From fb84949bf5a3fe8050ecbb119ec3263a6892ccdd Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 14 Oct 2025 15:26:28 -0700 Subject: [PATCH 1/3] =?UTF-8?q?Microsoft=20defender=20for=20endpoint=20?= =?UTF-8?q?=E2=80=94=20cloud=20workflow=20guide?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../microsoft-defender-for-endpoint.md | 23 +++++++++++++++++++ solutions/toc.yml | 1 + 2 files changed, 24 insertions(+) create mode 100644 solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md diff --git a/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md b/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md new file mode 100644 index 0000000000..fc3ae10dcd --- /dev/null +++ b/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md @@ -0,0 +1,23 @@ +--- +applies_to: + stack: all + serverless: + security: all +products: + - id: security + - id: cloud-serverless +--- + +# Microsoft Defender for Endpoint + +This page explains how to make data from the Microsoft Defender for Endpoint integration appear in the following places within {{elastic-sec}}: + +- **Findings page**: Data appears on the [Vulnerabilities](/solutions/security/cloud/findings-page-3.md) tab. +- **Alert and Entity details flyouts**: Data appears in the Insights section of the [Alert](/solutions/security/detect-and-alert/view-detection-alert-details.md#insights-section) and [Entity](/solutions/security/advanced-entity-analytics/view-entity-details.md#insights) details flyouts. + + +In order for Microsoft Defender for Endpoint data to appear in these workflows: + +* Follow the steps to [set up the Microsoft Defender for Endpoint integration](https://www.elastic.co/docs/reference/integrations/endpoint). +* Make sure the integration version is at least 3.0.0. +* Ensure you have `read` privileges for the following index: `security_solution-*.vulnerability_latest`. \ No newline at end of file diff --git a/solutions/toc.yml b/solutions/toc.yml index ef97a90f9c..3872dba111 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -685,6 +685,7 @@ toc: - file: security/cloud/integration-rapid7.md - file: security/cloud/integrations/aws-config-integration.md - file: security/cloud/integrations/microsoft-defender-for-cloud.md + - file: security/cloud/integrations/microsoft-defender-for-endpoint.md - file: security/cloud/integrations/google-security-command-center.md - file: security/investigate.md children: From c582d7bb6a7d13c9448bfa6b077a196b31b24d7d Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Tue, 14 Oct 2025 15:41:29 -0700 Subject: [PATCH 2/3] Update solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md --- .../cloud/integrations/microsoft-defender-for-endpoint.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md b/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md index fc3ae10dcd..89d7dcebde 100644 --- a/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md +++ b/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md @@ -18,6 +18,6 @@ This page explains how to make data from the Microsoft Defender for Endpoint int In order for Microsoft Defender for Endpoint data to appear in these workflows: -* Follow the steps to [set up the Microsoft Defender for Endpoint integration](https://www.elastic.co/docs/reference/integrations/endpoint). +* Follow the steps to [set up the Microsoft Defender for Endpoint integration](https://www.elastic.co/docs/reference/integrations/microsoft-defender-for-endpoint). * Make sure the integration version is at least 3.0.0. * Ensure you have `read` privileges for the following index: `security_solution-*.vulnerability_latest`. \ No newline at end of file From 07679a8119b7e8f16cf9505985e9b00cf4045168 Mon Sep 17 00:00:00 2001 From: florent-leborgne Date: Wed, 15 Oct 2025 09:19:06 +0200 Subject: [PATCH 3/3] Update solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md --- .../cloud/integrations/microsoft-defender-for-endpoint.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md b/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md index 89d7dcebde..4e48ca641d 100644 --- a/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md +++ b/solutions/security/cloud/integrations/microsoft-defender-for-endpoint.md @@ -18,6 +18,6 @@ This page explains how to make data from the Microsoft Defender for Endpoint int In order for Microsoft Defender for Endpoint data to appear in these workflows: -* Follow the steps to [set up the Microsoft Defender for Endpoint integration](https://www.elastic.co/docs/reference/integrations/microsoft-defender-for-endpoint). +* Follow the steps to [set up the Microsoft Defender for Endpoint integration](https://www.elastic.co/docs/reference/integrations/microsoft_defender_endpoint). * Make sure the integration version is at least 3.0.0. * Ensure you have `read` privileges for the following index: `security_solution-*.vulnerability_latest`. \ No newline at end of file