Microsoft Defender for Cloud Apps (formerly Cloud App Security) is a multimode cloud access security broker (CASB). It provides visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all your Microsoft cloud services.
Blumira integrates with Microsoft Defender for Cloud Apps to stream Microsoft cloud security event logs and alerts to the Blumira service for threat detection and actionable response.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Next, complete these steps to gather credentials for the Blumira module:
- Go to https://portal.cloudappsecurity.com/ and log in.
- Click the Settings gear icon (upper right-hand corner of the screen) then click Security Extensions.
- Select API Tokens.
- Click + to add a new token.
- Enter a name, such as “Blumira Sensor”.
- Make a note of the token and the URL for use in later steps.
Providing Defender for Cloud Apps credentials to Blumira
To collect Microsoft Defender for Cloud Apps logs on an existing sensor in the Blumira sensor UI, you must add the Cloud App Security Module to a Blumira sensor.
To add a module on an existing sensor and provide credentials:
- In Blumira, click Settings.
- Click Sensors.
- Click the sensor on which you want to add a module.
- On the detail page for the sensor, scroll down and click Add Module.
- In the Add New Module window, select the relevant module.
- Enter the credentials that you gathered in previous steps.
- (Optional) Type a name for this log deployment in the Log Source Name box.
Note: Use alphanumeric characters, periods, and hyphens. Spaces and underscores are not allowed. This name will appear in the "device_address" column in the results of your event data queries. If you add more modules to collect logs for other integrations, this name will help you to identify them.
- Click Install.