[Internal]: Add docs for MS Defender for Cloud Integration #3182
Description
Description
Description
Create documentation for the MS Defender for Cloud integration that now aligns with the CDR guide for data normalization. The integration now support enumeration in the native misconfiguration and vulnerability findings workflow and provide out-of-the-box contextualization as Insights within alert and entity flyouts.
The main goal of this documentation is to inform readers that MS Defender for Cloud is now supported as part of our third party integrations with native workflow support. For more in-depth guidance, you can always direct users to dedicated MS Defender for Cloud documentation which is available separately.
Requirements
- Follow existing documentation structure from AWS Security Hub and Wiz
Acceptance Criteria
- Create new documentation page under Cloud Security → Ingest third-party cloud security data
Version Info
Supported from MS Defender for Cloud integration version 3.0.0
Notes
- No integration specific configuration steps required (unlike AWS Security Hub & Wiz)
- We may need to revisit the structure of this documentation later, since tools like Qualys / Tenable IO / Rapid7 don’t fit neatly under just "cloud security" as they support on-prem infra, IT infra etc.. .
Resources
The feature is identical in all deployments
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
https://docs.elastic.dev/security-solution/cloud-security/cdr/3p-dev-guide
https://github.com/elastic/security-team/issues/9992
elastic/integrations#15290
What release is this request related to?
9.2
Serverless release
The week of September 22, 2025
Collaboration model
The documentation team
Point of contact.
Main contact: @nick-alayil
Stakeholders: @maxcold @alexreal1314 @kcreddy