cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Colum header meanings in vulnerabilities export files

mfalde
Brass Contributor

‎Mar 29 2021 09:03 AM

‎Mar 29 2021 09:03 AM

Colum header meanings in vulnerabilities export files

When I export a csv from a machine's "Discovered Vulnerabilities" tab, what do the "has exploit", "has known threats", and "has associated alerts" column headers mean respectively? Also, do I need both AV and EDR turned on for both of these to be true?

1,641 Views
0 Likes
2 Replies
Reply
2 Replies
marysia_k

‎Apr 15 2021 02:11 PM

‎Apr 15 2021 02:11 PM

Re: Colum header meanings in vulnerabilities export files

For more information about threat and vulnerability management please refer to this link: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tvm-weaknesses?view=o365-w.... Additionally, if I understand your second question correctly, the EDR service is doing the vulnerability assessment. Please let me know if this answers your question
1 Like
Reply
mfalde

‎Oct 05 2021 11:15 AM

‎Oct 05 2021 11:15 AM

Re: Colum header meanings in vulnerabilities export files

After working with Defender longer and doing some more research, the "has known threats" and "has associated alerts" make sense. As far as I understand:

"has known threats" = there is a threat under the "Threat Analytics" blade that directly correlates somehow with that vulnerability.

"has associated alerts" = there is an alert in your environment that is somehow tied to that vulnerability. Maybe it is saying someone in your org tried to take action to exploit that vulnerability.

"has exploit" = XXX What goes here? This seems very vague if it is saying there is a known exploit. There are a lot of known exploits. How is this decided?
0 Likes
Reply