Defender CSPM contextual security capabilities assists security teams in the reduction of the risk of impactful breaches. Defender CSPM uses environment context to perform a risk assessment of your security issues. Defender CSPM identifies the biggest security risk issues, while distinguishing them from less risky issues.
With attack path analysis and cloud security explorer Defender DCSPM customers can address the security issues that pose immediate threats with the greatest potential of being exploited and proactively identify security risks in their cloud environment by running graph-based queries on the cloud security graph, which is Defender for Cloud's context engine.
Agentless containers coverage as part of DCSPM is now available in public preview. It only takes one click to benefit from adding containers’ context to the security graph:
Customers who enabled Defender CSPM after April 17th already enjoy agentless container capabilities - no need to take any further action.
Customers who enabled before Defender CSPM after April 17th - such customers need to manually enable the “Agentless discovery for Kubernetes” and “Container registries vulnerability assessments” extensions for their Defender CSPM environments.
This is a one-time manual effort as newly onboarded subscriptions, the relevant extensions will be default enabled.
To enable these, the following permissions on the subscription are required:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.