Microsoft Defender for Cloud
Receive Microsoft Defender for Cloud security alerts via Activity Log webhook.
Quick Setup
Copy Webhook URL
Go to your Alert24 dashboard and copy the webhook URL for Microsoft Defender for Cloud.
Configure Microsoft Defender for Cloud
Add the webhook URL in your Microsoft Defender for Cloud settings.
Auto-Detected
Alert24 auto-detects Microsoft Defender for Cloud payloads and maps them to incidents.
Step-by-Step Setup Instructions
Microsoft Defender for Cloud Webhook Setup
Example Webhook Payload
This is a sample payload that Microsoft Defender for Cloud sends to Alert24 when an alert fires.
{
"schemaId": "azureMonitorCommonAlertSchema",
"data": {
"essentials": {
"alertId": "/subscriptions/sub-id/providers/Microsoft.AlertsManagement/alerts/alert-789",
"alertRule": "Defender Security Alert",
"severity": "Sev1",
"signalType": "Activity Log",
"monitorCondition": "Fired",
"monitoringService": "Activity Log - Security",
"alertTargetIDs": [
"/subscriptions/sub-id"
],
"firedDateTime": "2024-01-15T10:30:00Z"
},
"alertContext": {
"eventSource": "Security",
"properties": {
"category": "Potential SQL Injection",
"description": "A potential SQL injection attack was detected on the application gateway."
}
}
}
}How Alert24 Maps Microsoft Defender for Cloud Data
Status Field
data.essentials.monitorCondition
Message Field
data.alertContext.properties.category
Auto-Create Incidents
Yes
Auto-Resolve Incidents
Yes
Status Mapping
| Alert24 Status | Microsoft Defender for Cloud Values |
|---|---|
| operational | Resolved |
| down | Fired |
Connect Microsoft Defender for Cloud to Alert24 in minutes
Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.
More Security Integrations
Microsoft Sentinel
InboundReceive Microsoft Sentinel SIEM incident notifications via Logic Apps webhook.
Snyk
InboundReceive Snyk vulnerability and license issue alerts via webhook.
SonarQube
InboundReceive SonarQube quality gate and analysis notifications via webhook.
Trivy
InboundReceive Aqua Trivy container and IaC vulnerability scan results via webhook.
Falco
InboundReceive Falco runtime security alerts via HTTP output.
Dependabot
InboundReceive GitHub Dependabot security alert notifications via webhook.