Skip to main content

On this page

 

 

Overview

Azure Defender For Cloud fetcher enhances your workflow by automating data collection. To use the fetcher feature, you must first establish a connection to the third-party application. We utilize connectors to enable precise data collection with minimal user input.

 

NOTE: The steps provided on this page may require the assistance of your internal team’s Azure Defender For Cloud admin and a ZenGRC Pro Admin.

 

 

Azure Defender For Cloud Configurations

Start by collecting the credentials from an Enterprise Application in Microsoft Azure. These credentials, along with your tenant ID and subscription ID, will be used to create a Microsoft Entra ID connection. 

 

To manage the connection you will need:

  • Azure Defender admin access
  • Enterprise Application credentials
  • Tenant ID
  • Subscription ID

 

How to Generate Microsoft Enterprise Application Credentials

  1. Register an application with the Microsoft Identity platform

  2. Grant your application permission to the Monitoring Reader role on your Subscription IAM

  3. Add credentials for your Enterprise Application

 

 

Connector Setup

Creating a Connector

This process only needs to be completed once. Once a connector has been established, fetchers can be created on any object. 

 

Learn more:

ZenGRC Classic:

ZenGRC Pro:

 

Creating a Fetcher 

Fetchers can be customized for specific data retrieval needs and are supported across a range of object types.

  • Available Fetchers for Azure Defender: 
    • List Alerts: which retrieves an attachment with a list of all Security Alerts from Azure Defender for Cloud.
  • Fetchers run periodically, with a slight delay possible based on queue size. Please allow at least 5 minutes past the scheduled time for updates.

 

Parameters

For Azure Defender, no parameters are required.

 

 

Managing a Custom Fetcher

Once created, your fetchers will run at the increment specified (daily, weekly, monthly, or yearly) until they expire or are removed. If no expiration date was set, fetchers will run until removed or the connection is deleted. 

  1. Open the desired object and go to the Custom Fetchers tab.
  2. Click a fetcher from the list to open the fly-out

Here you will see details about past and upcoming fetches. 

 

Fetcher Outputs

A fetcher needs to be added on a specific object. Each time it runs it either creates a new piece of evidence on the attachments tab or updates a field on the object itself. 

Note: Each time a fetcher tied to a custom attribute runs, it replaces the information in the linked field with the most up-to-date information. 

 

Fetch Now

To activate the fetcher immediately, click Fetch Now on the fetcher. This will enable the fetcher and have it run immediately.

Be the first to reply!

Reply


Terms & ConditionsCookie settings
I'm not ready yet X