You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/review-security-recommendations.md
+13-1Lines changed: 13 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,7 +63,7 @@ It's important to review all of the details related to a recommendation before t
63
63
-**Last change date** - The date this recommendation last had a change
64
64
-**Owner** - The person assigned to this recommendation.
65
65
-**Due date** - The assigned date the recommendation must be resolved by.
66
-
-**Findings by severity** - The total findings by severity.
66
+
-**Severity** - The severity of the recommendation (High, Medium, or Low). More details below.
67
67
-**Tactics & techniques** - The tactics and techniques mapped to MITRE ATT&CK.
68
68
69
69
:::image type="content" source="./media/review-security-recommendations/recommendation-details-page.png" alt-text="Screenshot of the recommendation details page with labels for each element." lightbox="./media/security-policy-concept/recommendation-details-page.png":::
@@ -105,6 +105,18 @@ You can perform many actions to interact with recommendations. If an option isn'
105
105
106
106
:::image type="content" source="media/review-security-recommendations/recommendation-graph.png" alt-text="Screenshot of the graph tab in a recommendation that shows all of the attack paths for that recommendation." lightbox="media/review-security-recommendations/recommendation-graph.png":::
107
107
108
+
## How are recommendations classified?
109
+
110
+
Every security recommendation from Defender for Cloud is assigned one of three severity ratings:
111
+
112
+
-**High severity**: These recommendations should be addressed immediately, as they indicate a critical security vulnerability that could be exploited by an attacker to gain unauthorized access to your systems or data. Examples of high severity recommendations are when we’ve discovered unprotected secrets on a machine, overly-permissive inbound NSG rules, clusters allowing images to be deployed from untrusted registries, and unrestricted public access to storage accounts or databases.
113
+
114
+
-**Medium severity**: These recommendations indicate a potential security risk that should be addressed in a timely manner, but may not require immediate attention. Examples of medium severity recommendations might include containers sharing sensitive host namespaces, web apps not using managed identities, Linux machines not requiring SSH keys during authentication, and unused credentials being left in the system after 90 days of inactivity.
115
+
116
+
-**Low severity**: These recommendations indicate a relatively minor security issue that can be addressed at your convenience. Examples of low severity recommendations might include the need to disable local authentication in favor of Microsoft Entra ID, health issues with your endpoint protection solution, best practices not being followed with network security groups, or misconfigured logging settings that could make it harder to detect and respond to security incidents.
117
+
118
+
Of course, the internal views of an organization might differ with Microsoft’s classification of a specific recommendation. So, it's always a good idea to review each recommendation carefully and consider its potential impact on your security posture before deciding how to address it.
119
+
108
120
## Manage recommendations assigned to you
109
121
110
122
Defender for Cloud supports governance rules for recommendations, to specify a recommendation owner or due date for action. Governance rules help ensure accountability and an SLA for recommendations.
0 commit comments