Note: This integration is still in BETA, some issue may exist. contact support for any question
Microsoft Defender 365 threat and vulnerability management capabilities - Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. login to Microsoft 365 Defender portal.
Improve vulnerability management by connecting to Vulcan platform to prioritize vulnerabilities with more context and automate remediation actions
Role required to generate the API key, Microsoft Azure portal administrator.
Setting up the API key
Log in to the Microsoft Azure portal by using your Azure portal administrator credentials.
In the left navigation panel on the Home pane, click Azure Active Directory.
In the Overview pane, click App Registrations.
In the App registrations (Preview) pane, click New Registration.The Register an application form is displayed.
On the form, fill in the fields. Register an application
Name - Enter a name for the integration, for example: Vulcan Cyber MS TVM integration
Supported account types - Accounts in this organizational directory only
The Application (client) ID and Directory (tenant) ID are created. Enter these values on the configuration page in the Client ID and Tenant ID fields during the configuration step in the Vulcan connector configuration described below.
When you see the Application (client) ID displayed in the Vulcan Cyber MS TVM integration pane, click View API Permissions.
Navigate to Request API permissions > APIs my organization uses, and then click Windows Defender ATP.
In the Vulcan Cyber MS TVM integration - API permissions pane, click Add a Permission.
Provide read access to machines, vulnerabilities, and security recommendations.
Click Grant Admin Consent for <your organization name>.
Navigate to Vulcan Cyber MS TVM integration > Certificates & Secrets, and then click New Client secret.
On the form, fill in the fields for Client secrets:
Description - application description
Expires - date of expiration
The Value field is populated with the new client secret, which is your new password.
Note: You will need this password when you are configuring the integration in the Vulcan connector configuration.
Save this password in a secure location. After you leave this page, this password is not available.
You have successfully created an application ID for authentication in the Microsoft Azure portal. Continue in the Vulcan platform.
Log in to your Vulcan Cyber platform and click on Connectors.
Click on the Add a Connector button.
Click on the Microsoft TVM icon.
Enter the following information into the connector setup page.
Tenant Id - previously created in Azure portal.
App Id - previously created in Azure portal.
API Token - secret key password previously generated.
Inactive Assets - In this example, the default value of 30 days is used. To remove inactive assets quicker or keep them longer, as seen by Microsoft TVM, change this value to suit your needs.
Once all information has been entered, click the Test Connectivity button to verify that Vulcan Cyber can connect to your Microsoft TVM instance, as shown below, and finally click the Create button.
Navigate to the Connectors page and once the Microsoft TVM icon shows as Connected, the connection is complete.
Locating Microsoft Defender threat and vulnerability management vulnerabilities in Vulcan Cyber
As Microsoft Defender threat and vulnerability management discovers vulnerabilities also named weaknesses, the Vulcan Cyber connector will import those vulnerabilities for reporting and action. With a large number of assets and potential vulnerabilities discovering specific vulnerabilities via source is made easy with filters.
Open the Vulcan Cyber dashboard and navigate to the Vulnerabilities section. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate Microsoft TVM on the vulnerability source list and click to filter results by Microsoft TVM.
Click on any vulnerability to view further information and potentially take action by clicking the Take Action drop-down and choosing an option, as shown below.
Locating Microsoft TVM assets in Vulcan Cyber
To view assets scanned managed by Microsoft TVM in Vulcan platform go to Assets tab, filter by Connector. choose Microsoft TVM. this should match the device inventory list in Microsoft TVM