Jun 29 2020 05:03 PM
Greetings,
I've been working on a LogicApps in Sentinel to retrieve the status of Microsoft Cloud App Security alerts using its REST API.
So far, I'm capable of retrieving MCAS alerts which I can query in the Log Analytics
However, what I'm really interested in is the status of the alert (Open, Dismissed or Resolved), the parameter is called "ResolutionStatus" and should have 3 value as shown in MS documentation :
https://docs.microsoft.com/en-us/cloud-app-security/api-alerts
Thi parameter is not available when using a GET request for MCAS API, as you can see I have instead a statusValue which take only 2 values (0 = open, 1 = dismissed or resolved) :
The HTTP Get request is the following :
Do you have any idea on why the schema is different from the one that can be found in the documentation ? and do you have any clues on how to retrieve the resolutionStatus for MCAS alerts using logicapps ?
Thanks for your help,
Alexander
Jun 30 2020 04:39 AM
@Alexander_Ceyran This would probably be better asked in the MCAS community: https://techcommunity.microsoft.com/t5/microsoft-cloud-app-security/bd-p/MicrosoftCloudAppSecurity