Skip to content

[M365 Defender][Microsoft Defender Endpoint] Add support of vulnerability data-stream #13595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 20 commits into from
May 28, 2025
Merged

[M365 Defender][Microsoft Defender Endpoint] Add support of vulnerability data-stream #13595

merged 20 commits into from
May 28, 2025

Conversation

@sharadcrest
Copy link
Contributor

@sharadcrest sharadcrest commented Apr 17, 2025
edited
Loading

Proposed commit message

This release introduces the vulnerability data stream,
along with its associated dashboard and visualizations.

Vulnerability fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from live data samples, which were subsequently
sanitized.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

To test the m365_defender package:

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/m365_defender directory.
  • Run the following command to run tests.

elastic-package test

--- Test results for package: m365_defender - START --- ╭───────────────┬───────────────┬───────────┬────────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├───────────────┼───────────────┼───────────┼────────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤ │ m365_defender │ │ asset │ dashboard m365_defender-2690a440-7235-11ed-8657-c59f6ece834c is loaded │ PASS │ 3.33µs │ │ m365_defender │ │ asset │ dashboard m365_defender-3caf3c00-7456-11ed-8657-c59f6ece834c is loaded │ PASS │ 317ns │ │ m365_defender │ │ asset │ dashboard m365_defender-ac54d310-44ab-11ed-8375-0168a9970c06 is loaded │ PASS │ 213ns │ │ m365_defender │ │ asset │ dashboard m365_defender-afb93ff7-9903-4d91-9028-9fe9c5a434f8 is loaded │ PASS │ 272ns │ │ m365_defender │ │ asset │ dashboard m365_defender-c0b796d0-720a-11ed-8657-c59f6ece834c is loaded │ PASS │ 278ns │ │ m365_defender │ │ asset │ dashboard m365_defender-d587df00-745f-11ed-8657-c59f6ece834c is loaded │ PASS │ 282ns │ │ m365_defender │ │ asset │ dashboard m365_defender-d80d7840-4366-11ed-b1f2-e917f608bd03 is loaded │ PASS │ 309ns │ │ m365_defender │ │ asset │ search m365_defender-4e5cb35c-7a18-4f29-bb69-7e30ab9bbdec is loaded │ PASS │ 287ns │ │ m365_defender │ │ asset │ search m365_defender-64a31410-722c-11ed-8657-c59f6ece834c is loaded │ PASS │ 272ns │ │ m365_defender │ │ asset │ search m365_defender-989afc60-44a5-11ed-8375-0168a9970c06 is loaded │ PASS │ 348ns │ │ m365_defender │ │ asset │ search m365_defender-fcf25960-44af-11ed-8375-0168a9970c06 is loaded │ PASS │ 322ns │ │ m365_defender │ │ asset │ visualization m365_defender-4f3a6702-9642-4392-9b34-ceb1447e09a7 is loaded │ PASS │ 252ns │ │ m365_defender │ alert │ asset │ index_template logs-m365_defender.alert is loaded │ PASS │ 355ns │ │ m365_defender │ alert │ asset │ ingest_pipeline logs-m365_defender.alert-3.4.0 is loaded │ PASS │ 258ns │ │ m365_defender │ event │ asset │ index_template logs-m365_defender.event is loaded │ PASS │ 336ns │ │ m365_defender │ event │ asset │ ingest_pipeline logs-m365_defender.event-3.4.0 is loaded │ PASS │ 177ns │ │ m365_defender │ incident │ asset │ index_template logs-m365_defender.incident is loaded │ PASS │ 337ns │ │ m365_defender │ incident │ asset │ ingest_pipeline logs-m365_defender.incident-3.4.0 is loaded │ PASS │ 351ns │ │ m365_defender │ vulnerability │ asset │ index_template logs-m365_defender.vulnerability is loaded │ PASS │ 255ns │ │ m365_defender │ vulnerability │ asset │ ingest_pipeline logs-m365_defender.vulnerability-3.4.0 is loaded │ PASS │ 275ns │ ╰───────────────┴───────────────┴───────────┴────────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯ --- Test results for package: m365_defender - END --- Done Run pipeline tests for the package --- Test results for package: m365_defender - START --- ╭───────────────┬───────────────┬───────────┬──────────────────────────────────────────────────────┬────────┬──────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├───────────────┼───────────────┼───────────┼──────────────────────────────────────────────────────┼────────┼──────────────┤ │ m365_defender │ alert │ pipeline │ (ingest pipeline warnings test-alert.log) │ PASS │ 365.02825ms │ │ m365_defender │ alert │ pipeline │ test-alert.log │ PASS │ 329.355521ms │ │ m365_defender │ event │ pipeline │ (ingest pipeline warnings test-alert.log) │ PASS │ 325.723501ms │ │ m365_defender │ event │ pipeline │ (ingest pipeline warnings test-app-and-identity.log) │ PASS │ 329.886917ms │ │ m365_defender │ event │ pipeline │ (ingest pipeline warnings test-device.log) │ PASS │ 323.129431ms │ │ m365_defender │ event │ pipeline │ (ingest pipeline warnings test-email.log) │ PASS │ 347.739081ms │ │ m365_defender │ event │ pipeline │ test-alert.log │ PASS │ 322.623834ms │ │ m365_defender │ event │ pipeline │ test-app-and-identity.log │ PASS │ 273.304941ms │ │ m365_defender │ event │ pipeline │ test-device.log │ PASS │ 2.439635591s │ │ m365_defender │ event │ pipeline │ test-email.log │ PASS │ 203.880514ms │ │ m365_defender │ incident │ pipeline │ (ingest pipeline warnings test-incident.log) │ PASS │ 313.016401ms │ │ m365_defender │ incident │ pipeline │ test-incident.log │ PASS │ 543.172674ms │ │ m365_defender │ vulnerability │ pipeline │ (ingest pipeline warnings test-vulnerability.log) │ PASS │ 337.802308ms │ │ m365_defender │ vulnerability │ pipeline │ test-vulnerability.log │ PASS │ 189.414215ms │ ╰───────────────┴───────────────┴───────────┴──────────────────────────────────────────────────────┴────────┴──────────────╯ --- Test results for package: m365_defender - END --- Done Run policy tests for the package --- Test results for package: m365_defender - START --- No test results --- Test results for package: m365_defender - END --- Done Run static tests for the package --- Test results for package: m365_defender - START --- ╭───────────────┬───────────────┬───────────┬──────────────────────────┬────────┬──────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├───────────────┼───────────────┼───────────┼──────────────────────────┼────────┼──────────────┤ │ m365_defender │ alert │ static │ Verify sample_event.json │ PASS │ 152.764815ms │ │ m365_defender │ incident │ static │ Verify sample_event.json │ PASS │ 169.007534ms │ │ m365_defender │ vulnerability │ static │ Verify sample_event.json │ PASS │ 138.15494ms │ ╰───────────────┴───────────────┴───────────┴──────────────────────────┴────────┴──────────────╯ --- Test results for package: m365_defender - END --- Done Run system tests for the package 2025/05/08 16:36:59 INFO License text found in "/home/devuser/bitbucket/integrations/LICENSE.txt" will be included in package 2025/05/08 16:37:42 INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/m365-defender-alert-http-1746702462307404984.log 2025/05/08 16:37:45 INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/elastic-agent-1746702465654572433.log 2025/05/08 16:38:32 INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/m365-defender-incident-http-1746702512389066487.log 2025/05/08 16:38:35 INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/elastic-agent-1746702515713606288.log 2025/05/08 16:39:25 INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/m365-defender-vulnerability-cel-1746702565577397215.log 2025/05/08 16:39:28 INFO Write container logs to file: /home/devuser/bitbucket/integrations/build/container-logs/elastic-agent-1746702568729477788.log --- Test results for package: m365_defender - START --- ╭───────────────┬───────────────┬───────────┬───────────┬────────┬───────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├───────────────┼───────────────┼───────────┼───────────┼────────┼───────────────┤ │ m365_defender │ alert │ system │ default │ PASS │ 40.365741467s │ │ m365_defender │ incident │ system │ default │ PASS │ 35.381508727s │ │ m365_defender │ vulnerability │ system │ default │ PASS │ 38.886765742s │ ╰───────────────┴───────────────┴───────────┴───────────┴────────┴───────────────╯ --- Test results for package: m365_defender - END --- Done

To test the microsoft_defender_endpoint package:

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/microsoft_defender_endpoint directory.
  • Run the following command to run tests.

elastic-package test

--- Test results for package: microsoft_defender_endpoint - START --- ╭─────────────────────────────┬────────────────┬───────────┬──────────────────────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├─────────────────────────────┼────────────────┼───────────┼──────────────────────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤ │ microsoft_defender_endpoint │ │ asset │ dashboard microsoft_defender_endpoint-65402c30-ca6a-11ea-9d4d-9737a63aaa55 is loaded │ PASS │ 2.672µs │ │ microsoft_defender_endpoint │ │ asset │ dashboard microsoft_defender_endpoint-6a043fee-1e3d-454b-96d1-159e6efce215 is loaded │ PASS │ 232ns │ │ microsoft_defender_endpoint │ │ asset │ dashboard microsoft_defender_endpoint-afb93ff7-9903-4d91-9028-9fe9c5a434f8 is loaded │ PASS │ 197ns │ │ microsoft_defender_endpoint │ │ asset │ dashboard microsoft_defender_endpoint-c89734ca-ab7f-419d-b665-50076cceee60 is loaded │ PASS │ 214ns │ │ microsoft_defender_endpoint │ │ asset │ search microsoft_defender_endpoint-4e5cb35c-7a18-4f29-bb69-7e30ab9bbdec is loaded │ PASS │ 265ns │ │ microsoft_defender_endpoint │ │ asset │ visualization microsoft_defender_endpoint-4f3a6702-9642-4392-9b34-ceb1447e09a7 is loaded │ PASS │ 163ns │ │ microsoft_defender_endpoint │ log │ asset │ index_template logs-microsoft_defender_endpoint.log is loaded │ PASS │ 253ns │ │ microsoft_defender_endpoint │ log │ asset │ ingest_pipeline logs-microsoft_defender_endpoint.log-2.34.0 is loaded │ PASS │ 173ns │ │ microsoft_defender_endpoint │ machine │ asset │ index_template logs-microsoft_defender_endpoint.machine is loaded │ PASS │ 268ns │ │ microsoft_defender_endpoint │ machine │ asset │ ingest_pipeline logs-microsoft_defender_endpoint.machine-2.34.0 is loaded │ PASS │ 122ns │ │ microsoft_defender_endpoint │ machine_action │ asset │ index_template logs-microsoft_defender_endpoint.machine_action is loaded │ PASS │ 219ns │ │ microsoft_defender_endpoint │ machine_action │ asset │ ingest_pipeline logs-microsoft_defender_endpoint.machine_action-2.34.0 is loaded │ PASS │ 466ns │ │ microsoft_defender_endpoint │ vulnerability │ asset │ index_template logs-microsoft_defender_endpoint.vulnerability is loaded │ PASS │ 238ns │ │ microsoft_defender_endpoint │ vulnerability │ asset │ ingest_pipeline logs-microsoft_defender_endpoint.vulnerability-2.34.0 is loaded │ PASS │ 145ns │ ╰─────────────────────────────┴────────────────┴───────────┴──────────────────────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯ --- Test results for package: microsoft_defender_endpoint - END --- Done Run pipeline tests for the package --- Test results for package: microsoft_defender_endpoint - START --- ╭─────────────────────────────┬────────────────┬───────────┬────────────────────────────────────────────────────┬────────┬──────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├─────────────────────────────┼────────────────┼───────────┼────────────────────────────────────────────────────┼────────┼──────────────┤ │ microsoft_defender_endpoint │ log │ pipeline │ (ingest pipeline warnings test-defenderatp.log) │ PASS │ 342.749524ms │ │ microsoft_defender_endpoint │ log │ pipeline │ test-defenderatp.log │ PASS │ 257.553143ms │ │ microsoft_defender_endpoint │ machine │ pipeline │ (ingest pipeline warnings test-machine.log) │ PASS │ 320.622759ms │ │ microsoft_defender_endpoint │ machine │ pipeline │ test-machine.log │ PASS │ 197.426207ms │ │ microsoft_defender_endpoint │ machine_action │ pipeline │ (ingest pipeline warnings test-machine-action.log) │ PASS │ 354.554906ms │ │ microsoft_defender_endpoint │ machine_action │ pipeline │ test-machine-action.log │ PASS │ 144.256488ms │ │ microsoft_defender_endpoint │ vulnerability │ pipeline │ (ingest pipeline warnings test-vulnerability.log) │ PASS │ 322.998327ms │ │ microsoft_defender_endpoint │ vulnerability │ pipeline │ test-vulnerability.log │ PASS │ 196.078817ms │ ╰─────────────────────────────┴────────────────┴───────────┴────────────────────────────────────────────────────┴────────┴──────────────╯ --- Test results for package: microsoft_defender_endpoint - END --- Done Run policy tests for the package --- Test results for package: microsoft_defender_endpoint - START --- No test results --- Test results for package: microsoft_defender_endpoint - END --- Done Run static tests for the package --- Test results for package: microsoft_defender_endpoint - START --- ╭─────────────────────────────┬────────────────┬───────────┬──────────────────────────┬────────┬──────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├─────────────────────────────┼────────────────┼───────────┼──────────────────────────┼────────┼──────────────┤ │ microsoft_defender_endpoint │ log │ static │ Verify sample_event.json │ PASS │ 128.181786ms │ │ microsoft_defender_endpoint │ machine │ static │ Verify sample_event.json │ PASS │ 117.3639ms │ │ microsoft_defender_endpoint │ machine_action │ static │ Verify sample_event.json │ PASS │ 105.938337ms │ │ microsoft_defender_endpoint │ vulnerability │ static │ Verify sample_event.json │ PASS │ 130.235506ms │ ╰─────────────────────────────┴────────────────┴───────────┴──────────────────────────┴────────┴──────────────╯ --- Test results for package: microsoft_defender_endpoint - END --- Done Run system tests for the package 2025/05/08 16:40:20 INFO License text found in "/home/devuser/github/integrations/LICENSE.txt" will be included in package 2025/05/08 16:41:07 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/microsoft-defender-mock-1746702667422402064.log 2025/05/08 16:41:10 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1746702670794093338.log 2025/05/08 16:41:57 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/defender-endpoint-logfile-1746702717282432654.log 2025/05/08 16:42:00 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1746702720771243800.log 2025/05/08 16:44:15 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/microsoft-defender-mock-1746702855623549748.log 2025/05/08 16:44:18 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1746702858881147228.log 2025/05/08 16:45:07 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/microsoft-defender-mock-1746702907765354126.log 2025/05/08 16:45:10 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1746702910885278156.log 2025/05/08 16:45:55 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/microsoft-defender-endpoint-vulnerability-cel-1746702955830120657.log 2025/05/08 16:45:58 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1746702958916044554.log --- Test results for package: microsoft_defender_endpoint - START --- ╭─────────────────────────────┬────────────────┬───────────┬───────────┬────────┬────────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├─────────────────────────────┼────────────────┼───────────┼───────────┼────────┼────────────────┤ │ microsoft_defender_endpoint │ log │ system │ httpjson │ PASS │ 33.801123757s │ │ microsoft_defender_endpoint │ log │ system │ logfile │ PASS │ 35.911809956s │ │ microsoft_defender_endpoint │ machine │ system │ default │ PASS │ 2m5.921276064s │ │ microsoft_defender_endpoint │ machine_action │ system │ default │ PASS │ 39.345869313s │ │ microsoft_defender_endpoint │ vulnerability │ system │ default │ PASS │ 35.807324568s │ ╰─────────────────────────────┴────────────────┴───────────┴───────────┴────────┴────────────────╯ --- Test results for package: microsoft_defender_endpoint - END --- Done

Related Issues

Screenshots

Browse Integration M365 Defender
Integrations M365 Defender
Browse Integration Microsoft Defender for Endpoint
Integrations Microsoft Defender for Endpoint
@sharadcrest sharadcrest requested a review from a team as a code owner April 17, 2025 16:26
@andrewkroh andrewkroh added Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. Integration:m365_defender Microsoft Defender XDR Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Apr 17, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@kcreddy kcreddy marked this pull request as draft April 21, 2025 11:07
@sharadcrest sharadcrest marked this pull request as ready for review April 24, 2025 04:48
@kcreddy
Copy link
Contributor

kcreddy commented May 5, 2025

/test
kcreddy
kcreddy reviewed May 5, 2025
View reviewed changes
packages/m365_defender/_dev/build/docs/README.md
The [Microsoft 365 Defender](https://learn.microsoft.com/en-us/microsoft-365/security/defender) integration allows you to monitor Alert, Incident (Microsoft Graph Security API), Event (Streaming API) Logs, and Vulnerability (Microsoft Defender for Endpoint API) Logs. Microsoft 365 Defender is a unified pre and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Use the Microsoft 365 Defender integration to collect and parse data from the Microsoft Azure Event Hub, and the Microsoft Graph Security v1.0 REST API. Then visualise that data in Kibana.
Use the Microsoft 365 Defender integration to collect and parse data from the Microsoft Azure Event Hub, Microsoft Graph Security v1.0 REST API, and the Micrsoft Defender Endpoint API. Then visualise that data in Kibana.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is already a Microsoft Defender for Endpoint integration. I think this data_stream should be added there since we are using Micrsoft Defender Endpoint API to retrieve the vulnerabilities.

@jamiehynds / @cpascale43 please kindly clarify which integration does this datastream need to go into?
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes logical sense to me @kcreddy, we can go ahead and add this to Defender for Endpoint
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sharadcrest, can you please change the integration?
cc: @piyush-elastic
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to have the vuln data added to both the M365D and Defender for Endpoint integration? Reason being, the vulnerability data is exposed in both the M365D UI, as well as Defender for Endpoint customers running standalone, i.e. without M365D. If we add it to both integrations, we at least cover all bases, although I'd expect the M365D integration to be the more popular route.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, will replicate same in Defender for Endpoint integration also.
kcreddy
kcreddy reviewed May 7, 2025
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sharadcrest can you please fix the CI error?
@sharadcrest sharadcrest requested review from a team as code owners May 8, 2025 05:57
@sharadcrest sharadcrest requested review from AndersonQ and mauri870 May 8, 2025 05:57
@efd6
Copy link
Contributor

efd6 commented May 8, 2025

It looks like something has gone terribly wrong with this PR. Why are so many files involved? This has happened due to the back merge of main into this branch, but something went wrong.
@sharadcrest sharadcrest requested a review from kcreddy May 14, 2025 05:41
@kcreddy
Copy link
Contributor

kcreddy commented May 15, 2025

/test
kcreddy
kcreddy reviewed May 15, 2025
View reviewed changes
@sharadcrest sharadcrest requested a review from kcreddy May 15, 2025 05:19
kcreddy
kcreddy reviewed May 15, 2025
View reviewed changes
@kcreddy
Copy link
Contributor

kcreddy commented May 15, 2025

/test
@kcreddy kcreddy mentioned this pull request May 15, 2025
Merged
5 tasks
@sharadcrest sharadcrest requested a review from kcreddy May 16, 2025 11:58
@kcreddy
Copy link
Contributor

kcreddy commented May 19, 2025

/test
kcreddy
kcreddy reviewed May 20, 2025
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only pending comment: #13595 (comment)
kcreddy
kcreddy reviewed May 26, 2025
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sharadcrest can you update this PR by removing vulnerability.package fields, but populating package fields at root instead?
Please refer to latest Tenable IO PR: #13636
CDR guide is/will be updated accordingly.

cc: @maxcold
@sharadcrest sharadcrest requested a review from kcreddy May 28, 2025 06:31
@kcreddy
Copy link
Contributor

kcreddy commented May 28, 2025

/test
@elastic-sonarqube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
97.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube
@elasticmachine
Copy link

💚 Build Succeeded

History
@kcreddy kcreddy merged commit 1d0007a into elastic:main May 28, 2025
8 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package m365_defender - 3.8.0 containing this change is available at https://epr.elastic.co/package/m365_defender/3.8.0/
@elastic-vault-github-plugin-prod
Copy link

Package microsoft_defender_endpoint - 2.38.0 containing this change is available at https://epr.elastic.co/package/microsoft_defender_endpoint/2.38.0/
anupratharamachandran pushed a commit to anupratharamachandran/integrations that referenced this pull request Jun 2, 2025
@sharadcrest @anupratharamachandran
[M365 Defender][Microsoft Defender Endpoint] Add support of vulnerabi…
96474bb 
…lity data-stream (elastic#13595) This release introduces the vulnerability data stream, along with its associated dashboard and visualizations. Vulnerability fields are mapped to their corresponding ECS fields where possible. Test samples were derived from live data samples, which were subsequently sanitized.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. Integration:m365_defender Microsoft Defender XDR Integration:microsoft_defender_endpoint Microsoft Defender for Endpoint Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

10 participants

@sharadcrest @elasticmachine @kcreddy @efd6 @maxcold @cpascale43 @nick-alayil @jamiehynds @piyush-elastic @andrewkroh