cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Security and vulnerability for Azure databricks clusters in Data Plane

Go to solution
Aria
New Contributor III

โ€Ž01-02-2024 12:43 PM

Microsoft defender is not supported for azure databricks clusters. Can someone point me to a document which describe how the security vulnerabilities are reported and fixed for azure databricks clusters in data plane.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
-werners-
Esteemed Contributor III

โ€Ž01-03-2024 01:07 AM

Hi Aria,

can you check this link?

Basically Databricks checks for vulnerabilities and does pentesting etc.

"Databricks will use commercially reasonable efforts to address critical vulnerabilities within 14 days, high severity within 30 days, and medium severity within 60 days measured from, with respect to publicly declared third party vulnerabilities, the date of availability of a compatible, vendor-supplied patch, or for internal vulnerabilities, from the date such vulnerability is confirmed. Databricks leverages the National Vulnerability Databaseโ€™s Common Vulnerability Scoring System (CVSS), or where applicable, the U.S.-Cert rating, combined with an internal analysis of contextual risk to determine criticality."

View solution in original post

2 REPLIES 2

Go to solution
-werners-
Esteemed Contributor III

โ€Ž01-03-2024 01:07 AM

Hi Aria,

can you check this link?

Basically Databricks checks for vulnerabilities and does pentesting etc.

"Databricks will use commercially reasonable efforts to address critical vulnerabilities within 14 days, high severity within 30 days, and medium severity within 60 days measured from, with respect to publicly declared third party vulnerabilities, the date of availability of a compatible, vendor-supplied patch, or for internal vulnerabilities, from the date such vulnerability is confirmed. Databricks leverages the National Vulnerability Databaseโ€™s Common Vulnerability Scoring System (CVSS), or where applicable, the U.S.-Cert rating, combined with an internal analysis of contextual risk to determine criticality."

Go to solution
Kaniz
Community Manager
Community Manager

โ€Ž01-17-2024 04:33 AM

Thank you for posting your question in our community! We are happy to assist you.

To help us provide you with the most accurate information, could you please take a moment to review the responses and select the one that best answers your question?

This will also help other community members who may have similar questions in the future. Thank you for your participation and let us know if you need any further assistance! 
 

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.