I'm thinking Cloud App Security would be the place for setting this up, but I'm not sure. So if there is a better place for setting up this type of monitoring please let me know.

A user registers an app to read/write server reboot data to a SharePoint list via Graph. It's authorized to run as a service (so no user is associated with it) it uses the ClientID/Secret to just collect the data in the system an write it into the designated list. The permissions associated with the ClientID/Secret grant the access to the entire tenant, so I would like to set to perimeter monitoring for the ClientID to make sure it isn't used to alter data outside of the site it was documented to be updating. Can I track this with Cloud App Security? Is the App Registration route for granting this access a bad way to do this and should I use something else to grant that authorization to the Graph API so that I can monitor via Cloud App Security?

Thanks