Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for Microsoft Defender for Cloud

Microsoft Defender for Cloud
Microsoft Defender for Cloud icon

Out-of-the-Box Security For Microsoft Defender for Cloud Includes:

Alerts - 8

Stay on top of Microsoft Defender for Cloud key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Low Severity Alert

Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities. This alert aggregates all Defender for Cloud alerts that are of low severity. Impact Depends on the type of alert and resources involved, see more details in the log itself. Mitigation Depends on the type of alert and resources involved, see more details in the log itself.

Medium Severity Alert

Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities. This alert aggregates all Defender for Cloud alerts that are of medium severity. Impact Depends on the type of alert and resources involved, see more details in the log itself. Mitigation Depends on the type of alert and resources involved, see more details in the log itself.

High Severity Alert

Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities. This alert aggregates all Defender for Cloud alerts that are of high severity. Impact Depends on the type of alert and resources involved, see more details in the log itself. Mitigation Depends on the type of alert and resources involved, see more details in the log itself.

Informational Severity Alert

Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities. This alert aggregates all Defender for Cloud alerts that are of informational severity. Impact Depends on the type of alert and resources involved, see more details in the log itself. Mitigation Depends on the type of alert and resources involved, see more details in the log itself.

Defender For Cloud - No logs from Defender For Cloud

This rule detects if there are no logs in the last 24 hours for Defender For Cloud in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Cloud App Discovery

Cloud App Discovery with Microsoft Defender for Cloud involves identifying and cataloging all cloud applications in use within an organization, including sanctioned and unsanctioned apps. This process helps gain visibility into the organization's cloud app landscape and understand the potential security and compliance risks associated with these applications. Impact The impact of effective cloud app discovery includes improved security posture, better compliance management, and the ability to make informed decisions about data governance. By understanding the scope and nature of cloud app usage, organizations can implement appropriate security controls and policies to mitigate risks associated with the use of various applications. Mitigation Use the discovered information to enforce policies and controls based on the organization's security requirements. Mitre Tactic: TA0007 Mitre Technique : T1087

Mass Delete

The Mass Delete Prevention in Microsoft Defender for Cloud focuses on detecting and preventing unauthorized or malicious mass deletions of resources within your cloud environment. This could include instances where an attacker gains unauthorized access and attempts to delete a large number of critical resources, causing potential data loss and service disruption. Impact The impact of a successful mass delete attack can be severe, leading to loss of critical data, service downtime, and disruption of business operations. It can also result in financial losses, reputation damage, and potential regulatory non-compliance. Mitigation Real-time Monitoring: Implement continuous monitoring of data access patterns to detect unusual spikes or patterns indicative of a mass download attempt. Anomaly Detection: Utilize anomaly detection algorithms to identify deviations from normal download behavior, triggering alerts for further investigation. Access Controls: Enforce strong access controls and least privilege principles to ensure that only authorized users have access to sensitive data. Encryption: Encrypt sensitive data both in transit and at rest to mitigate the risk of data exposure in the event of a successful download. Audit Logging: Enable comprehensive audit logging to capture detailed information about data access and downloads, aiding in forensic analysis after a security incident. Integration with Security Orchestration and Automation Mitre Tactic: T1056 Mitre Technique: T1566

Mass Download

Microsoft Defender for Cloud detects a mass download attempt within your cloud environment. This scenario involves an abnormal volume of data being downloaded from storage repositories, potentially indicating unauthorized access or data exfiltration. It's crucial to identify and respond to such incidents promptly to prevent data breaches and protect sensitive information. Impact A successful mass download can lead to the unauthorized acquisition of sensitive data, intellectual property theft, or exposure of confidential information. The impact may include financial losses, reputational damage, regulatory non-compliance, and legal consequences, depending on the nature of the downloaded data. Mitigation Real-time Monitoring: Implement continuous monitoring of data access patterns to detect unusual spikes or patterns indicative of a mass download attempt. Anomaly Detection: Utilize anomaly detection algorithms to identify deviations from normal download behavior, triggering alerts for further investigation. Access Controls: Enforce strong access controls and least privilege principles to ensure that only authorized users have access to sensitive data. Encryption: Encrypt sensitive data both in transit and at rest to mitigate the risk of data exposure in the event of a successful download. Audit Logging: Enable comprehensive audit logging to capture detailed information about data access and downloads, aiding in forensic analysis after a security incident. Integration with Security Orchestration and Automation Mitre Tactic: T1056 Mitre Technique: T1566

Documentation

Learn more about Coralogix's out-of-the-box integration with Microsoft Defender for Cloud in our documentation.

Read More
Schedule Demo