Forum Discussion
Last Vulnerability Detection Date in MDVM
I recently started using MDVM and am trying to understand when a vulnerability was last seen on a device. When I zero in on a vulnerability (CVE) I see three dates Published On, First Detected, and U...
Required disclaimer, wait for an official response from Microsoft (or someone smarter than me).
From what I understand, Defender MDVM is a point in time picture of vulnerability status. It does not currently hold historic data, so a "last seen" date isn't available.
I am currently working to pull MDVM data into a third party tool that will provide historic context, trending analysis, etc. A more native way of doing this would be to pull data into an Azure SQL database and build the views you need in PowerBI.
From what I understand, Defender MDVM is a point in time picture of vulnerability status. It does not currently hold historic data, so a "last seen" date isn't available.
I am currently working to pull MDVM data into a third party tool that will provide historic context, trending analysis, etc. A more native way of doing this would be to pull data into an Azure SQL database and build the views you need in PowerBI.
Thank you BradHutchins, I appreciate the insight.
If there is no historical data and is reflective of a point-in-time, is it reasonable to assume that if a vulnerability is reported, it was it was seen the last time the device was scanned or reported in?
Thank you again,
Winston
Maybe "no historic data" is a little unfair. It does show when the vulnerability was discovered. I supposed, if you are using the integrated remediation options with Intune ticketing, you would be able to correlate to a closure time as well.
- Thanks Brad, it would be nice if someone from MS would chime in!
