You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .acrolinx-config.edn
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
{:changed-files-limit60
2
2
:allowed-branchname-matches ["main""release-.*"]
3
-
:allowed-filename-matches ["ATADocs/""CloudAppSecurityDocs/""defender/""defender-business/""defender-endpoint/""defender-for-cloud/""defender-for-iot/""defender-office-365/""defender-vulnerability-management/""defender-xdr/""exposure-management/""unified-secops-platform/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
3
+
:allowed-filename-matches ["ATADocs/""ATPDocs/""CloudAppSecurityDocs/""defender/""defender-business/""defender-endpoint/""defender-for-cloud/""defender-for-iot/""defender-office-365/""defender-vulnerability-management/""defender-xdr/""exposure-management/""unified-secops-platform/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/protect-google-workspace.md
+4-1Lines changed: 4 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,6 +24,7 @@ Connecting Google Workspace to Defender for Cloud Apps gives you improved insigh
24
24
25
25
## How Defender for Cloud Apps helps to protect your environment
26
26
27
+
27
28
-[Detect cloud threats, compromised accounts, and malicious insiders](best-practices.md#detect-cloud-threats-compromised-accounts-malicious-insiders-and-ransomware)
28
29
-[Discover, classify, label, and protect regulated and sensitive data stored in the cloud](best-practices.md#discover-classify-label-and-protect-regulated-and-sensitive-data-stored-in-the-cloud)
29
30
-[Discover and manage OAuth apps that have access to your environment](manage-app-permissions.md)
@@ -183,7 +184,9 @@ This section provides instructions for connecting Microsoft Defender for Cloud A
183
184
184
185
1. Upload the P12 **Certificate** file that you saved earlier.
185
186
186
-
1. Enter one **admin account email** of your Google Workspace admin.
187
+
1. Enter the email address of your **Google Workspace Super Admin**.
188
+
189
+
Deploying with an account that is not a Google Workspace Super Admin will lead to failure in the API test and does not allow Defender for Cloud Apps to correctly function. We request specific scopes so even as Super Admin, Defender for Cloud Apps is still limited.
187
190
188
191
1. If you have a Google Workspace Business or Enterprise account, select the check box. For information about which features are available in Defender for Cloud Apps for Google Workspace Business or Enterprise, see [Enable instant visibility, protection, and governance actions for your apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md).
Copy file name to clipboardExpand all lines: defender-xdr/advanced-hunting-cloudappevents-table.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -39,7 +39,7 @@ For information on other tables in the advanced hunting schema, [see the advance
39
39
|`ActionType`|`string`| Type of activity that triggered the event |
40
40
|`Application`|`string`| Application that performed the recorded action |
41
41
|`ApplicationId`|`int`| Unique identifier for the application |
42
-
|`AppInstanceId`|`int`| Unique identifier for the instance of an application. To convert this to Microsoft Defender for Cloud Apps App-connector-ID, use `CloudAppEvents| distinct ApplicationId,AppInstanceId,binary_or(binary_shift_left(AppInstanceId,20),ApplicationId|order by ApplicationId,AppInstanceId` |
42
+
|`AppInstanceId`|`int`| Unique identifier for the instance of an application. To convert this to Microsoft Defender for Cloud Apps App-connector-ID, use `CloudAppEvents| distinct ApplicationId,AppInstanceId,binary_or(binary_shift_left(AppInstanceId,20),ApplicationId|order by ApplicationId,AppInstanceId` |
43
43
|`AccountObjectId`|`string`| Unique identifier for the account in Microsoft Entra ID |
44
44
|`AccountId`|`string`| An identifier for the account as found by Microsoft Defender for Cloud Apps. Could be Microsoft Entra ID, user principal name, or other identifiers. |
45
45
|`AccountDisplayName`|`string`| Name displayed in the address book entry for the account user. This is usually a combination of the given name, middle initial, and surname of the user. |
@@ -66,11 +66,11 @@ For information on other tables in the advanced hunting schema, [see the advance
66
66
|`UserAgentTags`|`dynamic`| More information provided by Microsoft Defender for Cloud Apps in a tag in the user agent field. Can have any of the following values: Native client, Outdated browser, Outdated operating system, Robot |
67
67
|`RawEventData`|`dynamic`| Raw event information from the source application or service in JSON format |
68
68
|`AdditionalFields`|`dynamic`| Additional information about the entity or event |
69
-
|`LastSeenForUser`|`string`| Shows how many days back the attribute was recently in use by the user in days (i.e. ISP, ActionType etc.) |
70
-
|`UncommonForUser`|`string`|Lists the attributes in the event that are uncommon for the user, using this data to help rule out false positives and find out anomalies|
71
-
|`AuditSource`|`string`|Audit data source, including one of the following: <br>- Defender for Cloud Apps access control <br>- Defender for Cloud Apps session control <br>- Defender for Cloud Apps app connector |
72
-
|`SessionData`|`dynamic`|The Defender for Cloud Apps session ID for access or session control. For example: `{InLineSessionId:"232342"}`|
73
-
|`OAuthAppId`|`string`|A unique identifier that's assigned to an application when it’s registered to Entra with OAuth 2.0 |
69
+
|`LastSeenForUser`|`dynamic`|Indicates the number of days since a specific attribute was last seen for the user. A value of 0 means the attribute was seen today, a negative value indicates the attribute is being seen for the first time, and a positive value represents the number of days since the attribute was last seen. For example: `{"ActionType":"0","OSPlatform":"4","ISP":"-1"}`|
70
+
|`UncommonForUser`|`dynamic`|Lists the attributes in the event that are considered uncommon for the user. Using this data can help rule out false positives and find anomalies. For example: `["ActivityType","ActionType"]`|
71
+
|`AuditSource`|`string`|Audit data source. Possible values are one of the following: <br>- Defender for Cloud Apps access control <br>- Defender for Cloud Apps session control <br>- Defender for Cloud Apps app connector |
72
+
|`SessionData`|`dynamic`|The Defender for Cloud Apps session ID for access or session control. For example: `{InLineSessionId:"232342"}`|
73
+
|`OAuthAppId`|`string`|A unique identifier that is assigned to an application when it is registered to Microsoft Entra with OAuth 2.0 protocol.|
0 commit comments