Overview
Nucleus enables you to ingest your Microsoft Defender for Cloud data directly into your Nucleus console using an automated connector. The connector uses the APIs provided by Azure Cloud to seamlessly sync data into your Nucleus project for use in analysis, triage, automation, and reporting.
The Azure CSPM ( Microsoft Defender for Cloud) connector supports importing CVE vulnerabilities and misconfiguration findings (recommendation subassessments) for Azure virtual machines , Container Images, and Cloud Resources.
Availability
The Azure / Microsoft Defender for Cloud connector is currently in beta. We are actively looking for customers to trial their connector in their non-production Nucleus projects. Please contact support to have the connector enabled for your Nucleus organization.
Connector Setup
Connector Setup Checklist
Follow the steps in this checklist to successfully set up this connector:
API Access
Create an App Registration in Microsoft Azure and generate an OAuth 2.0 client id and secret keyConnector Configuration
Create and configure the connector in your Nucleus project.Vulnerability Data Ingestion
Create a vulnerability scan ingest rules to ingest vulnerabilities from Microsoft Defender for Cloud.
1. API Access
Log on to Azure through a user account that has the "Global Administrator" role.
Go to Azure Active Directory > App registrations > + New registration.
Enter in a descriptive name for this app, such as "Nucleus Security" and click Register to complete the registration.
In Azure, navigate to Subscriptions, and for each subscription that you want to ingest from, navigate to Access control (IAM) and click on the Add button.
Select Reader as the role, then add your new app registration as the member.
Click on the Review + assign button.
Navigate back to the app registration that you created, Certificates & Secrets > Client secrets > + New client secret.
Save the secret value for future use. This is your Client Secret.
Navigate to Overview, and take note of the Directory (tenant) ID and Application (client) ID.
2. Connector Configuration
Open Nucleus and Select the Project , Locate Integration Hub > Connector Setup.
Under the Scanners section, click the Azure CSPM icon. You will see the following popup:
In the Setup Azure CSPM Connector popup, enter the following information:
Field | Description |
|---|---|
Name | (Optional) enter a name for your connector. If left blank, this will default to Azure. |
Description | (Optional) Enter a description for your connector. |
Tenant ID | Enter the Directory (tenant) ID from above. |
Client ID | Enter the Application (client) ID from above. |
Client secret | Enter the Client Secret from above. |
Ignore Sub-Assessments | Default behavior: Sub-assessments will still be ingested during the ingestion process. If the box is checked: Sub-assessments will be ignored and not ingested. |
Click Verify Credentials.
Click Save.
3. Vulnerability Data Ingestion
Go to Integration Hub > Import via Connector.
Select the Azure CSPM connector you just created.
Select the method of import: All VMs + Cloud Resources or All Container Images
Create a 2nd import if both are required
Select a schedule to import scans into the project.
Click Save & Finish.
Frequently Asked Questions
What support does the Azure connector have?
The connector currently supports ingesting CVE's on Azure Virtual Machines, Container Images and Cloud Resources discovered by Microsoft Defender Threat and Vulnerability Management, as well as recommendation sub-assessments / misconfiguration checks identified by Microsoft Defender for Cloud.