-
Notifications
You must be signed in to change notification settings - Fork 772
Home
Security rocks, community rocks, so join the Microsoft Defender for Cloud community!
Microsoft Defender for Cloud is a unified multicloud security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises. Defender for Cloud provides APIs which can be stimulated with Azure CLI, PowerShell, and REST commands, as well as a platform for different automation artifacts, such as policies and automated workflows. These contributions enhance the Defender for Cloud experience with governance and remediation at scale and the Microsoft Defender for Cloud Community is centrally integrated in the Defender for Cloud Portal. The Microsoft Defender for Cloud GitHub community provides a forum for community members to join in and submit their own contributions via GitHub Pull Requests, or new contribution ideas as GitHub Issues. These contributions can be based on your idea of the value your contribution provides to enterprises, it can be an artifact derived from our GitHub open issues list, or even an enhancement to existing contributions. Please refer to the Get Started section to start contributing to our community.
All automations within this repository are provided as is, without SLA or official support. However, if you have an issue please fill out a bug report and the community will try to solve it.
You can be informed about changes by following our GitHub repository. To do so, you simply have to click the Watch button in the upper right corner and select what changes you want to be informed about.
This section covers all aspects about what and how to contribute to the Microsoft Defender for Cloud GitHub Community. This project welcomes contributions and suggestions. However, most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
We encourage you to contribute any artifact that enhances end-to-end customer experience in Microsoft Defender for Cloud. This includes, but is not limited to, LogicApp Playbooks, ARM Templates, Azure Policy Definitions, Azure Resource Graph queries, PowerShell scripts, and other kinds of automation artifacts that help to enhance the overall Defender for Cloud experience.
Contribution | Purpose | Get Started |
---|---|---|
Remediation scripts | Remediation at scale. These artifacts help to remediate security recommendations within Defender for Cloud. | Create Azure LogicApps |
Custom (Security) Policies | Governance at scale, custom settings, auto-deployments. With custom security policies, customers can tune their Defender for Cloud environment according to their needs. With DINE (Deploy if not exists) and Deny Policies, customers can make sure that new resources are deployed secure by default. |
Azure Policy documentation Example policies on GitHub How to create custom security policies |
Workflow automation | Auto-reaction on different trigger types, such as recurrence, security recommendations, or threat alerts | Create Azure LogicApps |
Workbooks | Workbooks are custom dashboards within Microsoft Defender for Cloud. They can be deployed as ARM templates to your Defender for Cloud environment. | Azure Workbooks overview |
Artifacts in our GitHub repository are meant to be used in any customer's environment. To make them easy to deploy, we ask you to adhere to the following guidelines:
- Make sure to include a readme.md that explains what your artifact will do.
- If your artifact is an Azure Resource (e.g. a LogicApp), please provide an ARM template that can be deployed with a click on in the respective project folder (not clickable here!). Make sure to include the button as a clickable link to the deployment in your readme.md.
Example link: https://portal.azure.com/#create/Microsoft.Template/uri/pathToRawGitHubTemplateFile - Please make sure your template is generalized, which means that environment-specific information, such as resource group names, locations, storage account names, or subscription IDs should either be provided by the customer, or dynamically generated during the deployment.
Functionally validate whether your contribution works by deploying it to Azure and trying it out in Microsoft Defender for Cloud. The respective product documentation linked above will provide information on how your contribution can be consumed in Azure Sentinel. Besides this, t the time of submitting your Pull Request, automatic GitHub validations using Azure Pipelines is enabled on this repository for basic syntactical checks of the contributions. Follow the test guidance to add any additional tests needed to validate specific scenarios for your contributions as needed.
After you have developed and tested that your contribution works as expected, please follow the general contribution guidelines for the Microsoft Defender for Cloud GitHub repository to open a Pull Request and submit your contribution. We will review your submission before merging your PR within 7 days.
We value your feedback and want to make this community as engaging, as possible. Therefore, here are some channels to help surface your questions or feedback:
What you are looking for | What you can do/Where you can go |
---|---|
General product specific Q&A | Join in our Microsoft Defender for Cloud TechCommunity conversations |
Product specific feature requests | Upvote or post new on Microsoft Defender for Cloud UserVoice |
Product specific bugs | File a Microsoft Defender for Cloud support ticket |
Report content you'd like to see in this repo | File a new GitHub Issue using our Feature Request Template |
Report content bugs for content in this repo / contribution bugs | File a new GitHub Issue using our Bug template |
We can also connect on the following social media channels:
- Microsoft Defender for Cloud blog on TechCommunity
- Microsoft Defender for Cloud forum on TechCommunity