Help choosing Vulnerability scanner - Microsoft TVM Vs Qualys
A client of mine has asked to provide a comparison between Microsoft TVM and Qualys so that vulnerability extension can be configured on the MDC. Only MDE TVM is supported on Virtual Machine scale Set. Qualys doesn’t support VMSS. With Qualys , the vulnerability findings only show in Defender for Cloud and not in security.microsoft.com. Are there any recommendation on choosing one of these scanners?
Update OpenSSL : Machines should have vulnerability findings resolved
Hi, I am new to this Defender Cloud. We are getting this message about out of date OpenSSL version: I have updated the .NetCore to the latest version : However it still doesnt seems to have resolved the error from Defender Cloud. I dont have any OpenSSL client installed on this machine from .net core. when I searched I only found these files : any assistance will be greatly appreciated on how do I resolve this issue? as far as I can see everything is up to date.
Exporting list of all vulnerabilities per machine
Hi community, I'm new to Threat and Vulnerability Management on MDATP, i've been noticing that Microsoft doesn't offer an option to export the list of all the vulnerabilities per machine. We can export the vulnerabilities for each machine separately or all the vulnerabilities with no information about which machine has the vulnerability. I'm used to work with Qualys and they have this option of export every vulnerability associated with each machine and their solution. Can i customize the report to bring the columns i need? Thank you.
Security alerts in Microsoft defender for Cloud
Hello All, we have received below security alert in Microsoft defender for cloud for our App service. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Our website is Internet facing (Public facing). so, we cannot put much restriction on our app service (ex IP restriction, SSL certificate). We are unable to investigate the below alerts. we checked the log analytics workspace logs but and extracted the logs from the caller IP. but could not find much information form it we also checked there was no impact found on our webapp. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Is there any way by which we can investigate why these alerts got generated. and what next action can be taken on this ?
New Blog | High severity curl vulnerability: prepare with Microsoft Defender for Cloud
On October 2nd, high severity vulnerabilities in curl were preannounced. The curl project has announced that curl8.4.0 will be released on October 11th, earlier than expected. While the vulnerabilities have yet to be disclosed, it is expected that two vulnerabilities will be released: high-severity CVE-2023-38545 and low-severity CVE-2023-38546. curl is a popular command-line tool and library (libcurl) used to transfer data across network protocols using URL syntax. The library is one of the most widely used open-source projects across most operating systems, including Windows and Linux, and is one of the most popular OSS packages present in clients, embedded systems, and cloud-native applications/containers. Explicit details on the vulnerabilities, such as vectors and impacted versions, have not been disclosed at this time. We will update this blog post once the details are available after October 11th with further guidance. However, we encourage customers to prepare ahead of time by understanding where and how in their environments they are using curl. Read the full blog here: High severity curl vulnerability: prepare with Microsoft Defender for Cloud - Microsoft Community HubQualys scanner vs Microsoft Defender Vulnerability Management
Hi, Does anyone knows what the benefit is to move from Qualys scanner to Microsoft Defender Vulnerability Management? Or pros and cons about them? And does Microsoft Defender Vulnerability Management can: Generate reports? Can it tell if the vulnerability is exploitable? Can it tell me the publish date of the vulnerability? Can it tell me the release date of the patch? Can I use filters or querys to find which vulnerabilities are greater than 90 days? Can patching be from third parties and from Windows? Does it give you the risk of the vulnerbaility and/or type of severity? I only find this: https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm?source=recommendations https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-defender-vulnerability-management?source=recommendations Thank you!Vulnerabilities reported in AKS VMSS nodes
Hi all, Within ASC and "Vulnerabilities in security configuration on your machines should be remediated" my AKS nodes are being reported as requiring remediation. If I were to remediate these they'll just come back if I scale out/in or upgrade? Also, as these are AKS nodes, shouldn't they be excluded or be patched already? Name State Disable SMB V1 with Samba Critical Open Run AuditD service Critical Open IP forwarding should be disabled. (net.ipv4.ip_forward = 0) Critical Open Anyone else experienced this? Or remediated?Application Inventory Detail Difference with Azure Arc
We noticed that the listing of apps in MDC Inventory page for a windows server is much smaller than the app inventory for the same server in Azure Arc. Is this expected behavior? is there anything that we can do to get more application information in MDC?Blog | Malware Scanning for cloud storage GA pre-announcement|prevent malicious content distribution
Malware Scanning in Defender for Storage will be generally available (GA) for Azure Blob Storage on September 1, 2023. This add-on to Defender for Storage will be priced at $0.15 (USD) per GB of data scanned. Malware Scanning in Defender for Storage helps protect your Blob storage accounts from malicious content by performing a full, built-in, agentless malware scan on uploaded content in near real time, using Microsoft Defender Antivirus capabilities. It scans all file types and allows you to detect and prevent malware distribution events. Read the full blog post: Malware Scanning for cloud storage GA pre-announcement | prevent malicious content distribution at scale (microsoft.com)
