Sending Findings to Microsoft Defender

You can configure CloudGuard to send findings on your AzureClosed Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. environments to the Microsoft Defender for Cloud. This allows you to see compliance issues for your Azure environments onboarded to CloudGuard on the Defender dashboard.

First, you must onboard your Azure account to CloudGuard. For more information, see Onboarding Azure Subscriptions. Second, set up a policy to assess the Azure subscription and include a notification to send findings to the Microsoft Defender for Cloud. In addition, you must configure your Azure subscription to accept findings from CloudGuard.

To receive CloudGuard findings, add more permissions to your subscription. To add these permissions, assign a role to the subscription. This is done in the same procedure as you assigned roles during onboarding. See the on-screen onboarding wizard or Connecting to CloudGuard in this guide for instructions.

  1. Log in to the Azure management portal.

  2. Select the subscription you onboarded to CloudGuard.

  3. Assign the Security Admin role to the application created during onboarding (CloudGuard-Connect).

  1. In CloudGuard, navigate to Settings > Notifications and click Add Notification.

  2. Enter the applicable options as described in Notifications.

  3. In the Security Management Systems, select Send findings to Microsoft Defender for Cloud.

  4. Select your Azure cloud account from the list.

  5. Click Save.

From the Posture Management menu, navigate to Continuous Posture and set up a Continuous Posture Policy with the Notification created in Step 2.

When CloudGuard runs an assessment for the environment, new findings in your Azure subscription are seen on the dashboard of Microsoft Defender for Cloud.

More Links: