Microsoft Defender for Cloud (CNAPP)

The Microsoft Defender for Cloud API Connector bridges your cloud security platform with Qualys ETM to automatically synchronize asset inventory and security findings through scheduled API calls.

By centralizing misconfiguration data from Microsoft's cloud security service, the connector deduplicates redundant entries, normalizes data formats, enriches findings with additional context, and calculates risk scores using TruRisk, eliminating manual data aggregation and enabling faster remediation decisions.

Security teams gain unified visibility into cloud infrastructure vulnerabilities alongside other organizational findings, transforming disconnected security alerts into actionable intelligence for risk-driven prioritization across hybrid environments.

Connector Details

Here is a comprehensive overview of what the Microsoft Defender for Cloud Connector supports.

Vendor

Microsoft

Product Name

Defender for Cloud

Category

Cloud Security

Findings Support

Yes

Supported Assets

Cloud Resources
(check the Asset Data Scope below for full details)

Version

1.0.0

Supported Version & Type SaaS (Latest)

Integration Type

API Integration (REST)

Direction

Unidirectional

Delta Support

Not Supported

Import of Installed Software

Not Supported

Import of Source Tags

Not Supported

Filters/Filter Query     Not Supported

Asset Data Scope

Complete list of cloud resources fetched with the Defender for Cloud connector.

Cloud Provider and Findings

Resources

Azure Vulnerabilities

Compute and its vulnerability findings

  • Serverless Function (asset only, no vulnerability findings)
  • Container Image and its vulnerability findings
  • Container Instance (asset only, no vulnerability findings)
Azure Misconfigurations

Misconfiguration findings from Microsoft Defender for the following asset types:

  • Azure Container Instance
  • Azure Compute VM
  • Azure Serverless (Functions)

Supportability MatrixSupportability Matrix

Asset Class Finding Type AWS Azure GCP OCI
Compute Resource Type EC2 Instance Azure Virtual Machine Compute Engine VM OCI Compute Instance
Inventory
Vulnerabilities
Misconfigurations
Serverless Resource Type AWS Lambda Function Azure Function App GCP Cloud Functions OCI Functions
Inventory
Vulnerabilities NA
Misconfigurations
Container Image Resource Type Amazon ECR (Container Image) Azure Container Registry (ACR Image) Google Artifact Registry (Container Image) OCI Container Registry (OCIR Image)
Inventory
Vulnerabilities
Misconfigurations NA
Container Instance Resource Type Amazon ECS Task / AWS Fargate Container Azure Container Instance (ACI) GKE Pod / Cloud Run Container OCI Container Instances
Inventory
Vulnerabilities NA
Misconfigurations

“–” entries indicate the asset class/finding type combination is not yet available for this connector. NA indicates that the CNAPP vendor does not currently support this asset class/finding type combination.

  "—" entries indicate the asset class/finding type combination is not yet available for this connector. NA indicates that CNAPP vendor is currently not supporting this asset class/finding type combination.

Configure the Connector

Follow these steps to create a new Microsoft Defender for Cloud connection in Qualys ETM. A valid connection test is required before proceeding to the next step.

Before You Begin - AuthenticationBefore You Begin - Authentication

Complete the following steps in your Microsoft Azure environment before configuring the connector in Qualys ETM. Have the following four values ready before you proceed:

  • Subscription UUID
  • Tenant ID
  • Client ID
  • Client Secret

Register an Application and Obtain Credentials

Authentication URL

The Authentication URL is a fixed value. Use: https://login.microsoftonline.com/

Obtain Client ID and Tenant ID

  1. Log on to your Microsoft Azure console and click Azure Active Directory in the left navigation pane.
  2. Navigate to App registrations > New Registration.
  3. Provide a name for the application and select the required supported account types.
  4. Optionally provide a Redirect URI, or leave it blank and proceed.
  5. Click Register. The newly created application is displayed with its properties.
  6. Go to Overview > Essentials to view your Client (Application) ID and Tenant (Directory) ID. Store these values securely for later use.
  7. Click Add a certificate or secret to proceed to Client Secret creation.

Create a Client Secret

Important: Copy the Client Secret Value immediately after creation. It cannot be retrieved again after you leave the page.

  1. Click New client secret.
  2. Enter a description of your choice and set the expiration period. Click Add.
  3. Copy the Value of your Client Secret and store it securely before navigating away.

Permissions Required

Scope and Data Access

The registered application requires the following permissions to allow the connector to read Defender for Cloud data.

Assign Reader and Security Reader Roles

Navigate to Subscriptions:

  1. Log in to the Azure portal at portal.azure.com.
  2. Type Subscriptions in the Azure Portal search bar and click it.
  3. Select your target subscription from the list.

Open Access Control (IAM):

  1. In the left sidebar, click Access control (IAM).
  2. Click + Add and select Add role assignment from the dropdown.

Assign the Reader role:

  1. Under the Role tab, search for Reader and select it from the results.
  2. Click Next.
  3. Under Assign access to, select User, group, or service principal.
  4. Click + Select members and search for the name of the App Registration you created.
  5. Select it and click Select.
  6. Click Next, review the assignment, and click Review + assign to confirm.
  7. Repeat these steps to also assign the Security Reader role to the same App Registration.

Grant Microsoft Graph API Permissions

  1. After application registration, navigate to the API Permissions section of your app.
  2. Click Add a permission and select Microsoft Graph.
  3. Choose the appropriate permission type:
    1. Delegated permissions — if the app needs to access the API on behalf of a signed-in user.
    2. Application permissions — if the app needs to access the API as a background service or daemon.
  4. Click Grant admin consent for [Your Organization] to apply the permissions to all users.

Important: Admin consent must be granted by an Azure administrator. Without it, the connector will fail the Authorization Scope Check during Test Connection.

Note: The minimum required permission is the Reader role (or higher) on each Azure subscription whose Defender for Cloud data you want to ingest.

Key Rotation

Client Secrets have a fixed expiration period set at creation time. When a Client Secret expires, the connector will fail authentication. To rotate the key:

  1. In the Azure portal, navigate to your App Registration > Certificates & secrets.
  2. Create a new Client Secret and copy the value immediately.
  3. In Qualys ETM, edit the connector and replace the Client Secret field with the new value.
  4. Run Test Connection to verify authentication succeeds.
  5. Delete the expired secret from Azure after confirming the connector works.

Create a Profile & ConnectionCreate a Profile & Connection

Configure the connector's identity and authenticate with the source system.

Connector Details

Field

Description

Name (Required)

A unique display name for this connector instance. Example: Defender-All.

Description

Optional free-text description (maximum 180 characters).

Authentication Details

Field

Type

Description

Subscription UUID (Required)

String

The Azure Subscription UUID (GUID) whose Defender for Cloud data you want to ingest.

Tenant ID (Required)

String

The Directory (Tenant) ID of your Azure Active Directory tenant. Obtain from Azure AD > Overview > Essentials.

Client ID (Required)

String

The Application (Client) ID of the registered Azure AD app. Obtain from App registrations > Overview.

Client Secret (Required)

Encrypted String

The secret value generated under App registrations > Certificates & secrets. Stored encrypted after save.

Important: The Client Secret value is only visible immediately after creation in the Azure portal. Copy and store it securely before saving. It cannot be retrieved afterwards.

After entering all authentication details, click Test Connection. A valid connection test is required before you can proceed to the next step. The following checks are performed:

  • Network Reachability — Verifies that the connector endpoint is reachable over HTTPS (port 443).
  • TLS Handshake — Confirms that a secure TLS connection can be established with the remote endpoint.
  • Authentication Credential Check — Validates the configured credentials against the source system's authentication endpoint.
  • Authorization Scope Check — Confirms that the provided credentials have the required permissions to access the configured data scope.
  • Data Fetch — Verifies that data can be successfully retrieved from the source system using the configured connection.

Click Next to proceed to Scope & Schedule once all checks pass.

Set the Scope & ScheduleSet the Scope & Schedule

Select the data to ingest from Microsoft Defender for Cloud and configure when the connector should run.

Data to Sync

Choose one of the two options:

  • Assets & Findings — Synchronizes asset inventory together with vulnerability and misconfiguration findings. (Default selection.)
  • Assets — Synchronizes asset inventory only, without findings.

Click the Advanced toggle to open Advanced Settings and configure asset type and findings filters before proceeding.

Schedule

Set Occurs to Custom and select the occurrence type:

  • Single Occurrence — Runs the connector once at a specified date and time. Select the timezone, Start Date, and Start Time.
  • Recurring — Runs the connector on a repeating schedule. Provide start and end date/time along with recurrence interval.

Note: Schedule times are interpreted in the selected timezone. Verify your timezone selection before saving; scheduling in an incorrect timezone may delay the first sync.


Click Next to proceed to Review & Confirm.

Advanced Settings

Advanced Settings are accessible from the Scope & Schedule step by enabling the Advanced toggle. Use these settings to refine which assets and findings are ingested and to review data mapping configuration. Changes here are optional.

Note: Click Save after making any changes in Advanced Settings before proceeding to the next wizard step.

Filters Tab

The Filters tab uses a chip-selector model. Select or deselect asset types and finding types to control the scope of data ingested.

Asset Types (all selected by default):

  • Container Instance
  • Compute
  • Container Image
  • Serverless

Findings (all selected by default):

  • Misconfiguration
  • Vulnerability

All chips are selected by default. Remove a chip to exclude that asset type or finding type from the synchronization.

Require Manual Sync — When checked, the connector will not execute automatically on the configured schedule. It must be triggered manually from the Connections list.

Note: Free-text OData filter queries are not supported by this connector. Scope filtering is limited to the asset type and findings chip selectors above.

Transform Map Tab

The Transform Map tab displays the active data mapping configuration used to convert Microsoft Defender for Cloud fields into Qualys ETM schema fields. The connector provides out-of-box transform maps that require no additional configuration to begin ingestion. You may view the map to understand the field-level transformations, or clone it to create a custom variant.

The active maps cover:

  • Asset transformation maps for AZURE.VIRTUAL_MACHINE, AZURE.CONTAINER_IMAGE, AZURE.CONTAINER_INSTANCE, and AZURE.SERVERLESS
  • Vulnerability transformation maps for AZURE.CONTAINER_IMAGE and COMPUTE
  • Misconfiguration transformation map for all supported finding types

To learn more, refer to the Transformation Maps section.

How the Connection Works

The Defender for Cloud connector operates through configured profiles that determine which data is synchronized and when. On each scheduled execution (or on-demand run), the connector performs a full sync — pulling asset inventory and findings from Microsoft Defender for Cloud into Qualys ETM. Delta synchronization is not supported.

Connector States

A successfully configured connector progresses through the following states:

  1. Registered — The connector has been successfully created and registered to fetch data from Microsoft Defender for Cloud.
  2. Scheduled — The connector is scheduled to execute a connection with the vendor at the configured time.
  3. Processing — A connection has been executed and the connector is actively fetching asset and findings data.
  4. Processed — The connector has successfully fetched assets. Findings may still be processing; allow additional time for findings to appear completely in ETM.

Note: The Processed state indicates the connector ran successfully, but the full import of assets and findings — particularly findings — may take up to 2 hours to complete. After this initial processing period, the imported data will be available in Enterprise TruRisk Management (ETM).

Viewing Assets and Findings in ETM

Navigate to Enterprise TruRisk Management to analyze your connector's imported data.

Assets

Go to Inventory in ETM and use the following filter token to view all assets imported from this connector:

inventory:(source:"Defender for Cloud")

Click any asset to view its details, risk score, and associated findings.

Findings

Go to Findings in ETM's Risk Management tab to view all discovered vulnerability and misconfiguration findings. Use the following filter token to scope to Defender for Cloud findings:

findings.vendorProductname:"Defender for Cloud"

To learn more, refer to the Qualys ETM Documentation.

Troubleshooting

Use the following guidance to resolve common issues when configuring or running the Microsoft Defender for Cloud connector.

Issue Resolution
Authentication Credential Check fails during Test Connection Verify the Subscription UUID, Tenant ID, Client ID, and Client Secret are entered correctly. Ensure the Client Secret has not expired. Regenerate a new secret in Azure if needed and update the connector.
Authorization Scope Check fails during Test Connection Confirm that the Reader and Security Reader roles have been assigned to the registered application on the target Azure subscription. Confirm that admin consent has been granted for the Microsoft Graph API permissions.
Network Reachability or TLS Handshake fails Verify that the Qualys ETM platform can reach login.microsoftonline.com and management.azure.com on HTTPS (port 443). Check your network egress rules or proxy configuration.
Connector stays in Processing state longer than expected Initial ingestion can take up to 2 hours depending on the volume of assets and findings. Wait for the full processing window before concluding there is a problem. If the connector remains in Processing beyond 3 hours, check the connector logs for errors.
Assets appear in ETM but no findings are visible Findings import may still be in progress. Allow up to 2 hours from the Processed state. If findings still do not appear, verify that the Findings chips (Misconfiguration and Vulnerability) are selected in the Filters tab of Advanced Settings, and confirm that the Defender for Cloud subscription has active findings.
Client Secret expired — connector fails at authentication Create a new Client Secret in Azure, copy the value immediately, and update the Client Secret field in the Qualys ETM connector configuration. Run Test Connection to confirm authentication succeeds.
Serverless or Container Instance assets show no vulnerability findings This is expected behavior. Serverless Function and Container Instance asset types do not have associated vulnerability findings in the Microsoft Defender for Cloud connector. Only Compute and Container Image assets carry vulnerability findings.

Additional Information

API Reference

The following APIs are called during each connector execution.

Name

Endpoint

Description

Auth API

https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token

Obtains an OAuth 2.0 access token. Required values: Subscription UUID, Tenant ID, Client ID, Client Secret.

grant_type = client_credentials
scope = https://management.azure.com/.default

Fetch Asset

https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01

Retrieves asset inventory. Sample queries:

Compute: resource_type:${computeFilter})+(updated_at:>'${updated_at}'

Container Instance: Resources | where type =~ 'Microsoft.ContainerInstance/containerGroups'

Fetch Container Images

https://${registryUri}/oauth2/token
https://${registryUri}/v2/${repository}/manifests/${digest}
https://${registryUri}/v2/${repository}/blobs/${configDigest}

Retrieves container image metadata from the registry. Registry Pull Auth parameters: client_id, client_secret. Filter: repository:${repository}:pull

Fetch Vulnerabilities

https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01

Compute findings query:

securityresources | where type =~ 'microsoft.security/assessments/subassessments' and ( properties.additionalData.assessedResourceType == 'ServerVulnerabilityTvm')

Container Image findings query:

securityresources | where type =~ 'microsoft.security/assessments/subassessments' and properties.additionalData.assessedResourceType == 'AzureContainerRegistryVulnerability'| extend assessmentKey = extract(@'providers/Microsoft.Security/assessments/([^/]*)', 1, id) | where assessmentKey == '<assessmentKey>'

Transformation Maps

This section documents the field-level attribute mappings from Microsoft Defender for Cloud source data to the Qualys ETM schema. The connector provides these maps out of the box.

Asset Transformation Maps

AZURE.VIRTUAL_MACHINEAZURE.VIRTUAL_MACHINE

Source Field Target Field (Qualys ETM)
id asset.assetHeader.externalAssetId
id asset.assetHeader.vendorAssetId
name asset.assetDetail.name
name asset.assetDetail.hostIdentity.hostname
name asset.assetDetail.hostname
tenantId asset.assetDetail.cloudInfo.tenantId
location asset.assetDetail.cloudInfo.region
resourceGroup asset.assetDetail.computeAssetClass.cloudInstance.resourceGroupName
subscriptionId asset.assetDetail.cloudInfo.accountId
properties.timeCreated asset.assetDetail.sourceCreatedAt
osDiskId asset.assetDetail.computeAssetClass.cloudInstance.imageId
properties.vmId asset.assetDetail.computeAssetClass.cloudInstance.id
properties.osProfile.computerName asset.assetDetail.computeAssetClass.cloudInstance.hostname
primaryNetworkInterface.publicIpProperties.ipAddress asset.assetDetail.computeAssetClass.cloudInstance.publicIpv4Address
primaryNetworkInterface.nicProperties.macAddress asset.assetDetail.computeAssetClass.cloudInstance.macAddress
primaryNetworkInterface.nicId asset.assetDetail.computeAssetClass.cloudInstance.networkInterfaceId
externalTags asset.assetDetail.externalTags
properties.storageProfile.osDisk.osType asset.assetDetail.operatingSystem.name
properties.storageProfile.imageReference.publisher asset.assetDetail.operatingSystem.publisher
properties.storageProfile.imageReference.sku asset.assetDetail.operatingSystem.version
CONSTANT: "azure-virtual-machine" asset.assetHeader.assetTypeName

AZURE.CONTAINER_IMAGEAZURE.CONTAINER_IMAGE

Source Field Target Field (Qualys ETM)
zones asset.assetDetail.cloudInfo.availabilityZone
tenantId asset.assetDetail.cloudInfo.tenantId
subscriptionId asset.assetDetail.cloudInfo.accountId
properties.resourceDetails.source asset.assetDetail.cloudInfo.provider
properties.additionalData.artifactDetails.repositoryName asset.assetDetail.name
properties.additionalData.artifactDetails.repositoryName asset.assetDetail.containerImageAssetClass.name
properties.additionalData.artifactDetails.repositoryName asset.assetDetail.containerImageAssetClass.repository
properties.additionalData.artifactDetails.registryHost asset.assetDetail.containerImageAssetClass.registry
properties.additionalData.artifactDetails.digest asset.assetDetail.containerImageAssetClass.digest
properties.additionalData.artifactDetails.digest asset.assetHeader.externalAssetId
properties.additionalData.artifactDetails.digest asset.assetHeader.vendorAssetId
location asset.assetDetail.cloudInfo.region
imageTagReferences asset.assetDetail.containerImageAssetClass.imageTagReferences
imageConfigV2.os asset.assetDetail.operatingSystem.name
imageConfigV2.history[].size asset.assetDetail.containerImageAssetClass.layers[].sizeInBytes
imageConfigV2.history[].digest asset.assetDetail.containerImageAssetClass.layers[].digest
imageConfigV2.history[].created_by asset.assetDetail.containerImageAssetClass.layers[].createdBy
imageConfigV2.created asset.assetDetail.containerImageAssetClass.creationDate
imageConfigV2.architecture asset.assetDetail.containerImageAssetClass.architecture
externalTags asset.assetDetail.externalTags
CONSTANT: "container-image" asset.assetHeader.assetTypeName
asset_root (imageTag) asset.assetDetail.containerImageAssetClass.tag

AZURE.CONTAINER_INSTANCEAZURE.CONTAINER_INSTANCE

Source Field Target Field (Qualys ETM)
location asset.assetDetail.cloudInfo.region
subscriptionId asset.assetDetail.cloudInfo.accountId
zones asset.assetDetail.cloudInfo.availabilityZone
managedBy asset.assetDetail.businessInfo.managedBy
properties.container.name asset.assetDetail.name
id asset.assetHeader.externalAssetId
id asset.assetHeader.vendorAssetId
properties.container.properties.instanceView.currentState.state asset.assetDetail.containerInstanceAssetClass.status
properties.container.properties.ports[].port asset.assetDetail.containerInstanceAssetClass.ports[].containerPort
properties.container.properties.ports[].protocol asset.assetDetail.containerInstanceAssetClass.ports[].protocol
asset_root (imageName) asset.assetDetail.containerInstanceAssetClass.image.name
asset_root (imageTagOrDigest) asset.assetDetail.containerInstanceAssetClass.image.tag
asset_root (imageRegistry) asset.assetDetail.containerInstanceAssetClass.image.registry
properties.container.properties.environmentVariables asset.assetDetail.containerInstanceAssetClass.environmentVariables
externalTags asset.assetDetail.externalTags
CONSTANT: "container-instance" asset.assetHeader.assetTypeName

AZURE.SERVERLESSAZURE.SERVERLESS

Source Field Target Field (Qualys ETM)
CONSTANT: "azure-function" asset.assetHeader.assetTypeName
externalTags asset.assetDetail.externalTags
id asset.assetHeader.externalAssetId
id asset.assetHeader.vendorAssetId
location asset.assetDetail.cloudInfo.region
name asset.assetDetail.name
properties.name asset.assetDetail.serverlessAssetClass.functionName
subscriptionId asset.assetDetail.cloudInfo.accountId
tenantId asset.assetDetail.cloudInfo.tenantId
zones asset.assetDetail.cloudInfo.availabilityZone

Vulnerability Transformation Maps

AZURE.CONTAINER_IMAGEAZURE.CONTAINER_IMAGE

Source Field Target Field (Qualys ETM)
assessmentKey findingGroup.findings[].externalFindingId
id findingGroup.findings[].id
properties.additionalData.artifactDetails.digest findingGroup.findings[].asset.externalAssetId
properties.additionalData.vulnerabilityDetails.cpe.part findingGroup.findings[].product.cpePart
properties.additionalData.vulnerabilityDetails.cpe.product findingGroup.findings[].product.name
properties.additionalData.vulnerabilityDetails.cpe.vendor findingGroup.findings[].product.vendor
properties.additionalData.vulnerabilityDetails.cpe.version findingGroup.findings[].product.version
properties.additionalData.vulnerabilityDetails.cveId findingGroup.findings[].findingType.vulnerability.cveId
properties.additionalData.vulnerabilityDetails.lastModifiedDate findingGroup.findings[].lastFoundOn
properties.additionalData.vulnerabilityDetails.references[].link findingGroup.findings[0].references[]
properties.additionalData.vulnerabilityDetails.weaknesses.cwe[].id findingGroup.findings[0].findingType.vulnerability.cweIds[]
properties.description findingGroup.findings[].description
properties.displayName findingGroup.findings[].name
properties.impact findingGroup.findings[].impact
properties.remediation findingGroup.findings[].remediations[].description
properties.resourceDetails.ResourceName findingGroup.findings[].asset.assetName
properties.status.severity findingGroup.findings[].severity
properties.timeGenerated findingGroup.findings[].ingestedOn

COMPUTECOMPUTE

Source Field Target Field (Qualys ETM)
asset_root (assetType) asset.assetHeader.assetTypeName
id findingGroup.findings[].externalFindingId
properties.displayName findingGroup.findings[].name
properties.metadata.assessmentType findingGroup.findings[].findingType.misconfiguration.policy.type
properties.metadata.description findingGroup.findings[].description
properties.metadata.remediationDescription findingGroup.findings[].remediation.remediationStrategy
properties.metadata.severity findingGroup.findings[].severity
properties.resourceDetails.NativeResourceId findingGroup.findings[].asset.externalAssetId
properties.resourceDetails.NativeResourceId asset.assetHeader.externalAssetId
properties.resourceDetails.NativeResourceId asset.assetHeader.vendorAssetId
properties.resourceDetails.ResourceName findingGroup.findings[].asset.assetName
properties.resourceDetails.ResourceName asset.assetDetail.name
properties.status.code findingGroup.findings[].findingStatus
properties.status.firstEvaluationDate findingGroup.findings[].firstFoundOn
properties.status.statusChangeDate findingGroup.findings[].lastFoundOn
properties.statusPerInitiative[].policyInitiativeId findingGroup.findings[].findingType.misconfiguration.policy.policyId
properties.statusPerInitiative[].policyInitiativeName findingGroup.findings[].findingType.misconfiguration.policy.title

Misconfiguration Transformation Map

ALL MISCONFIGURATION FINDINGSALL MISCONFIGURATION FINDINGS

Source Field Target Field (Qualys ETM)
asset_root (assetType) asset.assetHeader.assetTypeName
id findingGroup.findings[].externalFindingId
properties.displayName findingGroup.findings[].name
properties.metadata.assessmentType findingGroup.findings[].findingType.misconfiguration.policy.type
properties.metadata.description findingGroup.findings[].description
properties.metadata.remediationDescription findingGroup.findings[].remediation.remediationStrategy
properties.metadata.severity findingGroup.findings[].severity
properties.resourceDetails.NativeResourceId findingGroup.findings[].asset.externalAssetId
properties.resourceDetails.NativeResourceId asset.assetHeader.externalAssetId
properties.resourceDetails.NativeResourceId asset.assetHeader.vendorAssetId
properties.resourceDetails.ResourceName findingGroup.findings[].asset.assetName
properties.resourceDetails.ResourceName asset.assetDetail.name
properties.status.code findingGroup.findings[].findingStatus
properties.status.firstEvaluationDate findingGroup.findings[].firstFoundOn
properties.status.statusChangeDate findingGroup.findings[].lastFoundOn
properties.statusPerInitiative[].policyInitiativeId findingGroup.findings[].findingType.misconfiguration.policy.policyId
properties.statusPerInitiative[].policyInitiativeName findingGroup.findings[].findingType.misconfiguration.policy.title