User Profile
Hemanth_Abbina
MicrosoftJoined Aug 13, 2020
User Widgets
Recent Discussions
Re: Any plan to integrate/send MCAS activity events to Sentinel
BemmelenPatrick Thanks. Agree with this approach, but we have a problem. The MCAS API Token is not persistent and it's associated with the user created it. The Azure subscription we are using, is PIM enabled and all users should be activated their roles using PIM for 4 hours. In such scenarios, the API token we create will be inactive, whenever the PIM session of the user expires. So, it's not suited for scheduled/automated data collection.Collecting MCAS activity events using REST API
Hi, We are planning to collect MCAS activity events using the REST API calls (https://docs.microsoft.com/en-us/cloud-app-security/api-activities-list). We have a challenge here in establishing a permanent API token for data collection. The API token we create from the portal, is associated with the user created it and it becomes inactive when the user's Azure PIM session expires. So, for us, it lasts for 4 hours only. We needed to re-active the PIM session to continue the collection. It's not a preferred way for the scheduled collection. What is the best practice to pull the activity logs from MCAS REST APIs. (PS: Though the SIEM agent provides the activity logs, those logs don't have complete data. That's the reason for looking at the REST APIs).Any plan to integrate/send MCAS activity events to Sentinel
Hi, The current MCAS to Sentinel connector is sending only alerts and discovery logs to Sentinel. Are there any plans to include the MCAS activity logs in the integration ? (The MCAS SIEM connector has the feature to send the activity logs.)
