How to integrate Squid proxy with MCAS?
Hello Everyone, Can somebody help me understand this? Is it possible to integrate Squid proxy with MCAS? If yes, please share the steps. Is proxy replaceable to log collector results?( can we achieve full discovery with the help of proxy integration instead of having log collectors since we are facing too many issues with log collectors now a days) I would be thankful for a kind response on this. Warm regards, Mahesh.MCAS log ingestion deployment modes( Log collector vs MDE)
Hello techies, Hope you all doing well and keeping safe during this unprecedented timings!! I have couple of queries regarding log deployment modes. Please help me understand. As part of transition we have been requested to support for one of our clients. In the current ecosystem log ingestion is being happened through native MDE integration and via log collectors( Docker image on Linux in Azure) 1. When we are able to discover the data from MDE, why should we have log collector deployment inplace? I believe with the help of log collectors only, we can able to replicate the cloud discovery resource details( statistics for platform security i.e storage account transactions ) please correct me if i am wrong. 2. If we ingest the data from both mde and through log collector servers will it be treated as redundant logs from MCAS side? how will it be processed the data? 3. Log collectors are showing offline since Sep4th 2021. But last parsed log is showing as sep 14th? So there is 10 days of delay in processing the data from log collectors to MCAS? Why it is taking 10 days time period because, we would be in a blind spot from security standpoint? Can somebody please help me understand the above queries? Looking forward to hearing for these queries please? Thank you, Mahesh.Supported firewall without delivering usernames?
Hi there, currently I'm struggling with the first tests in MCAS. I'm executing the tests in my DEV tenant or in a customer tenant. In both I have no possibility to use Defender for Endpoint. So I'm relying on the firewall logs. So I already tested with the continuous logfile upload via logfile collector. But the results are never sufficient. I already found the https://docs.microsoft.com/en-us/cloud-app-security/troubleshooting-cloud-discovery , but it is not helpful for an "internal error". But I wondered, why are there so many firewalls without having the usernames in the Syslog beeing supported by MCAS? https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery#supported-firewalls-and-proxies- Shouldn't be the username one of the main criteria to visualize senseful data in MCAS? If you are able to successfully upload firewall data without usernames, how do the results look like? Kind regards, woelki
Trying to understand the difference cloud app security
Hello I am trying to understand the difference between adding an application to "cloud app security" by searching "Cloud Discovery" for the app and selecting "Use with conditional access app control" vs. creating a CA policy for the app and selecting "Use conditional Access App control" ?Trying to get an app into cloud app discovery
Hello We use an app called "OfficeSpace" I can see this app in "Cloud Discovery". I am trying to get the app added to "cloud app security" . Per the screen shot below , i have selected "use with CA app Control" , however i still dont see the app in cloud app security. Any help is appreciated.
We are unable to see the discovered apps dashboard details in MCAS console
Hello Everyone, Trust you are all safe and well during this pandemic. Can somebody please help me to understand why data is not reflecting in the below dashboard? 1. Is there any plan to enhance the UI functionalities from MS side and is this part of it? Looking forward to know this. Thank you, Kind regards, Maheswara.
