Skip to main content

🧠 Microsoft Defender For Cloud Integration With Microsoft Defender For Endpoint is not enabled - prod.logic.yaml 🟒

Flags​

Input Type​

TypeAPI NameExtractsExtract FilesLogic Files
πŸ”’πŸ“• Azure SubscriptionCA10__CaAzureAccount__c13131

Uses​

Test Results πŸŸ’β€‹

Generated at: 2025-04-24T23:46:16.289899622Z Open

ResultIdCondition IndexCondition TextRuntime Error
🟒test1βœ”οΈ 101βœ”οΈ CA10__defenderForCloudSettingsJson__c.delegatedTo(CA10__defenderForCloudSettingsJson__c).isEmpty()βœ”οΈ null
🟒test2βœ”οΈ 199βœ”οΈ not(extract('caJsonFrom__defenderForCloudSettings__c').jsonQueryText('settings[?name == \'WDATP\'].enabled | [0]'))βœ”οΈ null
🟒test3βœ”οΈ 299βœ”οΈ extract('caJsonFrom__defenderForCloudSettings__c').jsonQueryText('settings[?name == \'WDATP\'].enabled | [0]')βœ”οΈ null
🟒test4βœ”οΈ 199βœ”οΈ not(extract('caJsonFrom__defenderForCloudSettings__c').jsonQueryText('settings[?name == \'WDATP\'].enabled | [0]'))βœ”οΈ null
🟒test5βœ”οΈ 199βœ”οΈ not(extract('caJsonFrom__defenderForCloudSettings__c').jsonQueryText('settings[?name == \'WDATP\'].enabled | [0]'))βœ”οΈ null
🟒test6βœ”οΈ 199βœ”οΈ not(extract('caJsonFrom__defenderForCloudSettings__c').jsonQueryText('settings[?name == \'WDATP\'].enabled | [0]'))βœ”οΈ null

Generation​

FileMD5
Open/ce/ca/azure/subscription/integration-with-microsoft-defender-for-endpoint/policy.yaml314079FF538D4FD6EFE65F32B0107E4B
Open/ce/ca/azure/subscription/integration-with-microsoft-defender-for-endpoint/prod.logic.yaml267B5095BAA7709E3FD1E4E4751578E4
Open/types/CA10__CaAzureAccount__c/object.extracts.yaml9C78116D7D6EA5327842D3BC5DCF8980
Open/ce/ca/azure/subscription/integration-with-microsoft-defender-for-endpoint/test-data.json434472371BA494A55950ECDD146C784C

Generate FULL script​

java -jar repo-manager.jar policies generate FULL /ce/ca/azure/subscription/integration-with-microsoft-defender-for-endpoint/prod.logic.yaml

Generate DEBUG script​

java -jar repo-manager.jar policies generate DEBUG /ce/ca/azure/subscription/integration-with-microsoft-defender-for-endpoint/prod.logic.yaml

Generate CAPTURE_TEST_DATA script​

java -jar repo-manager.jar policies generate CAPTURE_TEST_DATA /ce/ca/azure/subscription/integration-with-microsoft-defender-for-endpoint/prod.logic.yaml

Generate TESTS script​

java -jar repo-manager.jar policies generate TESTS /ce/ca/azure/subscription/integration-with-microsoft-defender-for-endpoint/prod.logic.yaml

Execute tests​

java -jar repo-manager.jar policies test /ce/ca/azure/subscription/integration-with-microsoft-defender-for-endpoint/prod.logic.yaml

Content​

Open File

---
inputType: "CA10__CaAzureAccount__c"
importExtracts:
  - file: "/types/CA10__CaAzureAccount__c/object.extracts.yaml"
testData:
  - file: "test-data.json"
conditions:
      - status: "INCOMPLIANT"
        currentStateMessage: "Microsoft Defender for Endpoint is not enabled."
        remediationMessage: "Consider enabling Microsoft Defender for Endpoint."
        check:
          NOT:
            arg:
              JSON_QUERY_BOOLEAN:
                arg: 
                  EXTRACT: "caJsonFrom__defenderForCloudSettings__c"
                expression: "settings[?name == 'WDATP'].enabled | [0]"
                undeterminedIf: 
                  evaluationError: "The JSON query has failed."
                  resultTypeMismatch: "The JSON query did not return text type."
      - status: "COMPLIANT"
        currentStateMessage: "Microsoft Defender for Endpoint is enabled."
        check:
          JSON_QUERY_BOOLEAN:
            arg: 
              EXTRACT: "caJsonFrom__defenderForCloudSettings__c"
            expression: "settings[?name == 'WDATP'].enabled | [0]"
            undeterminedIf: 
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
otherwise:
  status: "UNDETERMINED"
  currentStateMessage: "Unexpected value in the field."