Microsoft Defender for Endpoint (aka ATP) – Vulnerabilities
About
Microsoft Defender for Endpoint provides real-time monitoring, threat detection, and vulnerability assessment to enable management of all vulnerabilities across a network. The platform identifies potential security risks, prioritizes them based on severity and exploitability, then automates remediation processes to mitigate threats and improve overall security posture.
Why You Should Integrate
Integrating with Microsoft Defender for Endpoint will provide visibility into vulnerabilities impacting your environment by identifying vulnerabilities that have been detected by Microsoft Defender for Endpoint.
How Does the Integration Work
This integration pulls vulnerability assets from the Microsoft Defender for Endpoint security console that meet the following criteria:
- Vulnerabilities detected within your configured retention period
- Vulnerabilities accessible to the user (ApplicationID) based on vulnerability group settings
This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.
If you haven't already, please review our instructions for configuring the Microsoft Active Directory integration before proceeding with the instructions below.
Configuration Options
Tenant ID
This access schema includes all vulnerability assets associated with your Tenant ID
| Field | Description | Example |
|---|---|---|
Tenant ID* | The unique tenant ID associated with the vulnerabilities you would like to import into Sevco | 00000000-0000-0000-0000-000000000000 |
Tenant ID and Onboarding Status Settings
This access schema only includes vulnerability assets associated with your Tenant ID that belong to the categories you have selected.
| Field | Description | Example |
|---|---|---|
Tenant ID* | The unique tenant ID associated with the vulnerabilities you would like to import into Sevco | 00000000-0000-0000-0000-000000000000 |
Include Onboarded Status | Imports vulnerabilities that are in an Onboarded status into your Vulnerability Inventory | n/a |
Include Insufficient Info Status | Imports vulnerabilities that are in an Insufficient Info status into your Vulnerability Inventory | n/a |
Include Can Be Onboarded Status | Imports vulnerabilities that are in a Can Be Onboarded status into your Vulnerability Inventory | n/a |
Include Unsupported Status | Imports vulnerabilities that are in an Unsupported status into your Vulnerability Inventory | n/a |
Source Documentation
Creating credentials
See platform documentation for details on Microsoft Defender for Endpoints - Creating Credentials
Required Permissions
The following permission(s) are required:
Vulnerability.Read.All
Click here for instructions on editing application permissions.
API Documentation
List Vulnerability Inventory API
Contact Us
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud, epp-edr
Updated 13 days ago