Open Findings
0
Filtered active records
Patch Now Queue
0
Critical + high priority
Attack Path Linked
0
Recommendations with path context
Resource Types
0
Catalog entries represented
Recommendations
0
Unique recommendation names
Remediation Backlog
Sortable backlog with separated finding context fields. Plan objectives from Topology and Reports views.
| Controls | Techniques | Track | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Prioritization Logic
Click cards for quick-focus triage
Critical Findings
0
High Findings
0
Exposed Secrets
0
Internet Exposed
0
Remediation Planning Board
Scalable queue board: summary aggregation for large imports, detailed cards for drag/drop execution.
Summary mode groups by recommendation to keep high-volume datasets actionable.
Board focus: none (default view)
Patch Now
0
C0
H0
Next Sprint
0
C0
H0
Monitor / Accept
0
C0
H0
Catalog Coverage
Resource types and recommendations seeded from Learn references
Resource Type Catalog
Recommendation Catalog
Seed taxonomy aligned to Microsoft Learn references:
recommendations reference (data),
compute,
networking,
identity,
container,
app service,
API,
AI,
serverless,
support matrix,
secure score controls,
risk factors.
Mock dataset by default; importing CSV replaces filter/catalog values with CSV-derived values. Phase 1 tracker state is stored in JSON files (bound local file or export/import JSON).
CSV headers supported: subscription, resource group, resource type, resource name, finding description, recommendation name, severity, attack path mapping, controls, tactics, techniques, status, risk factors, owner, governance status, completion status, due date (plus optional category, plan lane, priority score).
Azure Topology
Subscription to resource group to resource map with risk highlighting and clickable nodes.
Official Azure icons: drop icon SVGs into
assets/azure-icons/ to enrich resource nodes.
Reports
Flow analysis across severity, controls, tactics, and objective-driven remediation lanes.
Help Centre
Comprehensive operating guide for imports, remediation planning, tracking, and reporting workflows.
Current Dataset Snapshot
Live summary of what is currently loaded in this browser session. These counters update each time data is imported, filtered, or tracked.
Findings Loaded
0
Subscriptions
0
Resource Types
0
Recommendations
0
Tracked Decisions
0
Data Mode
MOCK DATA
Tracker Mode
TRACKER MANUAL
Quick Start
1. Import data: use Import CSV for recommendations and security findings.
2. Scope your triage: apply Severity chips, then refine by Subscription, Resource Type, Control, Tactic, and keyword search.
3. Prioritize execution: use Topology and Reports nodes to set plan lane/objective decisions directly from scoped findings.
4. Persist decisions: bind or export tracker JSON so owner, status, due date, notes, and remediation choices survive future CSV refreshes.
5. Hand over actions: export a consolidated execution file using Export Decisions CSV.
CSV Inputs and Mapping
Primary file: Defender for Cloud recommendations export feeds the main findings model.
Optional second file: regulatory/compliance export can be imported and merged when your operating model tracks both score and benchmark controls.
Policy file: use the separate Azure Policy Viewer app for policy-assignment/compliance exports.
Header support: flexible alias mapping is built in. Common fields: subscription, resource group, resource name/type, recommendation, finding, severity, controls, tactics, techniques, status, owner, due date.
Blank resource group handling: empty groups are mapped to Identity / Tenant Scope instead of an unmapped placeholder.
ID behavior: synthetic IDs are normalized and sequenced to keep stable row ordering after import.
Export from Defender for Cloud
Recommendations CSV (maps to Import CSV): In Azure portal go to Microsoft Defender for Cloud -> Recommendations, apply required filters, then choose Download CSV report.
Regulatory Compliance CSV (optional additional Import CSV file): Go to Microsoft Defender for Cloud -> Regulatory compliance, select the relevant standard/scope, then use Download report and choose CSV.
Policy compliance CSV: Export from Azure Policy compliance views (for example Compliance list exports), then open it in the Azure Policy Viewer app.
For very large tenants: export by subscription, management group, or severity in batches to avoid portal/export limits.
Overview Workspace
Severity strip: the top chips are global filters; the All chip returns full scope instantly.
KPI cards: interactive cards focus specific slices such as Patch Now queue, resource type catalog, and recommendation de-duplication.
Remediation Backlog: each column supports sorting and per-column filters for fast pinpointing by resource, owner, status, or recommendation.
Planning model: primary remediation planning is now executed from Topology and Reports workspaces using scoped popups and objective actions.
Back to default: use filter reset controls (top bar and per-workspace reset buttons) to return to the default scope quickly.
Topology Workspace
Navigation model: Subscription -> Resource Group -> Resource graph with connected links and risk roll-up by severity.
Left-click behavior: click a Subscription/Resource Group to drill scope; click a Resource node to open remediation planning actions.
Right-click behavior: opens detailed findings context for the selected node (including severity emphasis and tracked metadata).
Interaction controls: drag nodes to reposition, zoom in/out, adjust node limits, and reset topology view.
Critical
High
Medium
Low
Reports Workspace
Sankey reports: switch among Severity -> Control -> Objective, Tactic -> Severity -> Objective, and Subscription -> Severity -> Objective.
Lane toggles: tick boxes let you remove Patch Now and Next Sprint, and the dedicated objective-lane toggle controls Monitor visibility.
Interactive filtering: click severity or lane legend chips and any node to isolate report paths; monitor objective nodes can be toggled independently.
Objective setting: right-click any report node to open findings, then use Plan Lane + Objective controls to bulk-apply remediation intent.
Readability controls: Top Nodes and Zoom settings help with crowded datasets.
Tracker Files and Decisions
Tracker fields: owner, remediation option, governance/completion status, due date, plan lane, and notes.
Bind Tracker File: binds a local JSON file handle so updates can be written back to the same file when browser permissions allow.
Import Tracker: loads previously exported/bound JSON state into the current session.
Export Tracker: creates a JSON snapshot of all tracked decisions for sharing or backup.
Refresh-safe behavior: tracker entries are keyed to findings and merged when new CSV files are imported so planning state is retained.
Exports and Handover
Export Decisions CSV: emits analyst decisions in tabular form for remediation teams, PMO tracking, or external reporting.
Report drilldown: recommendation/resource explorer dialogs include export options for focused subsets.
Operational cadence: recommended cycle is import latest CSV -> merge tracker -> triage changes -> export decision pack.
Performance and Scale Tips
Large files (for example 30MB): start in summary views and narrower filters before opening detail-heavy pages.
Table rendering: backlog rows are paged in chunks; use Load More only when needed.
Topology limits: reduce Resource Nodes for initial map load and zoom in progressively.
Best practice: split giant source exports into logical slices (by subscription or severity) when investigating specific outcomes.