InboundSecurity

Microsoft Defender for Cloud + Alert24

Turn Microsoft Defender for Cloud alerts into actionable incidents in Alert24, with on-call routing, escalations, and status updates.

Start Free TrialSee Pricing

Receive Microsoft Defender for Cloud security alerts via Activity Log webhook.

Auto-detected payloads

Alert24 recognizes Microsoft Defender for Cloud webhooks out of the box and maps fields to incidents automatically.

On-call routing & escalations

Page the right engineer over SMS, voice, push, email, or chat with policy-driven escalations.

Auto-updating status pages

Promote incidents to a public or private status page with one click and keep customers informed.

Change correlation & AI RCA

Recent deploys, infra updates, and feature flag flips surface alongside the incident for faster root cause.

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for Microsoft Defender for Cloud.

Configure Microsoft Defender for Cloud

Add the webhook URL in your Microsoft Defender for Cloud settings.

Auto-Detected

Alert24 auto-detects Microsoft Defender for Cloud payloads and maps them to incidents.

Step-by-Step Setup Instructions

Microsoft Defender for Cloud Webhook Setup

1.In Azure Portal, go to Microsoft Defender for Cloud
2.Navigate to Environment settings → <your subscription>
3.Under Integrations, ensure continuous export or alert forwarding is enabled
4.Go to Monitor → Alerts → Action groups
5.Create an action group with a Webhook action pointing to the webhook URL above
6.Enable the common alert schema
7.Create an alert processing rule to route Defender alerts to this action group

Example Webhook Payload

This is a sample payload that Microsoft Defender for Cloud sends to Alert24 when an alert fires.

{
  "schemaId": "azureMonitorCommonAlertSchema",
  "data": {
    "essentials": {
      "alertId": "/subscriptions/sub-id/providers/Microsoft.AlertsManagement/alerts/alert-789",
      "alertRule": "Defender Security Alert",
      "severity": "Sev1",
      "signalType": "Activity Log",
      "monitorCondition": "Fired",
      "monitoringService": "Activity Log - Security",
      "alertTargetIDs": [
        "/subscriptions/sub-id"
      ],
      "firedDateTime": "2024-01-15T10:30:00Z"
    },
    "alertContext": {
      "eventSource": "Security",
      "properties": {
        "category": "Potential SQL Injection",
        "description": "A potential SQL injection attack was detected on the application gateway."
      }
    }
  }
}

How Alert24 Maps Microsoft Defender for Cloud Data

Status Field

data.essentials.monitorCondition

Message Field

data.alertContext.properties.category

Auto-Create Incidents

Yes

Auto-Resolve Incidents

Yes

Status Mapping

Alert24 StatusMicrosoft Defender for Cloud Values
operational
Resolved
down
Fired

Connect Microsoft Defender for Cloud to Alert24 in minutes

Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.

Start Free TrialSee Pricing

More Security Integrations

Microsoft Sentinel

Inbound

Receive Microsoft Sentinel SIEM incident notifications via Logic Apps webhook.

Snyk

Inbound

Receive Snyk vulnerability and license issue alerts via webhook.

SonarQube

Inbound

Receive SonarQube quality gate and analysis notifications via webhook.

Trivy

Inbound

Receive Aqua Trivy container and IaC vulnerability scan results via webhook.

Falco

Inbound

Receive Falco runtime security alerts via HTTP output.

Dependabot

Inbound

Receive GitHub Dependabot security alert notifications via webhook.