User Profile
Hemanth_Abbina
MicrosoftJoined 5 years ago
User Widgets
Recent Discussions
Collecting MCAS activity events using REST API
Hi, We are planning to collect MCAS activity events using the REST API calls (https://docs.microsoft.com/en-us/cloud-app-security/api-activities-list). We have a challenge here in establishing a permanent API token for data collection. The API token we create from the portal, is associated with the user created it and it becomes inactive when the user's Azure PIM session expires. So, for us, it lasts for 4 hours only. We needed to re-active the PIM session to continue the collection. It's not a preferred way for the scheduled collection. What is the best practice to pull the activity logs from MCAS REST APIs. (PS: Though the SIEM agent provides the activity logs, those logs don't have complete data. That's the reason for looking at the REST APIs).Any plan to integrate/send MCAS activity events to Sentinel
Hi, The current MCAS to Sentinel connector is sending only alerts and discovery logs to Sentinel. Are there any plans to include the MCAS activity logs in the integration ? (The MCAS SIEM connector has the feature to send the activity logs.)
