Cloud App Activity Profiler Agent

Cloud App Activity Profiler integrates with Microsoft Defender for Endpoint and Microsoft Defender for Cloud Apps via Advanced Hunting KQL queries to discover SaaS domains, correlate security alerts, and generate risk-based governance recommendations.

Agent Tasks: Domain discovery across Defender tables, alert correlation with MITRE ATT&CK mapping, threat intelligence enrichment, weighted risk scoring, and governance recommendation generation with operational playbook.

Inputs: Defender Advanced Hunting data (CloudAppEvents, AlertEvidence, EmailUrlInfo, DeviceNetworkEvents), optional domain list, configurable time range (1–30 days)

Outputs: Domain risk classifications (GREEN/YELLOW/RED), numeric risk scores (0–100), governance recommendations (ALLOW/MONITOR/BLOCK), correlated alerts with MITRE ATT&CK techniques, investigation KQL queries, 7-day operational playbook

We also offer a managed CSOC service with 24/7/365 proactive search, monitoring and response capabilities. Learn more: CSOC by glueckkanja.

Need help or have questions regarding the agent? E-Mail us at support.agents@glueckkanja.com