You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/upcoming-changes.md
-15Lines changed: 0 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,26 +18,11 @@ If you're looking for the latest release notes, you'll find them in the [What's
18
18
19
19
| Planned change | Estimated date for change |
20
20
|--|--|
21
-
|[Deprecating three VM alerts](#deprecating-three-vm-alerts)| June 2022|
22
21
|[Change in pricing of Runtime protection for Arc-enabled Kubernetes clusters](#change-in-pricing-of-runtime-protection-for-arc-enabled-kubernetes-clusters)| August 2022 |
23
22
|[Multiple changes to identity recommendations](#multiple-changes-to-identity-recommendations)| September 2022 |
24
23
|[Removing security alerts for machines reporting to cross tenant Log Analytics workspaces](#removing-security-alerts-for-machines-reporting-to-cross-tenant-log-analytics-workspaces)| September 2022 |
25
24
|[Legacy Assessments APIs deprecation](#legacy-assessments-apis-deprecation)| September 2022 |
26
25
27
-
### Deprecating three VM alerts
28
-
29
-
**Estimated date for change:** June 2022
30
-
31
-
The following table lists the alerts that will be deprecated during June 2022.
32
-
33
-
| Alert name | Description | Tactics | Severity |
34
-
|--|--|--|--|
35
-
|**Docker build operation detected on a Kubernetes node** <br>(VM_ImageBuildOnNode) | Machine logs indicate a build operation of a container image on a Kubernetes node. While this behavior might be legitimate, attackers might build their malicious images locally to avoid detection. | Defense Evasion | Low |
36
-
|**Suspicious request to Kubernetes API** <br>(VM_KubernetesAPI) | Machine logs indicate that a suspicious request was made to the Kubernetes API. The request was sent from a Kubernetes node, possibly from one of the containers running in the node. Although this behavior can be intentional, it might indicate that the node is running a compromised container. | LateralMovement | Medium |
37
-
|**SSH server is running inside a container** <br>(VM_ContainerSSH) | Machine logs indicate that an SSH server is running inside a Docker container. While this behavior can be intentional, it frequently indicates that a container is misconfigured or breached. | Execution | Medium |
38
-
39
-
These alerts are used to notify a user about suspicious activity connected to a Kubernetes cluster. The alerts will be replaced with matching alerts that are part of the Microsoft Defender for Cloud Container alerts (`K8S.NODE_ImageBuildOnNode`, `K8S.NODE_ KubernetesAPI` and `K8S.NODE_ ContainerSSH`) which will provide improved fidelity and comprehensive context to investigate and act on the alerts. Learn more about alerts for [Kubernetes Clusters](alerts-reference.md).
40
-
41
26
### Change in pricing of runtime protection for Arc-enabled Kubernetes clusters
0 commit comments