From 1e0a2c83979ab718fc5fc75792a4a0a42ef6563c Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Mon, 13 Oct 2025 17:25:44 -0700 Subject: [PATCH 1/2] Microsoft Defender for Cloud integration --- .../microsoft-defender-for-cloud.md | 23 +++++++++++++++++++ solutions/toc.yml | 1 + 2 files changed, 24 insertions(+) create mode 100644 solutions/security/cloud/integrations/microsoft-defender-for-cloud.md diff --git a/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md b/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md new file mode 100644 index 0000000000..e265f84e04 --- /dev/null +++ b/solutions/security/cloud/integrations/microsoft-defender-for-cloud.md @@ -0,0 +1,23 @@ +--- +applies_to: + stack: all + serverless: + security: all +products: + - id: security + - id: cloud-serverless +--- + +# Microsoft Defender for Cloud + +This page explains how to make data from the Microsoft Defender for Cloud integration appear in the following places within {{elastic-sec}}: + +- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab and the [Misconfiguations](/solutions/security/cloud/findings-page.md) tab. +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. + + +In order for Microsoft Defender for Cloud data to appear in these workflows: + +* Follow the steps to [set up the Microsoft Defender for Cloud integration](https://www.elastic.co/docs/reference/integrations/microsoft_defender_cloud). +* Make sure the integration version is at least 3.0.0. +* Ensure you have `read` privileges for the following indices: `security_solution-*.misconfiguration_latest`, `security_solution-*.vulnerability_latest`. \ No newline at end of file diff --git a/solutions/toc.yml b/solutions/toc.yml index 325671d671..407efe7c0f 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -682,6 +682,7 @@ toc: - file: security/cloud/integration-tenablevm.md - file: security/cloud/integration-rapid7.md - file: security/cloud/integrations/aws-config-integration.md + - file: security/cloud/integrations/microsoft-defender-for-cloud-integration.md - file: security/investigate.md children: - file: security/investigate/timeline.md From 242eed012f91c69b596b99482ec7296af341b89b Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Mon, 13 Oct 2025 17:34:42 -0700 Subject: [PATCH 2/2] fixes bug --- solutions/toc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/toc.yml b/solutions/toc.yml index 407efe7c0f..133577b4fc 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -682,7 +682,7 @@ toc: - file: security/cloud/integration-tenablevm.md - file: security/cloud/integration-rapid7.md - file: security/cloud/integrations/aws-config-integration.md - - file: security/cloud/integrations/microsoft-defender-for-cloud-integration.md + - file: security/cloud/integrations/microsoft-defender-for-cloud.md - file: security/investigate.md children: - file: security/investigate/timeline.md