Merge pull request #115205 from memildin/asc-melvyn-release-notes

ShannonLeavitt · web-flow · commit 346a9f6a54af · 2020-05-19T10:08:14.000-06:00
Added alerts suppression rules and fixed formatting inconsistencies
diff --git a/articles/security-center/alerts-suppression-rules.md b/articles/security-center/alerts-suppression-rules.md
@@ -142,7 +142,7 @@ The relevant HTTP methods for suppression rules in the REST API are:
 
 - **DELETE**: Deletes an existing rule (but doesn't change the status of alerts already dismissed by it).
 
-For full details and usage examples, see the [API documentation](/azure/security-center/). 
+For full details and usage examples, see the [API documentation](https://docs.microsoft.com/rest/api/securitycenter/). 
 
 
 ## Next steps
diff --git a/articles/security-center/built-in-vulnerability-assessment.md b/articles/security-center/built-in-vulnerability-assessment.md
@@ -19,11 +19,17 @@ ms.author: memildin
 
 The vulnerability scanner included with Azure Security Center is powered by Qualys. Qualys's scanner is the leading tool for real-time identification of vulnerabilities in your Azure Virtual Machines. It's only available to users on the standard pricing tier. You don't need a Qualys license or even a Qualys account - everything's handled seamlessly inside Security Center.
 
-This feature is currently in preview.  
-
 > [!NOTE]
 > Security Center supports the integration of tools from other vendors, but you'll need to handle the licensing costs, deployment, and configuration. For more information, see [Deploying a partner vulnerability scanning solution](partner-vulnerability-assessment.md). You can also use those instructions to integrate your organization's own Qualys license, if you choose not to use the built-in vulnerability scanner included with Azure Security Center.
 
+## Availability
+
+- Release state: **Generally Available**
+- Required roles: **Resource owner** can deploy the scanner. **Security reader** can view findings.
+- Clouds: 
+    - ✔ Commercial clouds
+    - ✘ National, Government, and Sovereign
+
 
 ## Overview of the integrated vulnerability scanner
 
@@ -85,7 +91,7 @@ To deploy the vulnerability scanner extension:
     
     Scanning begins automatically as soon as the extension is successfully deployed. Scans will then run at four-hour intervals. This interval is hard-coded and not configurable. 
 
-1. If the deployment fails on one or more VMs, ensure the target VMs can communicate with Qualys's cloud service on the following two IP addresses:
+1. If the deployment fails on one or more VMs, ensure the target VMs can communicate with Qualys's cloud service on the following two IP addresses (via port 443 - the default for HTTPS):
 
     - 64.39.104.113
     - 154.59.121.74 
@@ -144,7 +150,7 @@ You'll need write permissions for any VM on which you want to deploy the extensi
 
 The Azure Security Center Vulnerability Assessment extension (powered by Qualys), like other extensions, runs on top of the Azure Virtual Machine agent. So it runs as Local Host on Windows, and Root on Linux.
 
-During setup, Security Center checks to ensure that the VM can communicate with Qualys's cloud service on the following two IP addresses:
+During setup, Security Center checks to ensure that the VM can communicate with Qualys's cloud service on the following two IP addresses (via port 443 - the default for HTTPS):
 
 - 64.39.104.113
 - 154.59.121.74
@@ -161,25 +167,27 @@ You'll need the following details:
 ### How does the extension get updated?
 Like the Azure Security Center agent itself and all other Azure extensions, minor updates of the Qualys scanner may automatically happen in the background. All agents and extensions are tested extensively before being automatically deployed.
 
-Some updates to the vulnerability scanner extension may require manual deployment. For example, **if you're running v1.0.0.4, you must take the following steps**:
+If you're running v1.0.0.4, you must manually update the vulnerability scanner extension using the steps below. This procedure also shows you how to check the version of the scanner currently deployed to your VMs.
 
-1. Verify the version of the Qualys vulnerability scanner extension running on your VM:
+1. From the Azure portal, open **Virtual machines**.
 
-    1. From the Azure portal, open Virtual machines.
-    1. Select the VM on which the agent is installed.
-    1. From the sidebar navigation, open **Extensions** and select the following extension:
+1. Select the VM on which the extension is installed.
 
-        Name: **WindowsAgent.AzureSecurityCenter** Type: **Qualys.WindowsAgent.AzureSecurityCenter**
+1. From the sidebar navigation, open **Extensions** and select the following extension:
 
-    1. Review the version information of the extension.
+    Name: **WindowsAgent.AzureSecurityCenter** Type: **Qualys.WindowsAgent.AzureSecurityCenter**
 
-        ![Qualys agent extension version information](media/built-in-vulnerability-assessment/qualys-agent-extension-version.png)
+1. Review the version information of the extension.
 
-    1. If the version is 1.0.0.4, click **Uninstall** and wait until the extension is no longer listed in the VM's extensions page.
+    ![Qualys agent extension version information](media/built-in-vulnerability-assessment/qualys-agent-extension-version.png)
 
-    1. Restart the VM.
+1. If the version is 1.0.0.4, click **Uninstall** and wait until the extension is no longer listed in the VM's extensions page.
+
+1. Restart the VM.
     
-    1. When the VM's status is "Running", deploy the extension as described above in [Deploying the Qualys built-in vulnerability scanner](#deploying-the-qualys-built-in-vulnerability-scanner).
+1. When the VM's status is "Running", deploy the extension as described above in [Deploying the Qualys built-in vulnerability scanner](#deploying-the-qualys-built-in-vulnerability-scanner).
+
+
 
 ### Why does my VM show as "not applicable" in the recommendation?
 The recommendation details page for the **"Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)"** recommendation groups your VMs in one or more of the following lists: **Healthy resources**, **Unhealthy resources**, and **Not applicable resources**.
diff --git a/articles/security-center/release-notes.md b/articles/security-center/release-notes.md
@@ -10,7 +10,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 05/11/2020
+ms.date: 05/15/2020
 ms.author: memildin
 
 ---
@@ -28,6 +28,52 @@ This page is updated regularly, so revisit it often. If you're looking for items
 
 ## May 2020
 
+
+### Alert suppression rules (preview)
+
+This new feature (currently in preview) helps reduce alert fatigue. Use rules to automatically hide alerts that are known to be innocuous or related to normal activities in your organization. This lets you focus on the most relevant threats. 
+
+Alerts that match your enabled suppression rules will still be generated, but their state will be set to dismissed. You can see the state in the Azure portal or however you access your Security Center security alerts.
+
+Suppression rules define the criteria for which alerts should be automatically dismissed. Typically, you'd use a suppression rule to:
+
+- suppress alerts that you've identified as false positives
+
+- suppress alerts that are being triggered too often to be useful
+
+[Learn more about suppressing alerts from Azure Security Center's threat protection](alerts-suppression-rules.md).
+
+
+### Virtual machine vulnerability assessment is now generally available
+
+Security Center's standard tier now includes a built-in vulnerability assessment for virtual machines for no additional fee. This extension is powered by Qualys but reports its findings directly back to Security Center. You don't need a Qualys license or even a Qualys account - everything's handled seamlessly inside Security Center.
+
+The new solution can continuously scan your virtual machines to find vulnerabilities and present the findings in Security Center. 
+
+To deploy the solution, use the new security recommendation:
+
+"Enable the built-in vulnerability assessment solution on virtual machines (powered by Qualys)"
+
+[Learn more](built-in-vulnerability-assessment.md).
+
+
+
+### Alert suppression rules (preview)
+
+This new feature (currently in preview) helps reduce alert fatigue. Use rules to automatically hide alerts that are known to be innocuous or related to normal activities in your organization. This lets you focus on the most relevant threats. 
+
+Alerts that match your enabled suppression rules will still be generated, but their state will be set to dismissed. You can see the state in the Azure portal or however you access your Security Center security alerts.
+
+Suppression rules define the criteria for which alerts should be automatically dismissed. Typically, you'd use a suppression rule to:
+
+- suppress alerts that you've identified as false positives
+
+- suppress alerts that are being triggered too often to be useful
+
+[Learn more about suppressing alerts from Azure Security Center's threat protection](alerts-suppression-rules.md).
+
+
+
 ### Changes to just-in-time (JIT) virtual machine (VM) access
 
 Security Center includes an optional feature to protect the management ports of your VMs. This provides a defense against the most common form of brute force attacks.
@@ -78,7 +124,7 @@ The recommendations are:
 Learn more about security controls in [Enhanced secure score (preview) in Azure Security Center](secure-score-security-controls.md).
 
 
-### Custom policies with custom metadata generally available
+### Custom policies with custom metadata are now generally available
 
 Custom policies are now part of the Security Center recommendations experience, secure score, and the regulatory compliance standards dashboard. This feature is now generally available and allows you to extend your organization's security assessment coverage in Security Center. 
 
@@ -91,7 +137,7 @@ We've now also added the option to edit the custom recommendation metadata. Meta
 
 ## April 2020
 
-### Dynamic compliance packages now generally available
+### Dynamic compliance packages are now generally available
 
 The Azure Security Center regulatory compliance dashboard now includes **dynamic compliance packages** (now generally available) to track additional industry and regulatory standards.
 
@@ -193,7 +239,7 @@ These recommendations will no longer appear in the Security Center list of recom
 
 ## February 2020
 
-### Fileless attack detection for Linux is now in preview
+### Fileless attack detection for Linux (preview)
 
 As attackers increasing employ stealthier methods to avoid detection, Azure Security Center is extending fileless attack detection for Linux, in addition to Windows. Fileless attacks exploit software vulnerabilities, inject malicious payloads into benign system processes, and hide in memory. These techniques:
 
@@ -205,7 +251,7 @@ To counter this threat, Azure Security Center released fileless attack detection
 
 ## January 2020
 
-### Enhanced secure score
+### Enhanced secure score (preview)
 
 An enhanced version of the secure score feature of Azure Security Center is now available in preview. In this version, multiple recommendations are grouped into Security Controls that better reflect your vulnerable attack surfaces (for example, restrict access to management ports).
 
diff --git a/articles/security-center/security-center-vulnerability-assessment-recommendations.md b/articles/security-center/security-center-vulnerability-assessment-recommendations.md
@@ -17,7 +17,7 @@ ms.author: memildin
 ---
 # Vulnerability assessments for your Azure Virtual Machines
 
-A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's Standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you. This feature is currently in preview.
+A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's Standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you.
 
 Security Center presents one of two recommendations if it doesn't find a vulnerability assessment solution installed on a VM:
 
@@ -28,4 +28,4 @@ Security Center presents one of two recommendations if it doesn't find a vulnera
 Security Center also offers vulnerability analysis for your:
 
 * SQL databases - see [Explore vulnerability assessment reports in the vulnerability assessment dashboard](security-center-iaas-advanced-data.md#explore-vulnerability-assessment-reports)
-* Azure Container Registry images - see [Azure Container Registry integration with Security Center (Preview)](azure-container-registry-integration.md)
+* Azure Container Registry images - see [Azure Container Registry integration with Security Center](azure-container-registry-integration.md)
