The Microsoft Cloud App Security (MCAS) connector lets you stream alerts and Cloud Discovery logs from MCAS into Azure Sentinel. This will enable you to gain visibility into your cloud apps, get sophisticated analytics to identify and combat cyberthreats, and control how your data travels, more details on enabling and configuring the out of the box MCAS connector (Connect data from Microsoft Cloud App Security)
Cloud App Security REST API (URL Structure , Token & Supported Actions)
The Microsoft Cloud App Security API provides programmatic access to Cloud App Security through REST API endpoints. Applications can use the API to perform read and update operations on Cloud App Security data and objects.
To use the Cloud App Security API, you must first obtain the API URL from your tenant. The API URL uses the following format:
To obtain the Cloud App Security portal URL for your tenant, do the following steps:
- In the Cloud App Security portal, click the question mark icon in the menu bar. Then, select About.
- In the Cloud App Security about screen, you can see the portal url.
Once you have the portal url, add the
/api suffix to it to obtain your API URL. For example, if your portal's URL is
https://m365x933168.eu2.portal.cloudappsecurity.com, then your API URL is
Cloud App Security requires an API token in the header of all API requests to the server, such as the following:
Authorization: Token <your_token_key>
<your_token_key> is your personal API token. For more information about API tokens, see Managing API tokens., here's an example of CURLing MCAS Activity log:
The following table describes the actions supported:
Where Resource represents a group of related entities, fore more details please visit MCAS Activities API
Implementation (MCAS Activity Connector)
Notes & Consideration
Get started today!
We encourage you to try it now!
You can also contribute new connectors, workbooks, analytics and more in Azure Sentinel. Get started now by joining the Azure Sentinel Threat Hunters GitHub community.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.