Merge pull request #1930 from DebLanger/link_fix

DebLanger · web-flow · commit 3e58c80d88a4 · 2024-11-18T15:54:59.000+02:00
fix links
diff --git a/exposure-management/Qualys-data-connector.md b/exposure-management/Qualys-data-connector.md
@@ -61,8 +61,8 @@ Here are some common issues that might arise when configuring the Qualys Connect
 
 | **Error Type**                                               | **Troubleshooting Action**                                   |
 | ------------------------------------------------------------ | ------------------------------------------------------------ |
-| **Error code** 401: Authorization failure                    | An authorization failure indicates that credentials might not be correct, or there might not be sufficient permissions to access the Qualys data. Check your credentials and make sure they're correct and valid. Also check that your credentials have the required permissions. See the Qualys [configuration section](#qualys-configuration) for details on how to assign the appropriate role and scope. <br>You can validate your user credentials by running the following:<br>curl -u "user:password" -H "X-Requested-With: Curl" -X "POST"-d "action=list" "[https://qualysapi.qg1.apps.qualys.ca/qps/rest/2.0/search/am/hostasset](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fqualysapi.qg1.apps.qualys.ca%2Fqps%2Frest%2F2.0%2Fsearch%2Fam%2Fhostasset&data=05\|02\|dlanger@microsoft.com\|16df3effc63244b6236808dcfe9c61d1\|72f988bf86f141af91ab2d7cd011db47\|1\|0\|638665194889139624\|Unknown\|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D\|0\|\|\|&sdata=cnChKl0R%2BvXdnHEyWXwtokJXLWfJTBEkZksbJEvqiqA%3D&reserved=0)" >output.txt |
-| **Error code** 409: Possible insufficient permissions        | Qualys connector utilizes the knowledge_base API which requires specific permissions. You can see more details in the KnowledgeBase section of [this Qualys API document](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcdn2.qualys.com%2Fdocs%2Fqualys-api-vmpc-user-guide.pdf&data=05\|02\|dlanger@microsoft.com\|16df3effc63244b6236808dcfe9c61d1\|72f988bf86f141af91ab2d7cd011db47\|1\|0\|638665194889160705\|Unknown\|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D\|0\|\|\|&sdata=6VlESEXXIudzrf3WFAqAqXu775Q72%2FynZxGt75W0%2BVk%3D&reserved=0). <br>To validate the provided user has sufficient permissions, run the following command and verify it succeeds:<br>curl -u "user:password" -H "X-Requested-With: Curl" -X "POST"-d "action=list""[https://qualysapi.qg1.apps.qualys.ca/api/2.0/fo/knowledge_base/vuln/](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fqualysapi.qg1.apps.qualys.ca%2Fapi%2F2.0%2Ffo%2Fknowledge_base%2Fvuln%2F&data=05\|02\|dlanger@microsoft.com\|16df3effc63244b6236808dcfe9c61d1\|72f988bf86f141af91ab2d7cd011db47\|1\|0\|638665194889173173\|Unknown\|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D\|0\|\|\|&sdata=g8%2BzcLq3rI%2B2%2F6ii9WNiyKBsHzGU7vQPfMKT232C5f4%3D&reserved=0)" >output.txt <br>In case it fails, refer to Qualys documentation to mitigate. |
+| **Error code** 401: Authorization failure                    | An authorization failure indicates that credentials might not be correct, or there might not be sufficient permissions to access the Qualys data. Check your credentials and make sure they're correct and valid. Also check that your credentials have the required permissions. See the Qualys [configuration section](#qualys-configuration) for details on how to assign the appropriate role and scope. <br>You can validate your user credentials by running the following:<br>curl -u "user:password" -H "X-Requested-With: Curl" -X "POST"-d "action=list" "[https://qualysapi.qg1.apps.qualys.ca/qps/rest/2.0/search/am/hostasset](https://qualysapi.qg1.apps.qualys.ca/qps/rest/2.0/search/am/hostasset)" >output.txt |
+| **Error code** 409: Possible insufficient permissions        | Qualys connector utilizes the knowledge_base API which requires specific permissions. You can see more details in the KnowledgeBase section of [this Qualys API document](https://cdn2.qualys.com/docs/qualys-api-vmpc-user-guide.pdf). <br>To validate the provided user has sufficient permissions, run the following command and verify it succeeds:<br>curl -u "user:password" -H "X-Requested-With: Curl" -X "POST"-d "action=list""[https://qualysapi.qg1.apps.qualys.ca/api/2.0/fo/knowledge_base/vuln/](https://qualysapi.qg1.apps.qualys.ca/api/2.0/fo/knowledge_base/vuln/)" >output.txt <br>In case it fails, refer to Qualys documentation to mitigate. |
 | **Error code 403:** Access forbidden error                   | This error indicates that the provided credentials lack the necessary permissions to run the requested APIs. Update your credentials with the proper permissions as described in the [configuration section](#qualys-configuration), and make sure they have at minimum the Read Asset permissions. |
 | **Error code 404:** Not found error                          | This error indicates that the requested endpoint wasn't found to be reachable. Verify that your Qualys API endpoint is correct, see the [configuration section](#qualys-configuration) for details. |
 | **Error code 429** 'Too many requests"                       | The system periodically pulls data from the configured external providers, which might have a limit on the number of concurrent requests. We recommend creating a dedicated user or account for the connector to avoid reaching this limit. |
diff --git a/exposure-management/Rapid7-data-connector.md b/exposure-management/Rapid7-data-connector.md
@@ -44,10 +44,10 @@ Here are some common issues that might arise when configuring the Rapid7 Connect
 
 | **Error Type**                                                    | **Troubleshooting Action**                                   |
 | ------------------------------------------------------------ | ------------------------------------------------------------ |
-| 'The remote server name couldn't be resolved' error message | Verify the Rapid7 endpoint. Learn more about how to determine your Rapid7 API endpoint [here](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.rapid7.com%2Finsight%2Fapi-overview%23endpoint&data=05\|02\|dlanger@microsoft.com\|16df3effc63244b6236808dcfe9c61d1\|72f988bf86f141af91ab2d7cd011db47\|1\|0\|638665194889184920\|Unknown\|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D\|0\|\|\|&sdata=s1lGW1eKqmNLGqe%2FNxbMZvszhRwRzGM6AD6Gv0w26IU%3D&reserved=0). |
+| 'The remote server name couldn't be resolved' error message | Verify the Rapid7 endpoint. Learn more about how to determine your Rapid7 API endpoint [here](https://docs.rapid7.com/insight/api-overview/#endpoint). |
 | **Error code 401**: Authorization failure                    | An authorization failure indicates that credentials might not be correct, or there might not be sufficient permissions to access the Rapid7 data. Check your API key and verify that it's valid, and that the account isn't locked. In some cases, we have found that using an organization key works more successfully than generating a user key. <br>Try testing the connection with an organization key. You can test your credentials by running the following commands:<br>`curl -l --request POST --location 'https://\<region\>.api.insight.rapid7.com/vm/v4/integration/assets?size=2&includeSame=true' --header 'X-API-Key:\<key\>' --header 'Content-Type: application/json' –header ‘Accept: application/json’`<br> `curl -l --request POST --location 'https://\<region\>.api.insight.rapid7.com/vm/v4/integration/vulnerabilities?size=2’ --header 'X-API-Key:\<key\>' --header 'Content-Type: application/json' –header ‘Accept: application/json’`<br>If these fail and describe the error, refer to the Rapid7 documentation to mitigate. |
 | **Error code 403:** Access forbidden error                   | This error indicates that the provided credentials lack the necessary permissions to run the requested APIs. Ensure that your API key is generated with a user that has sufficient permissions to access the Rapid7 data. |
-| **Error code 404:** Not found error                          | This error indicates that the requested endpoint wasn't found to be reachable. Verify that your Rapid7 endpoint is correct. Learn more about how to determine your Rapid7 API endpoint [here](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.rapid7.com%2Finsight%2Fapi-overview%23endpoint&data=05\|02\|dlanger@microsoft.com\|16df3effc63244b6236808dcfe9c61d1\|72f988bf86f141af91ab2d7cd011db47\|1\|0\|638665194889196555\|Unknown\|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D\|0\|\|\|&sdata=2aWPJYDlYwjkR6RFf3hrzT0daw%2BmFGE53W4rLf3zpY8%3D&reserved=0). |
+| **Error code 404:** Not found error                          | This error indicates that the requested endpoint wasn't found to be reachable. Verify that your Rapid7 endpoint is correct. Learn more about how to determine your Rapid7 API endpoint [here](https://docs.rapid7.com/insight/api-overview/#endpoint). |
 | 'Temporary connectivity issues' error message                | Check the configuration details (endpoint URL and API Key) and make sure they're valid. Review the Rapid7 the [configuration section](#rapid7-configuration) for details. |
 | Not seeing my assets or the vulnerabilities reported by Rapid7 in the ingested data | See [Retrieved data](#retrieved-data) for a description of the expected data to be retrieved by the Rapid7 connector. If there's still missing data, contact Support. |
 | Rapid7 allowed IPs need to be configured to enable Exposure Management connectors to access Rapid7 | Read how to add the set of IPs to add to your allowlist here: [Allowlist IP addresses](configure-data-connectors.md#allowlist-ip-addresses). |
diff --git a/exposure-management/Tenable-data-connector.md b/exposure-management/Tenable-data-connector.md
@@ -31,7 +31,7 @@ Instructions for generating API keys for Tenable Vulnerability Management can be
 
 ### For more information
 
-To understand the Tenable API authorization model, see: [Authorization (tenable.com)](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.tenable.com%2Fdocs%2Fauthorization&data=05|02|dlanger@microsoft.com|2f15f56aca59477d800108dcfdb761d8|72f988bf86f141af91ab2d7cd011db47|1|0|638664211268030543|Unknown|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D|0|||&sdata=HMJD9P0Nqfot0ghZx9ZC7mmremd58oPuuKkVqGDmf1A%3D&reserved=0)
+To understand the Tenable API authorization model, see: [Authorization (tenable.com)](https://developer.tenable.com/docs/authorization)
 
 ## Establish Tenable connection in Exposure Management
 
@@ -57,7 +57,7 @@ The vulnerability data retrieved for Tenable is applicable to CVEs only, and not
 
 > [!NOTE]
 >
-> To retrieve the data on criticality of your Tenable assets (Tenable [Asset Criticality Rating](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.tenable.com%2Fvulnerability-management%2FContent%2FLumin%2FLuminMetrics.htm%23ACR&data=05|02|dlanger@microsoft.com|2f15f56aca59477d800108dcfdb761d8|72f988bf86f141af91ab2d7cd011db47|1|0|638664211268041890|Unknown|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D|0|||&sdata=vvsho76yIUdOqtQjjHLFvz8wyZ%2BD5Z694b6USengAso%3D&reserved=0)), you must have a [Tenable Lumin license](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.tenable.com%2Fvulnerability-management%2FContent%2FLumin%2FLuminGetStarted.htm&data=05|02|dlanger@microsoft.com|2f15f56aca59477d800108dcfdb761d8|72f988bf86f141af91ab2d7cd011db47|1|0|638664211268053146|Unknown|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D|0|||&sdata=Jn%2FcNYVEFw4RdsRkHK4hF6f9%2FR9NPiSf9GQxAaz8zFQ%3D&reserved=0) with Tenable. Criticality on devices is used by Exposure Management to discover attack paths to the most critical devices in your environment.
+> To retrieve the data on criticality of your Tenable assets (Tenable [Asset Criticality Rating](https://developer.tenable.com/docs/lumin-tio)), you must have a [Tenable Lumin license](https://docs.tenable.com/vulnerability-management/Content/Lumin/Lumin.htm?_gl=1*129gx63*_ga*OTMzMjE4NDQ4LjE3MzE5MzcxOTM.*_ga_HSJ1XWV6ND*MTczMTkzNzE5Mi4xLjEuMTczMTkzNzMyMS41OS4wLjEyNDQzNzMzOTc.) with Tenable. Criticality on devices is used by Exposure Management to discover attack paths to the most critical devices in your environment.
 
 ## Troubleshooting the connector
 
diff --git a/exposure-management/microsoft-security-exposure-management.md b/exposure-management/microsoft-security-exposure-management.md
@@ -75,7 +75,7 @@ For more information on data connectors, see [Data connectors overview](overview
 
 ## How do I buy Microsoft Security Exposure Management?
 
-Exposure Management is available in the Microsoft Defender portal at [https://security.microsoft.com](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity.microsoft.com%2F&data=05|02|dlanger@microsoft.com|535bfb9f198d4313d96108dd05e1a9d4|72f988bf86f141af91ab2d7cd011db47|1|0|638673189066169502|Unknown|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D|0|||&sdata=vOA7%2FeI4WU4tRMWSPiHTs4jrZX8%2B%2FN70wheiTBFPSDk%3D&reserved=0)
+Exposure Management is available in the Microsoft Defender portal at [https://security.microsoft.com](https://security.microsoft.com)
 
 Access to the exposure management blade and features in the Microsoft Defender portal is available with any of these licenses:
 
@@ -100,7 +100,7 @@ We currently ingest and process supported data from first-party Microsoft produc
 
 Microsoft product data is retained for no less than 14 days in the enterprise exposure graph and/or Microsoft Security Exposure Management. Only the latest data snapshot received from Microsoft products is retained; we do not store historical data.
 
-Some enterprise exposure graph and/or Microsoft Security Exposure Management experiences data is available for querying via Advanced Hunting and is subject to [Advanced Hunting service limitations](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fdefender-xdr%2Fadvanced-hunting-limits&data=05|02|dlanger@microsoft.com|2eeaacf0c0f2494a51a308dd06ea1a99|72f988bf86f141af91ab2d7cd011db47|1|0|638674324732464247|Unknown|TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D|0|||&sdata=cPz7p6NX%2BvUWkVwR4Wx0%2F5pJ0wbP6h8ZXsFSa4JrLxA%3D&reserved=0).
+Some enterprise exposure graph and/or Microsoft Security Exposure Management experiences data is available for querying via Advanced Hunting and is subject to [Advanced Hunting service limitations](../../defender-xdr/advanced-hunting-limits.md).
 
 We reserve the right to modify some or all of these parameters in the future, including:
 
