Merge branch 'main' into ASTQR-chrisda

Author: chrisda

defender-endpoint/api/get-all-recommendations.md

@@ -100,34 +100,36 @@ Here is an example of the response.
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Recommendations",
     "value": [
         {
-            "id": "va-_-microsoft-_-windows_10" "va-_-microsoft-_-windows_11",
-            "productName": "windows_10" "Windows_11",
-            "recommendationName": "Update Windows 10" "Update Windows 11",
-            "weaknesses": 397,
+            "id": "va-_-microsoft-_-edge_chromium-based",
+            "productName": "edge_chromium-based",
+            "recommendationName": "Update Microsoft Edge Chromium-based to version 127.0.2651.74",
+            "weaknesses": 762,
             "vendor": "microsoft",
-            "recommendedVersion": "",
+            "recommendedVersion": "127.0.2651.74",
+            "recommendedVendor": "",
+            "recommendedProgram": "",
             "recommendationCategory": "Application",
             "subCategory": "",
             "severityScore": 0,
             "publicExploit": true,
             "activeAlert": false,
             "associatedThreats": [
-                "3098b8ef-23b1-46b3-aed4-499e1928f9ed",
-                "40c189d5-0330-4654-a816-e48c2b7f9c4b",
-                "4b0c9702-9b6c-4ca2-9d02-1556869f56f8",
-                "e8fc2121-3cf3-4dd2-9ea0-87d7e1d2b29d",
-                "94b6e94b-0c1d-4817-ac06-c3b8639be3ab"
+                "71d9120e-7eea-4058-889a-1a60bbf7e312"
             ],
             "remediationType": "Update",
             "status": "Active",
             "configScoreImpact": 0,
-            "exposureImpact": 7.674418604651163,
-            "totalMachineCount": 37,
-            "exposedMachinesCount": 7,
+            "exposureImpact": 1.1744086343876479,
+            "totalMachineCount": 261,
+            "exposedMachinesCount": 193,
             "nonProductivityImpactedAssets": 0,
-            "relatedComponent": "Windows 10" "Windows 11"
+            "relatedComponent": "Edge Chromium-based",
+            "hasUnpatchableCve": false,
+            "tags": [
+            "internetFacing"
+            ],
+            "exposedCriticalDevices": 116
         }
-        ...
      ]
 }
 ```

defender-endpoint/api/get-all-vulnerabilities.md

@@ -108,7 +108,9 @@ Here is an example of the response.
             "exploitInKit": false,
             "exploitTypes": [],
             "exploitUris": [],
-            "CveSupportability": "supported"  
+            "CveSupportability": "supported",
+            "tags": [],
+            "epss": 0.632
         }
     ]
 

defender-endpoint/api/get-recommendation-by-id.md

@@ -102,7 +102,11 @@ Here's an example of the response.
     "totalMachineCount": 6,
     "exposedMachinesCount": 5,
     "nonProductivityImpactedAssets": 0,
-    "relatedComponent": "Chrome"
+    "relatedComponent": "Chrome",
+    "tags": [
+    "internetFacing"
+    ],
+    "exposedCriticalDevices": 116
 }
 ```
 

defender-endpoint/api/recommendation.md

@@ -80,5 +80,7 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://si
 |exposedMachinesCount|Long|Number of installed devices that are exposed to vulnerabilities|
 |nonProductivityImpactedAssets|Long|Number of devices that aren't affected|
 |relatedComponent|String|Related software component|
-|
+|exposedCriticalDevices|Numeric|The sum of critical devices in all levels of criticality except “not critical" for a particular recommendation|
+
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]

defender-endpoint/api/vulnerability.md

@@ -64,5 +64,7 @@ exploitInKit|Boolean|Exploit is part of an exploit kit
 exploitTypes|String collection|Exploit affect. Possible values are: **Local privilege escalation**, **Denial of service**, or **Local**
 exploitUris|String collection|Exploit source URLs
 CveSupportability| String collection| Possible values are: **Supported**, **Not Supported**, or **SupportedInPremium**
+EPSS|Numeric| Represents the probability that a vulnerability will be exploited. This probability is expressed as a number between 0 and 1 (0%-100%) according to the EPSS model.
+
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]

defender-endpoint/internet-facing-devices.md

@@ -13,7 +13,7 @@ ms.collection:
 - tier2
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 07/10/2023
+ms.date: 07/31/2024
 ---
 
 # Internet-facing devices
@@ -64,6 +64,10 @@ You can use filters to focus in on internet-facing devices and investigate the r
 
    :::image type="content" source="/defender/media/defender-endpoint/internet-facing-filter.png" alt-text="Screenshot of the internet-facing filter" lightbox="/defender/media/defender-endpoint/internet-facing-filter.png":::
 
+The internet-facing device tag also appears in Microsoft Defender Vulnerability Management. This allows you to filter for internet-facing devices from the [weaknesses](/defender-vulnerability-management/tvm-weaknesses) and the [security recommendations](/defender-vulnerability-management/tvm-security-recommendation) pages in the Microsoft Defender portal. 
+
+   :::image type="content" source="/defender/media/defender-endpoint/internet-facing-weaknesses.png" alt-text="Screenshot of the internet-facing weaknesses" lightbox="/defender/media/defender-endpoint/internet-facing-weaknesses.png":::
+
 > [!NOTE]
 > If no new events for a device occur for 48 hours, the Internet-facing tag is removed and it will no longer be visible in the Microsoft Defender portal.
 

defender/media/defender-endpoint/internet-facing-filter.png renamed to defender-endpoint/media/internet-facing-filter.png

@@ -12,7 +12,7 @@ ms.collection:
   - Tier1
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 01/09/2024
+ms.date: 07/31/2024
 ---
 
 # Vulnerabilities in my organization
@@ -75,12 +75,31 @@ The **Exposed Devices** column shows how many devices are currently exposed to a
 
 ## Gain vulnerability insights
 
-If you select a CVE from the weaknesses page, a flyout panel opens with more information such as the vulnerability description, details and threat insights. The AI generated vulnerability description provides detailed information on the vulnerability, its impact, recommended remediation steps, and any additional information, if available.
+If you select a CVE from the weaknesses page, a flyout panel opens with more information such as the vulnerability description, details, and threat insights. The AI generated vulnerability description provides detailed information on the vulnerability, its effect, recommended remediation steps, and any additional information, if available.
 
    :::image type="content" source="/defender/media/defender-vulnerability-management/weaknesses-cve-description.png" alt-text="Screenshot of the weaknesses weaknesses-flyout pane" lightbox="/defender/media/defender-vulnerability-management/weaknesses-cve-description.png":::
 
 For each CVE, you can see a list of the exposed devices and the affected software.
 
+## Exploit Prediction Scoring System (EPSS) 
+
+The Exploit Prediction Scoring System (EPSS) generates a data-driven score for the probability of a known software vulnerability being exploited in the wild. EPSS uses current threat information from the CVE and real-world exploit data. For each CVE, the EPSS model produces a probability score between 0 and 1 (0% and 100%). The higher the score, the greater the probability that a vulnerability will be exploited. Learn more about [EPSS](https://www.first.org/epss/). 
+
+EPSS is designed to help enrich your knowledge of weaknesses and their exploit probability, and enable you to prioritize accordingly.
+
+To see the EPSS score select a CVE from the [Weaknesses](tvm-weaknesses.md) page in the Microsoft Defender portal:
+
+   :::image type="content" source="/defender/media/defender-vulnerability-management/tvm-weaknesses-epss.png" alt-text="Screenshot of the weaknesses epss score." lightbox="/defender/media/defender-vulnerability-management/tvm-weaknesses-epss.png":::
+
+When the EPSS is greater than 0.9, the **Threats** column tooltip is updated with the value to convey the urgency of mitigation:
+
+   :::image type="content" source="/defender/media/defender-vulnerability-management/tvm-weaknesses-epss-tip.png" alt-text="Screenshot of the weaknesses epss score in the threat tooltip." lightbox="/defender/media/defender-vulnerability-management/tvm-weaknesses-epss-tip.png":::
+
+> [!NOTE]
+ > Note that if the EPSS score is smaller than 0.001, it’s considered to be 0. 
+
+You can use the [Vulnerability API](/defender-endpoint/api/vulnerability) to see the EPSS score. 
+
 ## Related security recommendations
 
 Use security recommendations to remediate the vulnerabilities in exposed devices and to reduce the risk to your assets and organization. When a security recommendation is available, you can select **Go to the related security recommendation** for details on how to remediate the vulnerability.
@@ -98,7 +117,7 @@ If there's no security update available, the CVE will have the tag 'No security
 
 ## Request CVE support
 
-A CVE for software that isn't currently supported by vulnerability management still appears in the Weaknesses page. Because the software is not supported, only limited data will be available. Exposed device information will not be available for CVEs with unsupported software.
+A CVE for software that isn't currently supported by vulnerability management still appears in the Weaknesses page. Because the software is not supported, only limited data is available. Exposed device information won't be available for CVEs with unsupported software.
 
 To view a list of unsupported software, filter the weaknesses page by the "Not available" option in the "Exposed devices" section.
 
@@ -107,15 +126,15 @@ You can request for support to be added to Defender Vulnerability Management for
 1. Select the CVE from the [Weaknesses](https://security.microsoft.com/vulnerabilities/cves) page in the Microsoft Defender portal
 2. Select **Please support this CVE** from the Vulnerability details tab
 
-This request will be sent to Microsoft and will assist us in prioritizing this CVE among others in our system.
+The request is sent to Microsoft and will assist us in prioritizing this CVE among others in our system.
 
 :::image type="content" alt-text="Weakness flyout with support CVE button example." source="/defender/media/defender-vulnerability-management/weaknesses-support-cve.png" lightbox="/defender/media/defender-vulnerability-management/weaknesses-support-cve.png":::
 
 ## View Common Vulnerabilities and Exposures (CVE) entries in other places
 
 ### Top vulnerable software in the dashboard
 
-1. Go to the [Defender Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software, along with threat information and a high-level view of device exposure over time.
+1. Go to the [Defender Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You'll see the number of vulnerabilities found in each software, along with threat information and a high-level view of device exposure over time.
 
 :::image type="content" alt-text="Top vulnerable software card." source="/defender/media/defender-vulnerability-management/tvm-top-vulnerable-software500.png" lightbox="/defender/media/defender-vulnerability-management/tvm-top-vulnerable-software500.png":::
 
@@ -142,20 +161,20 @@ To see the detection logic:
 2. Select **Open device page** and select **Discovered vulnerabilities** from the device page.
 3. Select the vulnerability you want to investigate.
 
-A flyout will open and the **Detection logic** section shows the detection logic and source.
+A flyout opens and the **Detection logic** section shows the detection logic and source.
 
-:::image type="content" alt-text="Detection Logic example which lists the software detected on the device and the KBs." source="/defender/media/defender-vulnerability-management/tvm-cve-detection-logic.png":::
+:::image type="content" alt-text="Detection Logic example that lists the software detected on the device and the KBs." source="/defender/media/defender-vulnerability-management/tvm-cve-detection-logic.png":::
 
-The "OS Feature" category is also shown in relevant scenarios. This is when a CVE would affect devices that run a vulnerable OS if a specific OS component is enabled. For example, if Windows Server 2019 or Windows Server 2022 has vulnerability in its DNS component we'll only attach this CVE to the Windows Server 2019 and Windows Server 2022 devices with the DNS capability enabled in their OS.
+The "OS Feature" category is also shown in relevant scenarios. This is when a CVE would affect devices that run a vulnerable OS if a specific OS component is enabled. For example, if Windows Server 2019 or Windows Server 2022 has vulnerability in its DNS component we only attach this CVE to the Windows Server 2019 and Windows Server 2022 devices with the DNS capability enabled in their OS.
 
 ## Report inaccuracy
 
-Report a false positive when you see any vague, inaccurate, or incomplete information. You can also report on security recommendations that have already been remediated.
+Report a false positive when you see any vague, inaccurate, or incomplete information. You can also report on security recommendations that are already been remediated.
 
 1. Open the CVE on the Weaknesses page.
-2. Select **Report inaccuracy** and a flyout pane will open.
+2. Select **Report inaccuracy**.
 3. From the flyout pane, choose an issue to report.
-4. Fill in the requested details about the inaccuracy. This will vary depending on the issue you're reporting.
+4. Fill in the requested details about the inaccuracy. This varies depending on the issue you're reporting.
 5. Select **Submit**. Your feedback is immediately sent to the Microsoft Defender Vulnerability Management experts.
 
 :::image type="content" alt-text="Report inaccuracy options." source="/defender/media/defender-vulnerability-management/report-inaccuracy-software.png" lightbox="/defender/media/defender-vulnerability-management/report-inaccuracy-software.png":::