Microsoft Defender for Cloud

Serverless Security Stack

This page explains how to make data from the Microsoft Defender for Cloud integration appear in the following places within Elastic Security:

• Findings page: Data appears on the Vulnerabilities tab and the Misconfiguations tab.
• Alert and Entity details flyouts: Data appears in the Insights section of the Alert and Entity details flyouts.

In order for Microsoft Defender for Cloud data to appear in these workflows:

• Follow the steps to set up the Microsoft Defender for Cloud integration.
• Make sure the integration version is at least 3.0.0.
• Ensure you have read privileges for the following indices: security_solution-*.misconfiguration_latest, security_solution-*.vulnerability_latest.