Query and interact with cloud security products.
For full API documentation see the Cloud Security API Reference.
To create an integration with the Cloud Security connector, use the Create Integration API endpoint, using one of the provider configs below.
- AWS Cloud Security (
cloudsecurity_aws) - CrowdStrike Falcon® Insight EDR (
cloudsecurity_crowdstrike) - Microsoft Defender for Cloud (
cloudsecurity_defender) - Palo Alto Networks Cortex Cloud Security (
cloudsecurity_paloalto)
| API | AWS Cloud Security | CrowdStrike Cloud Security | Microsoft Defender for Cloud | Palo Alto Networks Cortex Cloud Security |
|---|---|---|---|---|
| query_cloud_resource_inventory | ❌ | ✅ | ✅ | ✅ |
| query_compliance_findings | ✅ | ✅ | ✅ | ✅ |
| query_events | ❌ | ❌ | ✅ | ❌ |
| query_ioms | ❌ | ✅ | ❌ | ❌ |
| query_threats | ✅ | ❌ | ✅ | ❌ |
| API | AWS Cloud Security | CrowdStrike Cloud Security | Microsoft Defender for Cloud | Palo Alto Networks Cortex Cloud Security |
|---|---|---|---|---|
| query_cloud_resource_inventory | ❌ | ✅ [docs] | ✅ [docs] | ✅ [docs] |
| query_compliance_findings | ✅ [docs] | ✅ [docs] | ✅ [docs] | ✅ [docs] |
| query_events | ❌ | ❌ | ✅ [docs] | ❌ |
| query_ioms | ❌ | ✅ [docs] | ❌ | ❌ |
| query_threats | ✅ [docs] | ❌ | ✅ [docs] | ❌ |