[meta] Update Microsoft Defender for Endpoint integration to Leverage Native Cloud Security Workflows

[kcreddy]

As part of effort to leverage Cloud Security workflows such as Elastic CSPM and CNVM for 3rd party integrations, the vulnerabilities data from Microsoft Defender for Endpoint needs to be enriched just like previous enhancements for Wiz, Qualys VMDR, and Rapid7 InsighVM.

For this work, the microsoft_defender_endpoint.vulnerability data stream which ingests exported vulnerabilities of assets must be enriched to support Elastic CNVM workflow.

Tasks:

• Get access to Microsoft Defender for Endpoint environment.
• Setup Microsoft Defender for Endpoint ingestion in cluster.
• Analyse required mapping changes for Microsoft Defender for Endpoint and get feedback.
• Microsoft Defender for Endpoint: Implement mappings for Cloud Security Workflows #14662
• Microsoft Defender for Endpoint: Implement transform for Cloud Security Workflows #14663

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)