Forum Discussion
Using end-points from mcas-siemagent-0.111.126-signed.jar
I’ve been using mcas-siemagent-0.111.126-signed.jar file to retrieve logs from my cloud services. I’ve been saving the logs to a local directory and while looking at them I’ve noticed two interesting endpoints:
- Executing request GET /api/v1/agents/siem/consume/
- Executing request GET /api/v1/agents/siem/get_data/?{some cursor related data}
Is there any way of getting the logs information using those end points, without using the .jar?
- JaredPoeppelman
Microsoft
No, but you can get the same data that the SIEM agent gets (activities and alerts) via the MDCA API.
https://docs.microsoft.com/en-us/defender-cloud-apps/api-alerts
https://docs.microsoft.com/en-us/defender-cloud-apps/api-activities
