Merge pull request #178945 from memildin/asc-melvyn-minortweaks

MITRE mappings for recommendations

Author: ttorble

articles/security-center/media/review-security-recommendations/recommendation-details-page.png

@@ -5,7 +5,7 @@ author: memildin
 manager: rkarlin
 ms.service: security-center
 ms.topic: reference
-ms.date: 11/04/2021
+ms.date: 11/07/2021
 ms.author: memildin
 ---
 # What's new in Microsoft Defender for Cloud?
@@ -32,6 +32,7 @@ Our Ignite release includes:
 - [Expanded security control assessments with Azure Security Benchmark v3](#expanded-security-control-assessments-with-azure-security-benchmark-v3)
 - [Microsoft Sentinel connector's optional bi-directional alert synchronization released for general availability (GA)](#microsoft-sentinel-connectors-optional-bi-directional-alert-synchronization-released-for-general-availability-ga)
 - [New recommendation to push Azure Kubernetes Service (AKS) logs to Sentinel](#new-recommendation-to-push-azure-kubernetes-service-aks-logs-to-sentinel)
+- [Recommendations mapped to the MITRE ATT&CK® framework - released for general availability (GA)](#recommendations-mapped-to-the-mitre-attck-framework---released-for-general-availability-ga)
 
 Other changes in November include:
 
@@ -117,6 +118,22 @@ The new recommendation, "Diagnostic logs in Kubernetes services should be enable
 We've also enhanced the "Auditing on SQL server should be enabled" recommendation with the same Sentinel streaming capabilities. 
 
 
+### Recommendations mapped to the MITRE ATT&CK® framework - released for general availability (GA)
+
+We've enhanced Defender for Cloud's security recommendations to show their position on the MITRE ATT&CK® framework. This globally accessible knowledge base of threat actors' tactics and techniques based on real-world observations, provides more context to help you understand the associated risks of the recommendations for your environment.
+
+You'll find these tactics wherever you access recommendation information:
+
+- **Azure Resource Graph query results** for relevant recommendations include the MITRE ATT&CK® tactics and techniques.
+
+- **Recommendation details pages** show the mapping for all relevant recommendations:
+
+    :::image type="content" source="media/review-security-recommendations/tactics-window.png" alt-text="Screenshot of the MITRE tactics mapping for a recommendation.":::
+
+- **The recommendations page in Defender for Cloud** has a new :::image type="icon" source="media/review-security-recommendations/tactics-filter-recommendations-page.png" border="false"::: filter to select recommendations according to their associated tactic:
+
+Learn more in [Review your security recommendations](review-security-recommendations.md).
+
 ### Microsoft Threat and Vulnerability Management added as vulnerability assessment solution - released for general availability (GA)
 
 In October, [we announced](#microsoft-threat-and-vulnerability-management-added-as-vulnerability-assessment-solution-in-preview) an extension to the integration between [Microsoft Defender for servers](defender-for-servers-introduction.md) and Microsoft Defender for Endpoint, to support a new vulnerability assessment provider for your machines: [Microsoft threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt). This feature is now released for general availability (GA).

articles/security-center/media/review-security-recommendations/tactics-filter-recommendations-page.png

@@ -5,7 +5,7 @@ author: memildin
 manager: rkarlin
 ms.service: security-center
 ms.topic: conceptual
-ms.date: 10/20/2021
+ms.date: 11/07/2021
 ms.author: memildin
 ---
 # Review your security recommendations
@@ -38,7 +38,11 @@ Defender for Cloud analyzes the security state of your resources to identify pot
         - **Open query** - All recommendations have the option to view the detailed information about the affected resources using Azure Resource Graph Explorer.
     1. **Severity indicator**.
     1. **Freshness interval** (where relevant).
-    1. **Count of exempted resources** if exemptions exist for this recommendation, this shows the number of resources that have been exempted.
+    1. **Count of exempted resources** if exemptions exist for a recommendation, this shows the number of resources that have been exempted with a link to view the specific resources.
+    1. **Mapping to MITRE ATT&CK ® tactics and techniques** if a recommendation has defined tactics and techniques, select the icon for links to the relevant pages on MITRE's site. 
+
+        :::image type="content" source="media/review-security-recommendations/tactics-window.png" alt-text="Screenshot of the MITRE tactics mapping for a recommendation.":::
+
     1. **Description** - A short description of the security issue.
     1. When relevant, the details page also includes a table of **related recommendations**:
 
@@ -58,7 +62,6 @@ Defender for Cloud analyzes the security state of your resources to identify pot
     1. **Affected resources** - Your resources are grouped into tabs:
         - **Healthy resources** – Relevant resources which either aren't impacted or on which you've already  remediated the issue.
         - **Unhealthy resources** – Resources which are still impacted by the identified issue.
-        - **Removed** - Resources that were deleted between assessment cycles (as defined by the freshness interval).
         - **Not applicable resources** – Resources for which the recommendation can't give a definitive answer. The not applicable tab also includes reasons for each resource. 
 
             :::image type="content" source="./media/review-security-recommendations/recommendations-not-applicable-reasons.png" alt-text="Not applicable resources with reasons.":::