Forum Discussion
How to view ingested traffic logs on MCAS
I'm uploading my traffic logs in order to perform the Cloud App discovery using REST APIs: https://docs.microsoft.com/en-us/cloud-app-security/api-discovery
I can see the uploaded files being processed under "Governance logs". I can also generate reports based on the ingested traffic logs. But is there any option to view/visualize the ingested/uploaded logs in a table form? So that I can verify that all the logs that are supposed to be uploaded are actually being uploaded via my script and the reports that are generated are correct as per my logs.
Thanks!
Kaushal.
5 Replies
- Caroline_Lee
Microsoft
kaushal28 Thanks for the feedback! If you go to Discovered apps > there is an export button where you can export the data in an excel form. Hope this helps!
Caroline_LeeThanks for your reply! I've tried exporting the data from where you mentioned but it seems like it's the data of discovered applications only and not the original CEF data which I've ingested for that discovery. The same options are also available under IP addresses and Users tab, but it only exports the respective discovery related data and not the original one.
The purpose of being able to view/export the exact data which I have ingested is to verify whether my ingestion script is working perfectly or not (I want to use continuous reports). Now if I can only see the data fields/records on which the discovery is successful, I would not be able to exactly say whether the data I ingested had no findings when MCAS ran discovery on it or my script messed up and MCAS never actually received that data to perform discovery on.
So for this purpose, only the count of the number of records received by MCAS is also enough. Is there such an option available yet on the MCAS platform?
Thanks!- Caroline_Lee
kaushal28 Thanks for the clarification. Currently, you cannot see the actual data ingested in MCAS but you can see the # of uploaded logs if you go to Settings > Log Collector > Datasource tab.
