TVM Reporting

%3CLINGO-SUB%20id%3D%22lingo-sub-3221896%22%20slang%3D%22en-US%22%3ETVM%20Reporting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3221896%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20wanting%20to%20increase%20the%20information%20that%20comes%20from%20the%20TVM%20module%20within%20defender.%26nbsp%3B%20Whilst%20I%20appreciate%20the%20reports%20are%20present%2C%20I%20want%20to%20be%20able%20to%20%22by%20example%20only%22%20push%20out%20on%20a%20regular%20basis%20vulnerabilities%20that%20were%20%22first%20seen%22%20on%20a%20particular%20date%20and%20from%20there%20set%20a%20plan%20to%20remediate%20-%20ie%20critical%20vulnerabilies%20being%20from%20first%20seen%20%2B%2030%20days.%26nbsp%3B%20further%20to%20this%2C%20whilst%20I%20can%20run%20a%20KQL%20query%20in%20hunting%20to%20look%20for%20vulnerabilies%20by%20device%20group%20(by%20example)%20things%20like%20remediation%2C%20path%2C%20evidence%2C%20computer%2C%20IP%20....%20trying%20to%20get%20them%20all%20in%20once%20place%20is%20proving%20a%20little%20difficult%20-%20hence%20reaching%20out%20to%20all%20of%20you....%20any%20thoughts%20all....%20Mark%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi All

 

I am wanting to increase the information that comes from the TVM module within defender.  Whilst I appreciate the reports are present, I want to be able to "by example only" push out on a regular basis vulnerabilities that were "first seen" on a particular date and from there set a plan to remediate - ie critical vulnerabilies being from first seen + 30 days.  further to this, whilst I can run a KQL query in hunting to look for vulnerabilies by device group (by example) things like remediation, path, evidence, computer, IP .... trying to get them all in once place is proving a little difficult - hence reaching out to all of you.... any thoughts all.... Mark 

0 Replies