secrets docs

Author: rayne-wiselman

articles/defender-for-cloud/release-notes-archive.md

@@ -1,14 +1,14 @@
 ---
 title: Remediate cloud deployment secrets security issues in Microsoft Defender for Cloud
-description: Learn how to remediate cloud deployment secrets security issues in Microsoft Defender for Cloud
+description: Learn how to remediate cloud deployment secrets security issues in Microsoft Defender for Cloud.
 ms.topic: overview
 ms.date: 04/16/2024
 ---
 
 
 # Remediate issues with cloud deployment secrets 
 
-Microsoft Defender for Cloud Defender for Cloud provides secrets scanning for virtual machines, and for cloud deployments, to reduce lateral movement risk.
+Microsoft Defender for Cloud provides secrets scanning for virtual machines, and for cloud deployments, to reduce lateral movement risk.
 
 This article helps you to identify and remediate security risks with cloud deployment secrets. 
 
@@ -25,7 +25,7 @@ This article helps you to identify and remediate security risks with cloud deplo
 
 ## Remediate secrets with attack paths
 
-Attack path analysis is a graph-based algorithm that scans your [cloud security graph](concept-attack-path.md#what-is-cloud-security-graph). to expose exploitable paths that attackers might use to reach high-impact assets. 
+Attack path analysis is a graph-based algorithm that scans your [cloud security graph](concept-attack-path.md#what-is-cloud-security-graph) to expose exploitable paths that attackers might use to reach high-impact assets. 
 
 
 1. Sign in to the [Azure portal](https://portal.azure.com).

articles/defender-for-cloud/remediate-cloud-deployment-secrets.md

@@ -1,14 +1,14 @@
 ---
 title: Remediate VM secrets security issues in Microsoft Defender for Cloud
-description: Learn how to remediate VM secrets security issues in Microsoft Defender for Cloud
+description: Learn how to remediate VM secrets security issues in Microsoft Defender for Cloud.
 ms.topic: overview
 ms.date: 04/16/2024
 ---
 
 
 # Remediate VM secrets issues
 
-Microsoft Defender for Cloud Defender for Cloud provides secrets scanning for virtual machines (VMs), and for cloud deployments, to reduce lateral movement risk.
+Microsoft Defender for Cloud provides secrets scanning for virtual machines (VMs), and for cloud deployments, to reduce lateral movement risk.
 
 This article helps you to identify and remediate security risks with VM secrets.
 
@@ -19,17 +19,17 @@ This article helps you to identify and remediate security risks with VM secrets.
 
 - [Defender for Cloud](get-started.md) must be available in your Azure subscription.
 
-- One or either of these Defender for Cloud plans [must be enabled](enable-enhanced-security.md#enable-defender-plans-to-get-the-enhanced-security-features) either or both of the following two plans:
+- At least one of these plans [must be enabled](enable-enhanced-security.md#enable-defender-plans-to-get-the-enhanced-security-features):
   - [Defender for Servers Plan 2](plan-defender-for-servers-select-plan.md)
   - [Defender CSPM](concept-cloud-security-posture-management.md)
 
-- [Agentless machine scannins](enable-vulnerability-assessment-agentless.md#enabling-agentless-scanning-for-machines) must be enabled. Learn more about [agentless scanning](concept-agentless-data-collection.md#availability).
+- [Agentless machine scanning](enable-vulnerability-assessment-agentless.md#enabling-agentless-scanning-for-machines) must be enabled. Learn more about [agentless scanning](concept-agentless-data-collection.md#availability).
 
 
 
 ## Remediate secrets with attack paths
 
-Attack path analysis is a graph-based algorithm that scans your [cloud security graph](concept-attack-path.md#what-is-cloud-security-graph). to expose exploitable paths that attackers might use to reach high-impact assets. Defender for Cloud provides a number of attack paths scenarios for VM secrets.
+Attack path analysis is a graph-based algorithm that scans your [cloud security graph](concept-attack-path.md#what-is-cloud-security-graph) to expose exploitable paths that attackers might use to reach high-impact assets. Defender for Cloud provides a number of attack paths scenarios for VM secrets.
 
 
 1. Sign in to the [Azure portal](https://portal.azure.com).

articles/defender-for-cloud/remediate-server-secrets.md

@@ -12,7 +12,7 @@ Microsoft Defender for Cloud provides agentless secrets scanning for cloud deplo
 
 ## What is cloud deployment?
 
-Cloud deployments refers to the process of deploying and managing resources on cloud providers such as Azure and AWS at scale, using tools such as Azure Resource Manager templates and AWS CloudFormation stack. In other words, a cloud deployment is an instance of an infrastructure-as-code (IaC) template. 
+Cloud deployment refers to the process of deploying and managing resources on cloud providers such as Azure and AWS at scale, using tools such as Azure Resource Manager templates and AWS CloudFormation stack. In other words, a cloud deployment is an instance of an infrastructure-as-code (IaC) template. 
 
 Each cloud provide exposes an API query, and when querying APIs for cloud deployment resources, you typically retrieve deployment metadata such as deployment templates, parameters, output, and tags.
 
@@ -68,17 +68,13 @@ The following cloud deployment secrets security recommendations are available:
 
 ### Attack path scenarios
 
-The table summarizes supported attack paths. Currently an attack path for Azure Resource Manager deployments in Azure is supported: Internet exposed Azure VM with 
+Attack path analysis is a graph-based algorithm that scans your cloud security graph. to expose exploitable paths that attackers might use to reach high-impact assets.
 
 
 ### Predefined cloud security explorer queries
 
-In cloud security explorer, you can currently search for Azure Resource Manager deployments. For example, you might search for:
-Azure resource manager deployments, that contain secrets such as connection strings, SAS tokens, that can authenticate to 
+The cloud security explorer enables you to proactively identify potential security risks within your cloud environment. It does so by querying the cloud security graph. Create queries by selecting cloud deployment resource types, and the types of secrets you want to find.
 
-- VM with plaintext secret that can authenticate to another VM - Returns all Azure VMs, AWS EC2 instances, or GCP VM instances with plaintext secret that can access other VMs or EC2s.
-- VM with plaintext secret that can authenticate to a storage account - Returns all Azure VMs, AWS EC2 instances, or GCP VM instances with plaintext secret that can access storage accounts
-- VM with plaintext secret that can authenticate to an SQL database - Returns all Azure VMs, AWS EC2 instances, or GCP VM instances with plaintext secret that can access SQL databases.
 
 ## Related content
 

articles/defender-for-cloud/secrets-scanning-cloud-deployment.md

@@ -16,15 +16,15 @@ Defender for Cloud's agentless secrets scanning for Virtual Machines (VM) locate
 
 Secrets scanning for VMs is agentless and uses cloud APIs.
 
-- Scanning captures disk snapshots and analyses them, with no impact on VM performance. 
-- After the Microsoft secrets scanning engine collects secrets metadata from disk, it sends them to Defender for Cloud. 
-- The secrets scanning engine verifies whether SSH private keys can be used to move laterally in your network.
+1. Scanning captures disk snapshots and analyses them, with no impact on VM performance.
+1. After the Microsoft secrets scanning engine collects secrets metadata from disk, it sends them to Defender for Cloud. 
+1. The secrets scanning engine verifies whether SSH private keys can be used to move laterally in your network.
     - SSH keys that aren’t successfully verified are categorized as unverified on the Defender for Cloud Recommendations page. 
     - Directories recognized as containing test-related content are excluded from scanning.
 
 ## What’s supported?
 
-VM secrets scanning is available when you’re using either of these plans: Defender for Servers plan 2/Defender Cloud Security Posture Management (CSPM). VM secrets scanning scans Azure VMs, and AWS/GCP instances onboarded to Defender for Cloud. Review the secrets that can be discovered by Defender for Cloud.
+VM secrets scanning is available when you’re using either Defender for Servers Plan 2 or Defender Cloud Security Posture Management (CSPM). VM secrets scanning is able to scan Azure VMs, and AWS/GCP instances onboarded to Defender for Cloud. Review the secrets that can be discovered by Defender for Cloud.
 
 ## How does VM secrets scanning mitigate risk?
 
@@ -41,7 +41,7 @@ There are a number of ways. Not every method is supported for every secret. Revi
 
 - Review secrets in the asset inventory: The inventory shows the security state of resources connected to Defender for Cloud. From the inventory you can view the secrets discovered on a specific machine.
 - Review secrets recommendations: When secrets are found on assets, a recommendation is triggered under the Remediate vulnerabilities security control on the Defender for Cloud Recommendations page. Recommendations are triggered as follows:
-- Review secrets with cloud security explorer.  Use cloud security explorer to query the cloud security graph. You can build your own queries, or use one of the built-in templates to query for VM secrets across your environment.
+- Review secrets with cloud security explorer. Use cloud security explorer to query the cloud security graph. You can build your own queries, or use one of the built-in templates to query for VM secrets across your environment.
 - Review attack paths: Attack path analysis scans the cloud security graph to expose exploitable paths that attacks might use to breach your environment and reach high-impact assets. VM secrets scanning supports a number of attack path scenarios.
 
 ### Security recommendations
@@ -60,7 +60,7 @@ The table summarizes supported attack paths.
 **VM** | **Attack paths**
 --- | ---
 Azure | Exposed Vulnerable VM has an insecure SSH private key that is used to authenticate to a VM.<br/>Exposed Vulnerable VM has insecure secrets that are used to authenticate to a storage account.<br/>Vulnerable VM has insecure secrets that are used to authenticate to a storage account.<br/>Exposed Vulnerable VM has insecure secrets that are used to authenticate to an SQL server.
-AWS | Exposed Vulnerable EC2 instance has an insecure SSH private key that is used to authenticate to an EC2 instance.<br/>Exposed Vulnerable EC2 instance has an insecure secret that are used to authenticate to a storage account.<br/>Exposed Vulnerable EC2 instance has insecure secrets that are used to authenticate to an AWS RDS server.<br/>Vulnerable EC2 instance has insecure secrets that are used to authenticate to an AWS RDS server.
+AWS | Exposed Vulnerable EC2 instance has an insecure SSH private key that is used to authenticate to an EC2 instance.<br/>Exposed Vulnerable EC2 instance has an insecure secret that is used to authenticate to a storage account.<br/>Exposed Vulnerable EC2 instance has insecure secrets that are used to authenticate to an AWS RDS server.<br/>Vulnerable EC2 instance has insecure secrets that are used to authenticate to an AWS RDS server.
 GCP | Exposed Vulnerable GCP VM instance has an insecure SSH private key that is used to authenticate to a GCP VM instance.
 
 ### Predefined cloud security explorer queries

articles/defender-for-cloud/secrets-scanning-servers.md

@@ -10,7 +10,7 @@ ms.date: 04/16/2024
 
 Microsoft Defender for Cloud helps security team to minimize the risk of attackers exploiting security secrets.
 
-After gaining initial access, attackers can move laterally across networks, find sensitive data, and exploit vulnerabilities to damage critical information systems by accessing cloud deployments, resources, and internet facing workloads. Lateral movement often involves credentials threats that typically exploit sensitive data such as exposed credentials and secrets such as passwords, keys, tokens and connection strings to gain access to additional assets. Secrets are often found in files, stored on VM disks, or on containers, across multi-cloud deployments. Exposed secrets happen for a number of reasons:
+After gaining initial access, attackers can move laterally across networks, find sensitive data, and exploit vulnerabilities to damage critical information systems by accessing cloud deployments, resources, and internet facing workloads. Lateral movement often involves credentials threats that typically exploit sensitive data such as exposed credentials and secrets such as passwords, keys, tokens, and connection strings to gain access to additional assets. Secrets are often found in files, stored on VM disks, or on containers, across multi-cloud deployments. Exposed secrets happen for a number of reasons:
 
 - Lack of awareness: Organizations might not be aware of the risks and consequences of secrets exposure in their cloud environment. There might not be a clear policy on handling and protecting secrets in code and configuration files.
 - Lack of discovery tools: Tools might not be in place to detect and remediate secrets leaks.
@@ -50,7 +50,7 @@ Defender for Cloud supports discovery of the types of secrets summarized in the
 **Secrets type** |	**VM secrets discovery** |	**Cloud deployment secrets discovery** |	**Review location**
 --- | --- | --- | ---
 Insecure SSH private keys<br/>Supports RSA algorithm for PuTTy files.<br/>PKCS#8 and PKCS#1 standards<br/>OpenSSH standard |Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext Azure SQL connection strings, supports SQL PAAS|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext Azure SQL connection strings supports SQL PAAS.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
 Plaintext Azure database for PostgreSQL.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
 Plaintext Azure database for MySQL.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
 Plaintext Azure database for MariaDB.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
@@ -60,7 +60,7 @@ Plaintext Azure storage account connection strings|Yes	|Yes | Inventory, cloud s
 Plaintext Azure storage account connection strings.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
 Plaintext Azure storage account SAS tokens.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
 Plaintext AWS access keys.|Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
-Plaintext AWS S3 pre-signed URL. |Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
+Plaintext AWS S3 presigned URL. |Yes	|Yes | Inventory, cloud security explorer, recommendations, attack paths
 Plaintext Google storage signed URL. |Yes	|Yes | Inventory, cloud security explorer.
 Plaintext Azure AD Client Secret. |Yes	|Yes | Inventory, cloud security explorer.
 Plaintext Azure DevOps Personal Access Token. |Yes	|Yes | Inventory, cloud security explorer.