Microsoft Defender for Cloud Apps solution for Sentinel

Solution: Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Microsoft Corporation
Support Tier	Microsoft
Support Link	https://support.microsoft.com
Categories	domains
Version	2.0.2
Author	Microsoft - support@microsoft.com
First Published	2022-05-02
Solution Folder	Microsoft Defender for Cloud Apps
Marketplace	Azure Marketplace · Popularity: 🟢 High (91%)

The Microsoft Defender for Cloud Apps solution for Microsoft Sentinel enables you to ingest security alerts and discovery logs from the Defender for Cloud Apps platform, providing visibility into threats in your cloud app environment, including coverage for shadow IT, impossible travel, ransomware, and data exfiltration use cases.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

Microsoft Defender for Cloud Apps

Tables Used

This solution uses 3 table(s):

Table	Used By Connectors	Used By Content
`McasShadowItReporting`	Microsoft Defender for Cloud Apps	Workbooks
`StorageBlobLogs`	-	Analytics
`StorageFileLogs`	-	Analytics

Internal Tables

The following 1 table(s) are used internally by this solution's content items:

Table	Used By Connectors	Used By Content
`SecurityAlert`	Microsoft Defender for Cloud Apps	Analytics, Workbooks

Content Items

This solution includes 2 content item(s):

Content Type	Count
Analytic Rules	1
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Linked Malicious Storage Artifacts	Medium	CommandAndControl, Exfiltration	`StorageBlobLogs` `StorageFileLogs` Internal use: `SecurityAlert`

Workbooks

Name	Tables Used
MicrosoftCloudAppSecurity	`McasShadowItReporting` Internal use: `SecurityAlert`

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	07-04-2025	Updated ConnectivityCriteria Type in Data Connector.