3rd Party Degraded Service: [Connector - MS Defender TVM]

Update timeline

1. investigating Oct 30, 2024, 02:48 PM UTC

   We are currently investigating an issue with a 3rd party for failed responses [MS Defender TVM.] This issue is isolated to the single 3rd party. We are currently unable to extract data from their endpoint.

2. identified Oct 31, 2024, 12:15 PM UTC

   The MS Defender TVM Connector issue has been identified as isolated to a 3rd party service degradation. This is currently affecting our ability to retrieve vulnerability data, resulting in failed responses from the MS Defender TVM endpoint, we are actively weighing possible workarounds to mitigate the impact while awaiting further updates from Microsoft.

3. monitoring Nov 01, 2024, 05:35 PM UTC

   The CVM engineering team has identified an issue with the Microsoft Defender for Endpoint APIs. Currently, attempting to export files from the following endpoint: https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesExport results in a 404 error indicating that the specified blob does not exist. As a temporary workaround, we have moved the vulnerability extracts to the SoftwareVulnerabilitiesByMachine endpoint. Please note this endpoint operates significantly slower than the file export previously used, therefore, we expect connector runs to take longer than usual while the workaround is in place. The engineering team will continue collaborating with Microsoft to revert to the original file export API once the issue is resolved.

4. resolved Nov 06, 2024, 03:15 PM UTC

   This incident has been resolved.