Jan 17 2021 10:18 PM
Hi,
The current MCAS to Sentinel connector is sending only alerts and discovery logs to Sentinel. Are there any plans to include the MCAS activity logs in the integration ? (The MCAS SIEM connector has the feature to send the activity logs.)
Jan 18 2021 04:09 AM
Jan 18 2021 08:56 PM
@BemmelenPatrick Thanks.
Agree with this approach, but we have a problem. The MCAS API Token is not persistent and it's associated with the user created it. The Azure subscription we are using, is PIM enabled and all users should be activated their roles using PIM for 4 hours. In such scenarios, the API token we create will be inactive, whenever the PIM session of the user expires. So, it's not suited for scheduled/automated data collection.
Jan 19 2021 02:54 AM
Jan 19 2021 03:38 AM
@BemmelenPatrick Thanks for the quick response.
I'm talking about the MCAS API token. The API token created in the MCAS portal is associated with the user created it. If the user's PIM session expires, the API token won't work.
Mar 17 2021 10:53 AM