Merge pull request #4680 from MicrosoftDocs/main

[AutoPublish] main to live - 08/06 01:35 PDT | 08/06 14:05 IST

Author: m365-skilling-repo-management[bot]

defender-endpoint/api/get-assessment-software-vulnerabilities.md

@@ -335,20 +335,19 @@ Returns a table with an entry for every unique combination of DeviceId, Software
 > [!NOTE]
 > We refresh the __Full _Software Vulnerabilities Assessment(Flat/Full VA) by Device___ export every __six hours__ and store each snapshot in blob storage; the API always serves the latest snapshot, to emphasize  calling the Get Endpoint won't to trigger a generation, call get endpoint will just read latest Flat OR Delta After sinceTime.
 > A successful completion of Full VA export will trigger __delta export__ that captures the changes from latest Flat VA processed by Delta to new Flat VA.
-> > __RBAC-scoped duplicates__
+> > > __RBAC-scoped duplicates__
 > > Because exports are scoped by __RBACGroup__, a device that moves from one RBAC group to another will appear __twice__ in a Delta export when you query with the global view (`RBACGroup=*`): once under its previous group with status "Fixed" and once under its current group with status "New". Use the `rbacGroupId` and device identifiers together (or de-duplicate on your side) if you need a single authoritative record per device.
-> 
-> Recommended pull pattern
-> 
+> > 
+
+#### 3.1.0 Recommended pull pattern
+
 1. __Baseline__ – Download the full VA(Flat VA) export on your preferred cadence (weekly is often sufficient).
 
 1. __Stay current__ – delta export between full snapshots(Delta can be queried up to 14 days into the past).
 
 1. __Handle RBAC moves__ – When processing a Delta, de-duplicate entries where the same `Id(deviceId_software_` version _ cve`)`appears under multiple `rbacGroupId` values.
 
 1. When "Status" = Fix" the calcualtion of  "EventTimestamp"- "FirstSeenTimestamp" should give you an estimation on when the CVE was fixed up to a granularity of 6 hours(because of Delta worker run interval).
-
-
 #### 3.1.1 Limitations
 
 - Maximum page size is 200,000.
@@ -586,6 +585,7 @@ GET https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilityC
 - [Export secure configuration assessment per device](get-assessment-secure-config.md)
 - [Export software inventory assessment per device](get-assessment-software-inventory.md)
 - [Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management)
+
 - [Vulnerabilities in your organization](/defender-vulnerability-management/tvm-weaknesses)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]