I've been working on a LogicApps in Sentinel to retrieve the status of Microsoft Cloud App Security alerts using its REST API.
So far, I'm capable of retrieving MCAS alerts which I can query in the Log Analytics
However, what I'm really interested in is the status of the alert (Open, Dismissed or Resolved), the parameter is called "ResolutionStatus" and should have 3 value as shown in MS documentation :
Thi parameter is not available when using a GET request for MCAS API, as you can see I have instead a statusValue which take only 2 values (0 = open, 1 = dismissed or resolved) :
The HTTP Get request is the following :
Do you have any idea on why the schema is different from the one that can be found in the documentation ? and do you have any clues on how to retrieve the resolutionStatus for MCAS alerts using logicapps ?
Thanks for your help,