Sending Findings to Azure Defender for Cloud

You can configure CloudGuard to send findings on your AzureClosed Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. environments to theAzure Defender for Cloud. This allows you to see compliance issues for your Azure environments onboarded to CloudGuard on the Defender dashboard.

First, you must onboard your Azure account to CloudGuard. For more information, see Onboarding Azure Subscriptions. Second, set up a policy to assess the Azure subscription and include a notification to send findings to the Microsoft Defender for Cloud. In addition, you must configure your Azure subscription to accept findings from CloudGuard.

To receive CloudGuard findings, add more permissions to your subscription.

  1. Log in to the Azure management portal.

  2. Select the subscription you onboarded to CloudGuard.

  3. Assign the Security Admin role to the application created during onboarding (CloudGuard-Connect).

  1. IIn the CloudGuard portal, from the left menu, click Integration Hub.

  2. In the Cloud Services section, click Azure Defender For Cloud.

    The Azure Defender For Cloud sliding menu opens.

  3. Create the integration.

  4. From the left menu, click Settings > Configuration > Notifications.

  5. Click Add.

  6. In the Security Management Systems section, select Findings to Microsoft Defender for Cloud.

  7. Below Select AzureDefender Configuration, select the relevant integration.

  8. Finish creating the notification.

From the left menu, go to CSPM > Continuous Posture and set up a Continuous Posture Policy with the Notification created in Step 2.

When CloudGuard runs an assessment for the environment, new findings in your Azure subscription are seen on the dashboard of Microsoft Defender for Cloud.

More Links: