vulnerability was first detected on the device. :white_heavy_check_mark: Correct.
Updated On: this is where I am not sure what this means.
Is this the last date the vulnerability was detected on the device?
Is it the last the device was scanned? This is when the metadata was last updated.