Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Defender for Servers plan in Microsoft Defender for Cloud uses Microsoft Defender Vulnerability Management to continuously scan your virtual machines (VMs) and identify vulnerabilities.
Defender for Servers presents the vulnerability findings as recommendations. Recommendations can include remediation steps, related CVEs, and CVSS scores. You can review them across subscriptions or focus on a specific VM.
If your organization needs to ignore certain findings instead of remediating them, you can disable them with a rule. Disabled findings don't affect your secure score, generate noise, or appear in the list of findings.
You might disable findings for:
- Vulnerabilities with a severity less than medium
- Vulnerabilities that aren't patchable.
- Vulnerabilities with CVSS score less than 6.5
- Findings with specific text in the security check or category (for example, “RedHat”)
Prerequisites
- Vulnerability scanning must be enabled.
- To create a rule to ignore findings, you need permissions to edit a policy in Azure Policy.
- View vulnerability assessment findings before you start.
Disable specific findings
Create a rule to disable findings as follows:
In Defender for Cloud > Recommendations. Find recommendation Machines should have vulnerability findings resolved.
In the recommendation details page > Take action tab, select Disable rule.
In Disable rule, specify the settings for disabling vulnerability findings. Findings will be disabled based on the settings criteria. You can specify:
- IDs: Enter the ID of the findings you want to disable. Separate multiple IDs with a semicolon
- CVEs: Enter valid CVEs for findings you want to disable.
- Categories: Enter the categories of findings.
- Security checks: Enter text from the name of the security checks for findings to disable.
- CVSS2 and CVSS3 scores: to filter by score, enter a value between 1-10.
- Minimum severity: Select Medium or High to exclude findings with a severity of less than that chosen.
- Patchable status: Select the checkbox to exclude findings that can't be patched.
Optionally add a justification, and then select Apply rule. It might take up to 24 hours to take effect.
To view the status of a rule, in the Disable rule page. In the Scope list, subscriptions with active findings show a status of Rule applied.
