Endpoint Risk Insights
by Avanade USA
Focus on your most at-risk assets.
Traditional vulnerability assessments often fall short missing the context needed to act with confidence. Endpoint Risk Insights transforms how security teams manage endpoint risk by automatically identifying high-impact vulnerabilities (CVSS ≥ 9.0), surfacing CISA Known Exploited Vulnerabilities (KEVs), and monitoring Defender sensor health across the environment.
By focusing on threats with known exploits, this agent empowers teams to respond faster and smarter—reducing manual effort and enabling risk-based remediation. The result? Stronger endpoint resilience, streamlined operations, and protection where it matters most.
Agents Tasks:
The Endpoint Risk Insights agent enhances endpoint security by automatically detecting high-impact vulnerabilities (CVSS ≥ 9.0), surfacing CISA Known Exploited Vulnerabilities (KEVs), and monitoring Defender sensor health. It enables faster, risk-based remediation, helping security teams respond efficiently and strengthen endpoint resilience.
Agent Workflow:
Discover Devices – Identify endpoints to scan using KQL on Manifest
Analyze CVEs – Flag critical vulnerabilities (CVSS ≥ 9.0) using KQL on Manifest
Find Threat Intelligence – Match CVEs against CISA Known Exploited Vulnerabilities.
Assess Sensor Health – Evaluate Defender sensor status using KQL on Manifest
Generate Report – Summarize findings and highlight top risks.
Inputs:
- Microsoft Defender for Endpoint
- CISA Kev Database
- Summary Report
- Executive Overview
- Top 5 Vulnerable Devices
- Device Health Status
- Critical CVEs with KEV, Recommendation
- Excel Report Attachment