Breadcrumbs

Maximum Risk Score for Defender for Cloud Apps

Connector Applicability

Applies to Source Connectors

MS Defender for Cloud Apps

Applies to Destination Connectors

All

Assumptions

These instructions assume you have already setup a source connection in CI Sync for MS Defender for Cloud Apps using the CI Sync instructions here: Add MS Defender for Cloud Apps.

Pre-Read

Syncfish recommend customers read the following documentation before changing the Connection Setting/s described below.

  1. Understanding the use of CI Sync Connection Settings

  2. Rule 10 - Maximum Risk Score for Defender for Cloud Apps

Locating and Amending the Connection Setting in the CI Sync UI

  1. Navigate to the Settings page

  2. Under the Source Connections heading (list), locate your MS Defender for Cloud Apps connection.

  3. Click the Update link on the right-hand side of the MS Defender for Cloud Apps connection.

  4. Scroll down and locate the Section Heading and view the Individual Setting/s.

image-20251212-003123.png

The screen shot is provided only as sample to assist when reading this page. The state of your own CI Sync UI will depend on whether you are starting from the CI Sync default position or if you have already amended one/more of the settings.

  1. Tick the Override default box/boxes and then use the sliders related to the individual settings. The following table elaborates any further information about these particular settings.

Setting

Type

Additional Notes

Maximum Risk Score

Number

In Defender for Cloud Apps a Risk Score of 0 is bad and a score of 10 is good.

A number between 0 and 10.

Only Cloud Apps with a score below or equal to this value will be synchronized into ServiceNow.

If you initially set a high risk score (and therefore sync more rather than less Cloud App applications into the CMDB) and later decrease the risk score, then CI Sync will deactivate the corresponding Business Application CIs that no longer meet the filter threshold.

This is by design because CI Sync no longer sees the original Cloud Apps and therefore treats then as “gone” (i.e. removed/disappeared/etc) and therefore deactivates the corresponding Buiness Application CIs in the CMDB.

  1. After modifing the settings, scroll to the bottom of the page, tick the “I consent…” checkbox and finally click the Save connection button.

  2. You can now run a sync job and the amended settings will be applied causing the CI Sync Data Sync rules to be modified accordingly.

Importantly

Make sure you consciously override the setting against either your TEST or PROD environment (i.e. your TEST vs PROD sync jobs).

For more information on how to use TEST vs PROD Connection Settings please read Understanding the use of CI Sync Connection Settings.

Syncfish strongly recommend making changes for TEST environment/sync jobs first. Only modify PROD related settings after thoroughly validating the intended results in TEST.