HELP: MCAS Rest API ignoring File Policy ID

%3CLINGO-SUB%20id%3D%22lingo-sub-1846141%22%20slang%3D%22en-US%22%3EHELP%3A%20MCAS%20Rest%20API%20ignoring%20File%20Policy%20ID%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1846141%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20am%20hoping%20for%20some%20quick%20help%20here.%26nbsp%3B%20I%20have%20a%20File%20policy%20that%20has%20matched%20%26gt%3B5000%20items.%26nbsp%3B%20I%20am%20trying%20to%20leverage%20the%20API%20to%20retrieve%20some%20basic%20information%20regarding%20the%20file%20matches.%26nbsp%3B%20While%20I%20am%20able%20to%20do%20it%20with%20the%20MCAS%20PS%20cmdlets%2C%20I%20am%20trying%20to%20see%20if%20doing%20an%20API%20call%20will%20be%20faster%20but%20I%20am%20running%20into%20possible%20syntax%20or%20basic%20comprehension%20issues%20on%20my%20part.%3C%2FP%3E%0A%3CP%3EThe%20query%20is%20to%20return%20the%20files%20that%20matched%20to%20a%20particular%20file%20policy%20but%20the%20same%20logic%20used%20in%20the%20PS%20is%20not%20working%20with%20Invoke-RestMethod%20and%20I%20don't%20understand%20why.%26nbsp%3B%20From%20my%20results%2C%20the%20filter%20portion%20is%20being%20ignored.%3C%2FP%3E%0A%3CP%3EI%20stumbled%20on%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F95282%22%20target%3D%22_blank%22%3E%40Mike%20Kassis%3C%2FA%3E%26nbsp%3Bvideo%20(%3CA%20title%3D%22Cloud%20App%20Security%20API%20Tokens%20%26amp%3B%20REST%20API%22%20href%3D%22https%3A%2F%2Fchannel9.msdn.com%2Fshows%2Fmicrosoft-security%2Fmicrosoft-cloud-app-security--rest-apis-and-tokens%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E)%20for%20initial%20guidance%20which%20helped%20alot%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%24token%20%3D%20%22mytoken%22%3C%2FP%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3E%24body%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%40%3C%2FSPAN%3E%3CSPAN%3E%7B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Elimit%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E'4'%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Efilter%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3D%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%40%3C%2FSPAN%3E%3CSPAN%3E%7B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Epolicy%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%40%3C%2FSPAN%3E%3CSPAN%3E%7B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Ecabinetmatchedrulesequals%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E'5f85c26e460319cd4539c894'%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%7D%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%7D%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E%7D%3C%2FSPAN%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%24response%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EInvoke-RestMethod%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B-uri%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22%3CA%20href%3D%22https%3A%2F%2Fmydomain.us.portal.cloudappsecurity.com%2Fapi%2Fv1%2Ffiles%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmydomain.us.portal.cloudappsecurity.com%2Fapi%2Fv1%2Ffiles%2F%3C%2FA%3E%22%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%60%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E-Headers%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%40%3C%2FSPAN%3E%3CSPAN%3E%7B%3C%2FSPAN%3E%3CSPAN%3EAuthorization%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3D%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22Token%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%24token%3C%2FSPAN%3E%3CSPAN%3E%22%3C%2FSPAN%3E%3CSPAN%3E%7D%26nbsp%3B%60%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E-Method%26nbsp%3BPost%26nbsp%3B%60%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E-Body%26nbsp%3B(%3C%2FSPAN%3E%3CSPAN%3E%24body%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%7C%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EConvertTo-Json%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B-Depth%202%3C%2FSPAN%3E%3CSPAN%3E)%26nbsp%3B%60%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E-Verbose%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAny%20help%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%2C%3C%2FP%3E%0A%3CP%3EPaul%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1846141%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hi all:

 

I am hoping for some quick help here.  I have a File policy that has matched >5000 items.  I am trying to leverage the API to retrieve some basic information regarding the file matches.  While I am able to do it with the MCAS PS cmdlets, I am trying to see if doing an API call will be faster but I am running into possible syntax or basic comprehension issues on my part.

The query is to return the files that matched to a particular file policy but the same logic used in the PS is not working with Invoke-RestMethod and I don't understand why.  From my results, the filter portion is being ignored.

I stumbled on @Mike Kassis video (here) for initial guidance which helped alot

 

$token = "mytoken"

$body = @{
    limit = '4'
    filter =  @{
        policy = @{
            cabinetmatchedrulesequals = '5f85c26e460319cd4539c894'
        }
    }
}

$response = Invoke-RestMethod -uri "https://mydomain.us.portal.cloudappsecurity.com/api/v1/files/" `
-Headers @{Authorization = "Token $token"} `
-Method Post `
-Body ($body | ConvertTo-Json -Depth 2) `
-Verbose

 

Any help?

 

Thank you,

Paul

0 Replies