Sensitivity Data Flag will not be deleted after Settings are changed
We have a lot of storage accounts which are flaged with risk factor "Sensitive Data" which also means all storage Accounts which have this label have risklevel critical. We deactivated Sensitive Data Scan but nothing happens As I got it correct once a resource is flagged with "Sensitive Data" the flag will not delete anymore What we did so far: turn off/on/off… the data scanning turn off/on/off Data sensitivity deselect all of different data sensitivity categories like Finance, PII, and Credentials turn off/on/off threshold for sensitive data labels turn off/on complete Defender There is also a support ticket where the support can the recommendation was to open a discussion here to have the product team look at this error (#2502031420002278)
Enable Bring Your Own License (BYOL)
A customer uses Bring your own license (BYOL) capability, which is being deprecated, to deploy Qualys extension in their VMs. They are questioning about the deprecation, this deprecation implicates the deploy won't be more available, but what happen with the machines already has deployed the Qualys extension? Will the extension be removed from machines, since it was deployed via BYOL? Or after deprecated the extension continues working for the already deployed machines?Update OpenSSL : Machines should have vulnerability findings resolved
Hi, I am new to this Defender Cloud. We are getting this message about out of date OpenSSL version: I have updated the .NetCore to the latest version : However it still doesnt seems to have resolved the error from Defender Cloud. I dont have any OpenSSL client installed on this machine from .net core. when I searched I only found these files : any assistance will be greatly appreciated on how do I resolve this issue? as far as I can see everything is up to date.
Qualys scanner vs Microsoft Defender Vulnerability Management
Hi, Does anyone knows what the benefit is to move from Qualys scanner to Microsoft Defender Vulnerability Management? Or pros and cons about them? And does Microsoft Defender Vulnerability Management can: Generate reports? Can it tell if the vulnerability is exploitable? Can it tell me the publish date of the vulnerability? Can it tell me the release date of the patch? Can I use filters or querys to find which vulnerabilities are greater than 90 days? Can patching be from third parties and from Windows? Does it give you the risk of the vulnerbaility and/or type of severity? I only find this: https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-vm?source=recommendations https://learn.microsoft.com/en-us/azure/defender-for-cloud/deploy-vulnerability-assessment-defender-vulnerability-management?source=recommendations Thank you!Defender for SQL Vuln Assessment for Arc Enabled servers
Can anyone confirm that the Vulnerability Assessment in Defender for Databases works for Arc enabled servers? This Scan your Azure SQL databases for vulnerabilities - Microsoft Defender for Cloud | Microsoft Learn does not include those type of machines, but I think its just an oversight in the documentationNew Blog | Securing your GitLab Environment with Microsoft Defender for Cloud
At Microsoft Ignite 2023, Microsoft Defender for Cloud unveiled a new integration, extending its DevOps security coverage outside of the Microsoft ecosystem and integrating with the all-in-one DevOps platform GitLab. With this integration, security practitioners can monitor the security posture of their GitLab environments and kick off developer remediation workflows. Additionally, customers with Defender CSPM will receive advanced contextualization and prioritization capabilities for their GitLab environments. Read the full blog here: Securing your GitLab Environment with Microsoft Defender for CloudNew Blog | High severity curl vulnerability: prepare with Microsoft Defender for Cloud
On October 2nd, high severity vulnerabilities in curl were preannounced. The curl project has announced that curl8.4.0 will be released on October 11th, earlier than expected. While the vulnerabilities have yet to be disclosed, it is expected that two vulnerabilities will be released: high-severity CVE-2023-38545 and low-severity CVE-2023-38546. curl is a popular command-line tool and library (libcurl) used to transfer data across network protocols using URL syntax. The library is one of the most widely used open-source projects across most operating systems, including Windows and Linux, and is one of the most popular OSS packages present in clients, embedded systems, and cloud-native applications/containers. Explicit details on the vulnerabilities, such as vectors and impacted versions, have not been disclosed at this time. We will update this blog post once the details are available after October 11th with further guidance. However, we encourage customers to prepare ahead of time by understanding where and how in their environments they are using curl. Read the full blog here: High severity curl vulnerability: prepare with Microsoft Defender for Cloud - Microsoft Community HubSecurity alerts in Microsoft defender for Cloud
Hello All, we have received below security alert in Microsoft defender for cloud for our App service. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Our website is Internet facing (Public facing). so, we cannot put much restriction on our app service (ex IP restriction, SSL certificate). We are unable to investigate the below alerts. we checked the log analytics workspace logs but and extracted the logs from the caller IP. but could not find much information form it we also checked there was no impact found on our webapp. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Is there any way by which we can investigate why these alerts got generated. and what next action can be taken on this ?Blog | Malware Scanning for cloud storage GA pre-announcement|prevent malicious content distribution
Malware Scanning in Defender for Storage will be generally available (GA) for Azure Blob Storage on September 1, 2023. This add-on to Defender for Storage will be priced at $0.15 (USD) per GB of data scanned. Malware Scanning in Defender for Storage helps protect your Blob storage accounts from malicious content by performing a full, built-in, agentless malware scan on uploaded content in near real time, using Microsoft Defender Antivirus capabilities. It scans all file types and allows you to detect and prevent malware distribution events. Read the full blog post: Malware Scanning for cloud storage GA pre-announcement | prevent malicious content distribution at scale (microsoft.com)New Blog | 'SQL servers on machines should have vulnerability findings resolved.'
Databases contain some of your most sensitive data, which makes them an obvious target for attackers. Most attackers are usually looking for data, whether it is to acquire sensitive data for their own use (to sell), to encrypt it (to sell back to you), or to destroy it (to cause you reputational and operational harm). Databases have an extended attack surface and are often misconfigured which can lead to an attacker gaining access, elevating permissions, and wreaking havoc. This recommendation is generated by Defender for SQL on machines Vulnerability Assessment. The rules that we check for are a set of possible misconfigurations that should be addressed. When you have findings for this recommendation, you have four options on how to handle it. We’ll go into depth on each of them in this blog. Read the blog: Microsoft Defender for Cloud - 'SQL servers on machines should have vulnerability findings resolved' - Microsoft Community Hub
