Microsoft Defender for Cloud Apps: InsightIDR

Hey,

I observed that we didn’t receive any ‘Microsoft Defender for Cloud Apps’ logs in Defender ATP logs.
Generic SIEM integration with Defender for Cloud Apps | Microsoft Docs → I came across this document but they suggested to install agent.
Is there option to send logs directly to IIDR?

Thanks

Collect Azure Monitor events to offer Azure Security Center alerts as a third-party alert

Follow this. Azure Security Center has been rebranded to MS Defender for Cloud.

image

This is indeed for MS Defender for Cloud.
The question from @bhushan_ware seems to be for Microsoft Defender for Cloud Apps

AFAIK there is no direct integration. So you would have to setup the SIEM agent and send the syslog to the collector as a custom log. Within this log you could built custom alerts.

I do hope there is something on the roadmap to get this data as Cloud activity and Third Party Alert logs as there is an API

Ahh k… Like you said Defender for Cloud (previously Cloud App Security) doesn’t have the direct integration. We did exactly that and deployed their SIEM agent to ingest the events and from there pointed it to a collector.

We run custom alerts for certain things but its not pretty output… Certainly some room for improvement!