Ga naar hoofdinhoud

MS Defender Vulnerabilities Event Monitor

The Microsoft Defender Vulnerabilities Event Monitor monitors and alerts on device vulnerabilities using Microsoft Defender.

Overview

This event monitor sends alerts about MS Defender vulnerabilities.

Use Cases

  • Receiving alerts about Defender vulnerabilities including health status, risk score, and exposure levels

Monitoring Options

This event monitor provides the following options:

  • Alert with [Info/Warning/Error/Critical] if Azure cannot be contacted: This option will send you an alert if the event monitor cannot contact Azure.
  • Alert with [Info/Warning/Error/Critical] if the device is not found in Microsoft Defender: This option will alert you if one or more of the devices you're monitoring aren't found in Microsoft Defender.
  • Alert with [Info/Warning/Error/Critical] if the device's health status is not in an active state: Use this option to receive an alert if the health status of one or more connected devices is not in an active state.
  • Alert with [Info/Warning/Error/Critical] if the device's exposure level is [low/medium/high] or more severe: This option controls alerting about the exposure levels of your network device. Choose a level of alert and a severity threshold that will trigger this alert.
  • Alert with [Info/Warning/Error/Critical] if the device's risk score is [informational/low/medium/high] or more severe: This option will send an alert of your choosing if FrameFlow detects the device's risk score as higher than the threshold you specify.
  • Alert with [Info/Warning/Error/Critical] if the device has vulnerabilities with a severity of [low/medium/high/critical] or higher: This option will send an alert if one or more devices have vulnerabilities with a severity over the threshold you define.
  • Alert if a specific amount of time has passed since the last device check-in: This option will alert you if more than the amount of time you specify has passed since the last device check-in.

Authentication and Security

The account used to authenticate with FrameFlow must have Machine.Read.All and Machine.ReadWrite.All at the application level.

Protocols

Data Points

This event monitor does not generate any data points.

Sample Output

Sample Output