Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

MCAS and REST API detection

Copper Contributor

Hi all,

 

Im still fairly new to MCAS and i couldn't find any answers in my search so apologies if this has been asked.  I was wondering if MCAS can be used to detect/alert against REST API attempts from malicious IPs or unknown devices etc.  This could be coming from MS Graph or wherever else that has an API that is exposed or if there is something else that already does that.

 

Thanks.

3 Replies

@Tommytong 

 

@Sebastien Molendijk: Is this something you can speak to? 

Hi @Tommytong ,

 

Yes. An example below of a Flow accessing some data in SharePoint: you can see ine agent string (Flow/Logic Apps) and the IP used to access the data using API connections.

In this case it's an Azure IP, but let's say it would be a script running on a PC, we ould detect this.

access-logicApps.png

Thanks @Sebastien Molendijk 

 

Do you any MS Graph examples by chance?