Connect Microsoft Sentinel to Microsoft Defender for Cloud Apps
Many attacks are now cloud-only and many sensitive resources are stored in the cloud. Because of this, it is important to understand the types of threats and the capabilities of cloud access security brokers (CASBs).
Advantages of connecting Microsoft Sentinel to Microsoft Defender for Cloud Apps
There are threats for every type of computing device and managing alerts for all of these services and devices can be overwhelming for security teams. By deploying a SIEM this array of alerts can be displayed in one single interface.
By connecting Microsoft Sentinel to Microsoft Defender for Cloud Apps, you will gain visibility of your cloud apps in Microsoft Sentinel.
Steps to connect Microsoft Sentinel to Microsoft Defender for Cloud Apps
To connect Microsoft Sentinel to Microsoft Defender for Cloud Apps, perform the following steps:
In the Microsoft Defender for Cloud Apps portal, select Settings and select Security extensions.
Select SIEM agents, select +, and select Microsoft Sentinel.
Select Next if you want to send all data to Microsoft Sentinel, or select appropriate filters and then select Next.
Select Microsoft Sentinel to finalize the integration.
In Microsoft Sentinel select Connect workspace and select Create a new workspace.
Select Create a new workspace.
Select the appropriate resource group region and pricing tier, select Review + Create and select Create.
Select your new workspace and select Add.
In Configuration, select Data Connectors.
In the search box, type Microsoft Defender for Cloud Apps, select Microsoft Defender for Cloud Apps.
Select Open connector page.
Select Alerts and Cloud Discovery Logs.
Select Apply Changes.
Ensure that Create incidents is Enabled.
You will now see incidents from Microsoft Defender for Cloud Apps in Microsoft Sentinel.
The following video gives you an overview of connecting Microsoft Defender for Cloud Apps to Microsoft Sentinel: