Breadcrumbs

Rule 11 - Defender for Cloud Apps Report Time Frame used by CI Sync

Rule Synopsis

For context: Microsoft Defender for Cloud Apps gathers information from various sources to discover Cloud Applications. By aggregating and analysing these sources, Defender for Cloud Apps achieves two things relevant to synchronization of the data into ServiceNow via CI Sync:

  1. It allows Defender to determine the vulnerability state of applications.

  2. It allows Defender to determine which users are using those applications.

Defender for Cloud Apps maintains the aggregated data for durations configured in Defender for Cloud Apps.

CI Sync allows customers to determine the duration (in days) by which CI Sync will query/retrieve the Defender for Cloud Apps data.

Rule Details

  • By default, CI Sync queries 30x days worth of Defender for Cloud Apps data.

Override Options

Context

Customers may wish to change the duration of days queried by CI Sync to meet their business needs.

Options

Customers can set duration to 7x days, 30x days (the default) or 90x days.

Overriding via Connection Settings

Customers can perform the override using a “Connection Setting” via the CI Sync User Interface (i.e. customers can perform the overrides themselves). Additional information for this is available via the following documentation:

  1. For a general overview of CI Sync Connection Settings please read Understanding the use of CI Sync Connection Settings.

  2. For the specific CI Sync Connection Setting/s related to the rule described on this page please read Report Time Frame for Defender for Cloud Apps.

For documentation on all CI Sync Connection Settings please visit the page tree Connection Setting Guides.

Additional Information

N/A

N/A

Support Model for Rule Overrides

Question: Can overrides be performed by customers without a Syncfish Extended Implementation and Support Plan?

Answer: Yes (via self-service in the CI Sync UI)

Question: Which Syncfish Extended Implementation and Support Plan is required to obtain overrides of this rule

Answer: Either a Bronze Plan, Silver Plan or Gold Plan (for customers wanting Syncfish assistance to perform overrides of this rule)