Merge pull request #2745 from MicrosoftDocs/main

Auto Publish – main to live - 2026-04-16 11:00 UTC

Author: learn-build-service-prod[bot]

articles/defender-for-cloud/TOC.yml

@@ -779,10 +779,10 @@
           - name: Overview
             displayName: k8s, containers, aks, nodes
             href: kubernetes-nodes-overview.md
-          - name: Kubernetes node vulnerability assessment
+          - name: Review and remediate VA findings for Kubernetes nodes
             displayName: k8s, containers, aks, node, vulnerability, assessment
             href: kubernetes-nodes-va.md
-          - name: Kubernetes node malware detection
+          - name: Review and remediate malware alerts for Kubernetes nodes
             displayName: k8s, containers, aks, node, malware
             href: kubernetes-nodes-malware.md
       - name: Image and runtime container vulnerability assessment
@@ -847,9 +847,10 @@
                 displayName: faq, frequently asked questions, gated deployment
                 href: faq-runtime-gated.md
       - name: Protect clusters with AKS Security Dashboard
-        displayName: k8s, containers
-        href: cluster-security-dashboard.md
-      - name: Investigate clusters with Cloud Security Explorer
+        items:
+          - name: Overview
+            href: cluster-security-dashboard.md
+      - name: Investigate Kubernetes vulnerabilities with Cloud Security Explorer
         displayName: k8s, containers
         href: cloud-security-explorer-kubernetes-clusters.md
       - name: Defender for container registries (deprecated)

articles/defender-for-cloud/alerts-ai-workloads.md

@@ -3,7 +3,7 @@ title: Alerts for AI services
 description: This article lists the security alerts for AI services visible in Microsoft Defender for Cloud.
 ms.topic: reference
 ms.custom: linux-related-content
-ms.date: 03/25/2026
+ms.date: 04/16/2026
 ai-usage: ai-assisted
 ms.author: elkrieger
 author: Elazark
@@ -321,8 +321,9 @@ Severity: High 
 
 **Severity:** Low 
 
-### Malicious content detected in uploaded AI model
+## Alerts for AI models
 
+### (Preview) Malicious content detected in uploaded AI model
 (Ai.AIModelScan_MalwareDetected)
 
 **Description:** A user-uploaded machine learning model was scanned and found to contain malware. The detection indicates the file may execute malicious code if loaded, posing a threat to account integrity, data confidentiality, and the compute environment.

articles/defender-for-cloud/cloud-security-explorer-kubernetes-clusters.md

@@ -1,51 +1,91 @@
 ---
-title: Building Cloud Security Explorer query to identify vulnerabilities in Kubernetes clusters
-description: Learn to build queries with cloud security explorer in Microsoft Defender for Cloud to investigate vulnerabilities Kubernetes clusters
+title: Build Cloud Security Explorer queries to identify vulnerabilities in Kubernetes clusters
+description: Learn how to build queries with Cloud Security Explorer in Microsoft Defender for Cloud to investigate vulnerabilities in Kubernetes clusters.
 ms.topic: how-to
-ms.date: 09/29/2024
+ms.date: 03/02/2026
 ms.author: elkrieger
 author: Elazark
 # Customer Intent: As a security professional, I want to learn how to build queries with Cloud Security Explorer in Microsoft Defender for Cloud to show vulnerabilities in Kubernetes clusters.
 ---
 
 # Build Cloud Security Explorer queries to identify vulnerabilities in Kubernetes clusters
 
-You can use the Cloud Security Explorer to identify vulnerabilities in your Kubernetes clusters. The following examples demonstrate the building of queries that you can modify for your specific needs.
+Use Cloud Security Explorer to identify vulnerabilities in your Kubernetes clusters. The following examples show how to build queries to investigate container images and cluster nodes, and can be adapted to filter results based on your requirements.
 
-Read [Build queries with Cloud Security Explorer](how-to-manage-cloud-security-explorer.md) for an introduction to Cloud Security Explorer queries.
+For an introduction to Cloud Security Explorer queries, see [Build queries with Cloud Security Explorer](how-to-manage-cloud-security-explorer.md).
 
 ## Create a query to identify software vulnerabilities in container images
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
-1. Navigate to [Microsoft Defender for Cloud > Cloud Security Explorer](https://ms.portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/SecurityGraph)
+1. Go to **Microsoft Defender for Cloud** > **Cloud Security Explorer**.
 
-    :::image type="content" source="./media/cloud-security-explorer-kubernetes-clusters/cloud-security-explorer-main-page.png" alt-text="Screenshot of main page of Cloud Security Explorer." lightbox="./media/cloud-security-explorer-kubernetes-clusters/cloud-security-explorer-main-page.png":::
+1. In **Query builder**, select **Select resource types**.
 
-1. Filter on the software in the container images to query.
+1. Select **Container Images**.
 
-    :::image type="content" source="./media/cloud-security-explorer-kubernetes-clusters/security-explorer-containers-query.png" alt-text="Screenshot of Cloud Security Explorer query options to retrieve list of container images with software installed." lightbox="./media/cloud-security-explorer-kubernetes-clusters/security-explorer-containers-query.png":::
+1. Select **+**.
 
-1. Select the View details link of the container image of interest to see the result details pane. In the Insights section of the Result details pane is a drop-drown list of the software installed on the container image. Select the installed software for review.
+1. **Select condition**.
 
-    :::image type="content" source="./media/cloud-security-explorer-kubernetes-clusters/security-explorer-containers-query-result-details.png" alt-text="Screenshot shows results of Cloud Security Explorer query to retrieve container images with software installed." lightbox="./media/cloud-security-explorer-kubernetes-clusters/security-explorer-containers-query-result-details.png":::
+1. In **Application**, select **Has installed software**.
+
+   :::image type="content" source="./media/cloud-security-explorer-kubernetes-clusters/software-vulnerabilities-in-container-images.png" alt-text="Screenshot of query for identifying software vulnerabilities in container images." lightbox="./media/cloud-security-explorer-kubernetes-clusters/software-vulnerabilities-in-container-images.png":::
+
+1. Select **Search**.
 
-1. View the details of the installed software in the Insights section.
+1. Select **View details >** for the relevant container image.
 
-    :::image type="content" source="./media/cloud-security-explorer-kubernetes-clusters/security-explorer-containers-query-result-details-insights.png" alt-text="Screenshot shows Cloud Security Explorer query result details and insight results from the selected containers image." lightbox="./media/cloud-security-explorer-kubernetes-clusters/security-explorer-containers-query-result-details-insights.png":::
+1. In the **Result details** pane, review **Insights - Has installed software**.
+
+    :::image type="content" source="./media/cloud-security-explorer-kubernetes-clusters/security-explorer-containers-query-result-details.png" alt-text="Screenshot shows results of Cloud Security Explorer query to retrieve container images with software installed." lightbox="./media/cloud-security-explorer-kubernetes-clusters/security-explorer-containers-query-result-details.png":::
 
 ## Create a query to identify vulnerabilities in cluster nodes
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
-1. Navigate to [Microsoft Defender for Cloud > Cloud Security Explorer](https://ms.portal.azure.com/#view/Microsoft_Azure_Security/SecurityMenuBlade/~/SecurityGraph)
+1. Go to **Microsoft Defender for Cloud** > **Cloud Security Explorer**.
+
+1. In **Query builder**, select **Select resource types**.
+
+1. Under **Kubernetes clusters**, select **Azure Kubernetes Service**.
+
+1. Select **Done**.
+
+1. Select **+**.
+
+1. **Select condition**.
+
+1. In **Application**, select **Maintains**.
+
+1. Select **Select resource types** > **Kubernetes Node Pools**.
+
+1. Select **Done**.
+
+1. Select **+**.
+
+1. **Select condition**.
+
+1. Select **Maintains**.
+
+1. Select **Select resource types** > **Virtual machines clusters**.
+
+1. Select **Done**.
+
+1. Select **+**.
+
+1. **Select condition**.
+
+1. In **Vulnerabilities**, select **All vulnerabilities**.
+
+   :::image type="content" source="./media/cloud-security-explorer-kubernetes-clusters/vulnerabilities-in-cluster-nodes.png" alt-text="Screenshot of query for identifying vulnerabilities in cluster nodes." lightbox="./media/cloud-security-explorer-kubernetes-clusters/vulnerabilities-in-cluster-nodes.png":::
 
-    :::image type="content" source="./media/cloud-security-explorer-kubernetes-clusters/cloud-security-explorer-main-page.png" alt-text="Screenshot of main page of Cloud Security Explorer." lightbox="./media/cloud-security-explorer-kubernetes-clusters/cloud-security-explorer-main-page.png":::
+1. Select **Search**.
 
-1. Filter on the cluster nodes in the Azure Kubernetes Services environment to query.
+1. Select **View details >** for the relevant Kubernetes node pool.
 
     :::image type="content" source="./media/cloud-security-explorer-kubernetes-clusters/security-cloud-explorer-kubernetes-nodes-results.png" alt-text="Screenshot of Cloud Security Explorer query options to retrieve list of cluster nodes with vulnerabilities." lightbox="./media/cloud-security-explorer-kubernetes-clusters/security-cloud-explorer-kubernetes-nodes-results.png":::
 
-2. Select the View details link of the cluster node pool of interest to see the result details pane. In the Result details pane, select the virtual machine scale set icon, to see the vulnerabilities.
+1. In the **Result details** pane, select the **Virtual machine scale set** icon to view vulnerabilities.
 
     :::image type="content" source="./media/cloud-security-explorer-kubernetes-clusters/security-cloud-explorer-kubernetes-nodes-results-details.png" alt-text="Screenshot shows results of Cloud Security Explorer query to retrieve vulnerabilities in cluster nodes." lightbox="./media/cloud-security-explorer-kubernetes-clusters/security-cloud-explorer-kubernetes-nodes-results-details.png":::