icon-itdr.svg
ITDR

Viewing the Exposed Endpoint Credential Detailed Findings and Recommendations Details

Detailed Findings allows you to focus on the top exposed credential issues on the endpoints. You can view a list of the top 5 exposed credentials on the Endpoint Credential Exposure dashboard. These are issues that have the highest impact on your domain risk severity level. Having visibility into these riskiest exposed credentials helps you prioritize what to focus on first. If you fix these issues first, you can significantly lower the domain risk severity level.

To view the exposed credential issues details:

  1. Go to ITDR > Dashboard > Endpoint Credential Exposure.
  2. Select a date from the As of Date calendar to view the total number of exposed credential issues on that scan date.

  3. Click Detailed Findings and Recommendations, or click an exposed credential issue.

    The Detailed Findings page appears. Select a credential exposure issue in the list to view the following details. Click a severity level (Low, Medium, High, or Critical) to filter the issues.

    • Issue: The name of the issue.
    • Type of Risk: The type of credential exposure issue.
    • Severity: The severity level of the issue (Critical, High, Medium, or Low).
    • Remediation: The remediation assessment (Easy, Moderate, or Difficult).
    • MITRE ATT&CK ID: The MITRE ATT&CK technique ID (e.g., T1552.005, T1078.002, etc.). Click the ID to view more details about the attack technique.
    • MITRE ATT&CK TACTICS: The type of MITRE ATT&CK tactic (e.g., Credential Access, Lateral Movement, etc.).
    • What is the issue?: The description of the issue.
    • What is the impact?: The consequences of the attack.
    • Remediation: The steps to remediate the issue.
    • References: A link to the Microsoft documentation, where you can view guidance and best practices for remediation.
    • Who is affected?: The details of the identities with exposed credentials.

      You can clean up credentials only if the feature is supported for this exposure. To learn more, see Cleaning Up Exposed Endpoint Credentials. You can use the Actions menu to copy specific columns from the table and download the table as a CSV or JSON file.

Related Articles
About the Endpoint Credential Exposure DashboardDownloading Endpoint Credential Exposure Scan DataDownloading the Endpoint Credential Exposure Executive Summary ReportViewing Exposed Endpoint Credential Details by Scan TypeCleaning Up Exposed Endpoint CredentialsViewing the Exposed Endpoint Credential Risk Reduction RoadmapViewing the Exposed Endpoint Credential Detailed Findings and Recommendations DetailsViewing Exposed Endpoint Credential Issues Grouped by MITRE ATT&CK TechniquesViewing Privilege Escalation Attack Paths for Exposed Endpoint CredentialsViewing Identities with Exposed Endpoint Credentials