implementing feedback

Author: Shereen-Bhar

articles/defender-for-cloud/attack-path-reference.md

@@ -131,8 +131,8 @@ This section  lists all of the cloud security graph components (connections and
 | DEASM findings | Microsoft Defender External Attack Surface Management (DEASM) internet scanning findings | Public IP |
 | Privileged container | Indicates that a Kubernetes container runs in a privileged mode | Kubernetes container |
 | Uses host network | Indicates that a Kubernetes pod uses the network namespace of its host machine | Kubernetes pod |
-| Has high severity vulnerabilities | Indicates that a resource has high severity vulnerabilities | Azure VM, AWS EC2, Kubernetes image |
-| Vulnerable to remote code execution | Indicates that a resource has vulnerabilities allowing remote code execution | Azure VM, AWS EC2, Kubernetes image |
+| Has high severity vulnerabilities | Indicates that a resource has high severity vulnerabilities | Azure VM, AWS EC2, Container image |
+| Vulnerable to remote code execution | Indicates that a resource has vulnerabilities allowing remote code execution | Azure VM, AWS EC2, Container image |
 | Public IP metadata | Lists the metadata of an Public IP | Public IP |
 | Identity metadata | Lists the metadata of an identity | Azure AD Identity |
 
@@ -144,7 +144,7 @@ This section  lists all of the cloud security graph components (connections and
 | Has permission to | Indicates that an identity has permissions to a resource or a group of resources | Azure AD user account, Managed Identity, IAM user, EC2 instance | All Azure & AWS resources|
 | Contains | Indicates that the source entity contains the target entity | Azure subscription, Azure resource group, AWS account, Kubernetes namespace, Kubernetes pod, Kubernetes cluster, GitHub owner, Azure DevOps project, Azure DevOps organization, Azure SQL server | All Azure & AWS resources, All Kubernetes entities, All DevOps entities, Azure SQL database |
 | Routes traffic to | Indicates that the source entity can route network traffic to the target entity | Public IP, Load Balancer, VNET, Subnet, VPC, Internet Gateway, Kubernetes service, Kubernetes pod| Azure VM, Azure VMSS, AWS EC2, Subnet, Load Balancer, Internet gateway, Kubernetes pod, Kubernetes service |
-| Is running | Indicates that the source entity is running the target entity as a process | Azure VM, EC2, Kubernetes container | SQL, Arc-Enabled SQL, Hosted MongoDB, Hosted MySQL, Hosted Oracle, Hosted PostgreSQL, Hosted SQL Server, Kubernetes image, Kubernetes pod |
+| Is running | Indicates that the source entity is running the target entity as a process | Azure VM, EC2, Kubernetes container | SQL, Arc-Enabled SQL, Hosted MongoDB, Hosted MySQL, Hosted Oracle, Hosted PostgreSQL, Hosted SQL Server, Container image, Kubernetes pod |
 | Member of | Indicates that the source identity is a member of the target identities group | Azure AD group, Azure AD user | Azure AD group |
 | Maintains | Indicates that the source Kubernetes entity manages the life cycle of the target Kubernetes entity | Kubernetes workload controller, Kubernetes replica set, Kubernetes stateful set, Kubernetes daemon set, Kubernetes jobs, Kubernetes cron job | Kubernetes pod |
 

articles/defender-for-cloud/concept-agentless-containers.md

@@ -68,13 +68,13 @@ Before starting the onboarding process, make sure you have [a subscription onboa
 
 Verify that the settings were saved successfully - a notification message pops up in the top right corner.
 
-### Image refresh intervals
+### Container registries vulnerability assessments recommendations
 
-Agentless information in Defender CSPM is updated once an hour via snapshotting mechanism. It can take up to **24 hours** to see results in Cloud Security Explorer and Attack Path.
+For container registries vulnerability assessments, recommendations are available based on the vulnerability assessment timeline.
 
-Recommendations are available based on vulnerability assessment timeline. Learn more about [image scanning](defender-for-containers-vulnerability-assessment-azure.md).
+Learn more about [image scanning](defender-for-containers-vulnerability-assessment-azure.md).
 
-## How agentless containers works
+## How Agentless discovery for Kubernetes works
 
 The system’s architecture is based on a snapshot mechanism at intervals.
 
@@ -99,6 +99,10 @@ By enabling the Agentless discovery for Kubernetes extension, the following proc
 
 1. **Bind**: Upon discovery of an AKS cluster, MDC performs an AKS bind operation between the created identity and the Kubernetes role “Microsoft.Security/pricings/microsoft-defender-operator”. The role is visible via API and gives MDC data plane read permission inside the cluster.
 
+## Refresh intervals
+
+Agentless information in Defender CSPM is updated once an hour via snapshotting mechanism. It can take up to **24 hours** to see results in Cloud Security Explorer and Attack Path.
+
 ## Next steps
 
 Learn more about [Cloud Security Posture Management](concept-cloud-security-posture-management.md).

articles/defender-for-cloud/defender-for-containers-vulnerability-assessment-azure.md

@@ -36,10 +36,13 @@ When a scan is triggered, findings are available as Defender for Cloud recommend
 
 Before you can scan your ACR images:
 
-- [Enable Defender for Containers](defender-for-containers-enable.md) for your subscription. Defender for Containers is now ready to scan images in your registries.
+- Enable one of the following plans for your subscription:
 
-    >[!NOTE]
-    > This feature is charged per image.
+    - [Defender CSPM](concept-cloud-security-posture-management.md). Make sure to also enable the Container registries vulnerability assessments (preview) extension.
+    - [Defender for Containers](defender-for-containers-enable.md). Defender for Containers is now ready to scan images in your registries.
+
+        >[!NOTE]
+        > This feature is charged per image.
 
 - If you want to find vulnerabilities in images stored in other container registries, you can import the images into ACR and scan them.