Microsoft Defender Vulnerabilities Event Monitor Reference Guide

MS Defender Vulnerabilities Event Monitor

The Microsoft Defender Vulnerabilities Event Monitor monitors and alerts on device vulnerabilities using Microsoft Defender.

Overview

This event monitor sends alerts about MS Defender vulnerabilities.

Use Cases

Receiving alerts about Defender vulnerabilities including health status, risk score, and exposure levels

Monitoring Options

This event monitor provides the following options:

Alert with [Info/Warning/Error/Critical] if Azure cannot be contacted

This option will send you an alert if the event monitor cannot contact Azure.

Alert with [Info/Warning/Error/Critical] if the device is not found in Microsoft Defender

This option will alert you if one or more of the devices you're monitoring aren't found in Microsoft Defender.

Alert with [Info/Warning/Error/Critical] if the device's health status is not in an active state

Use this option to receive an alert if the health status of one or more connected devices is not in an active state.

Alert with [Info/Warning/Error/Critical] if the device's exposure level is [low/medium/high] or more severe

This option controls alerting about the exposure levels of your network device. Choose a level of alert and a severity threshold that will trigger this alert.

Alert with [Info/Warning/Error/Critical] if the device's risk score is [informational/low/medium/high] or more severe

This option will send an alert of your choosing if FrameFlow detects the device's risk score as higher than the threshold you specify.

Alert with [Info/Warning/Error/Critical] if the device has vulnerabilities with a severity of [low/medium/high/critical] or higher

This option will send an alert if one or more devices have vulnerabilities with a severity over the threshold you define.

Alert if a specific amount of time has passed since the last device check-in

This option will alert you if more than the amount of time you specify has passed since the last device check-in.

Authentication and Security

The account used to authenticate with FrameFlow must have Machine.Read.All and Machine.ReadWrite.All at the application level.

Protocols

HTTPS

Data Points

This event monitor does not generate any data points.

Sample Output

Back to Library

Comments

There are no user-contributed comments for this page. Be the first to submit a comment!

Add a comment

Search Results

Microsoft Defender Vulnerabilities Event Monitor Reference Guide

MS Defender Vulnerabilities Event Monitor

Overview

Use Cases

Monitoring Options

Alert with [Info/Warning/Error/Critical] if Azure cannot be contacted

Alert with [Info/Warning/Error/Critical] if the device is not found in Microsoft Defender

Alert with [Info/Warning/Error/Critical] if the device's health status is not in an active state

Alert with [Info/Warning/Error/Critical] if the device's exposure level is [low/medium/high] or more severe

Alert with [Info/Warning/Error/Critical] if the device's risk score is [informational/low/medium/high] or more severe

Alert with [Info/Warning/Error/Critical] if the device has vulnerabilities with a severity of [low/medium/high/critical] or higher

Alert if a specific amount of time has passed since the last device check-in

Authentication and Security

Protocols

Data Points

Sample Output

Comments

Home

Upgrading

Technical Articles

Reference Guides

Free Tools

Troubleshooting

Integration Guides

News and Updates

Contact Support