Skip to content
Tom Janetscheck edited this page Nov 3, 2021 · 17 revisions

Welcome, Security enthusiasts!

Security rocks, community rocks, so join the Microsoft Defender for Cloud community!

Microsoft Defender for Cloud logo


What is the Microsoft Defender for Cloud community?

Microsoft Defender for Cloud is a unified multicloud security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises. Defender for Cloud provides APIs which can be stimulated with Azure CLI, PowerShell, and REST commands, as well as a platform for different automation artifacts, such as policies and automated workflows. These contributions enhance the Defender for Cloud experience with governance and remediation at scale and the Microsoft Defender for Cloud Community is centrally integrated in the Defender for Cloud Portal. The Microsoft Defender for Cloud GitHub community provides a forum for community members to join in and submit their own contributions via GitHub Pull Requests, or new contribution ideas as GitHub Issues. These contributions can be based on your idea of the value your contribution provides to enterprises, it can be an artifact derived from our GitHub open issues list, or even an enhancement to existing contributions. Please refer to the Get Started section to start contributing to our community.

Support

All automations within this repository are provided as is, without SLA or official support. However, if you have an issue please fill out a bug report and the community will try to solve it.

Make sure to track all changes

You can be informed about changes by following our GitHub repository. To do so, you simply have to click the Watch button in the upper right corner and select what changes you want to be informed about. Watch this repo


Roll up 'em sleeves and let's get started!

This section covers all aspects about what and how to contribute to the Microsoft Defender for Cloud GitHub Community. This project welcomes contributions and suggestions. However, most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

What to contribute

We encourage you to contribute any artifact that enhances end-to-end customer experience in Microsoft Defender for Cloud. This includes, but is not limited to, LogicApp Playbooks, ARM Templates, Azure Policy Definitions, Azure Resource Graph queries, PowerShell scripts, and other kinds of automation artifacts that help to enhance the overall Defender for Cloud experience.

Contribution Purpose Get Started
Remediation scripts Remediation at scale. These artifacts help to remediate security recommendations within Defender for Cloud. Create Azure LogicApps
Custom (Security) Policies Governance at scale, custom settings, auto-deployments.
With custom security policies, customers can tune their Defender for Cloud environment according to their needs.
With DINE (Deploy if not exists) and Deny Policies, customers can make sure that new resources are deployed secure by default.
Azure Policy documentation
Example policies on GitHub
How to create custom security policies
Workflow automation Auto-reaction on different trigger types, such as recurrence, security recommendations, or threat alerts Create Azure LogicApps
Workbooks Workbooks are custom dashboards within Microsoft Defender for Cloud. They can be deployed as ARM templates to your Defender for Cloud environment. Azure Workbooks overview

Artifacts in our GitHub repository are meant to be used in any customer's environment. To make them easy to deploy, we ask you to adhere to the following guidelines:

  1. Make sure to include a readme.md that explains what your artifact will do.
  2. If your artifact is an Azure Resource (e.g. a LogicApp), please provide an ARM template that can be deployed with a click on Deploy to Azure button in the respective project folder (not clickable here!). Make sure to include the button as a clickable link to the deployment in your readme.md.
    Example link: https://portal.azure.com/#create/Microsoft.Template/uri/pathToRawGitHubTemplateFile
  3. Please make sure your template is generalized, which means that environment-specific information, such as resource group names, locations, storage account names, or subscription IDs should either be provided by the customer, or dynamically generated during the deployment.

About content quality

Functionally validate whether your contribution works by deploying it to Azure and trying it out in Microsoft Defender for Cloud. The respective product documentation linked above will provide information on how your contribution can be consumed in Azure Sentinel. Besides this, t the time of submitting your Pull Request, automatic GitHub validations using Azure Pipelines is enabled on this repository for basic syntactical checks of the contributions. Follow the test guidance to add any additional tests needed to validate specific scenarios for your contributions as needed.

How to contribute

After you have developed and tested that your contribution works as expected, please follow the general contribution guidelines for the Microsoft Defender for Cloud GitHub repository to open a Pull Request and submit your contribution. We will review your submission before merging your PR within 7 days.


Resources

We value your feedback and want to make this community as engaging, as possible. Therefore, here are some channels to help surface your questions or feedback:

What you are looking for What you can do/Where you can go
General product specific Q&A Join in our Microsoft Defender for Cloud TechCommunity conversations
Product specific feature requests Upvote or post new on Microsoft Defender for Cloud UserVoice
Product specific bugs File a Microsoft Defender for Cloud support ticket
Report content you'd like to see in this repo File a new GitHub Issue using our Feature Request Template
Report content bugs for content in this repo / contribution bugs File a new GitHub Issue using our Bug template

We can also connect on the following social media channels: