Cloud App Security

Microsoft Cloud App Security gives you visibility into your cloud apps and services, provides sophisticated analytics to identify and combat cyberthreats and enables you to control how your data travels.

This connector is available in the following products and regions:

Service Class Regions
Flow Standard All Flow regions except the following:
     -   US Government (GCC)
PowerApps Standard All PowerApps regions except the following:
     -   US Government (GCC)

Creating a connection

To connect your account, you will need the following information:

Name Type Description
API Key securestring

The API Key for this api

Throttling Limits

Name Calls Renewal Period
API calls per connection10060 seconds

Actions

Disable Cloud App Security policy

Disable Cloud App Security policy by policy ID

Dismiss Cloud App Security alert

Dismiss Cloud App Security alert by alert ID

Enable Cloud App Security policy

Enable Cloud App Security policy by policy ID

Get Cloud App Security activities

Get Cloud App Security activities performed by Azure AD user ID

Get Cloud App Security open alerts

Get Cloud App Security open alerts

Get Cloud App Security policy

Get Cloud App Security policy by policy ID

Resolve Cloud App Security alert

Resolve Cloud App Security alert by alert ID

Tag app as sanctioned

Tag app as sanctioned by app ID

Tag app as unsanctioned

Tag app as unsanctioned by app ID

Disable Cloud App Security policy

Disable Cloud App Security policy by policy ID

Parameters

Name Key Required Type Description
Provider policy ID
policy_id True string

Enter provider policy ID...

Dismiss Cloud App Security alert

Dismiss Cloud App Security alert by alert ID

Parameters

Name Key Required Type Description
Alert ID
eq string

Enter alert ID...

Dismissal comment
comment string

Comment

Enable Cloud App Security policy

Enable Cloud App Security policy by policy ID

Parameters

Name Key Required Type Description
Provider policy ID
policy_id True string

Enter provider policy ID...

Get Cloud App Security activities

Get Cloud App Security activities performed by Azure AD user ID

Parameters

Name Key Required Type Description
Limit
limit integer

Enter limit...

AAD User ID
id True string

Enter AAD User ID...

Returns

Activities
ActivitiesAPIResult

Get Cloud App Security open alerts

Get Cloud App Security open alerts

Parameters

Name Key Required Type Description
Limit
limit integer

Enter limit...

Returns

Open alerts
AlertsAPIResult

Get Cloud App Security policy

Get Cloud App Security policy by policy ID

Parameters

Name Key Required Type Description
Provider policy ID
policy_id True string

Enter provider policy ID...

Returns

Resolve Cloud App Security alert

Resolve Cloud App Security alert by alert ID

Parameters

Name Key Required Type Description
Alert ID
eq string

Enter alert ID...

Resolution comment
comment string

Comment

Tag app as sanctioned

Tag app as sanctioned by app ID

Parameters

Name Key Required Type Description
Cloud Application
app_id True integer

Enter Cloud Application ID...

Tag app as unsanctioned

Tag app as unsanctioned by app ID

Parameters

Name Key Required Type Description
Cloud Application
app_id True integer

Enter Cloud Application ID...

Triggers

When an alert is generated

Triggers when a Cloud App Security alert is generated. After configuring your flow, go to the Cloud App Security policy page, and specify this flow in one of your policies.

When an alert is generated

Triggers when a Cloud App Security alert is generated. After configuring your flow, go to the Cloud App Security policy page, and specify this flow in one of your policies.

Returns

Name Path Type Description
Version
Version string

The version of the alert schema

VendorName
VendorName string

The name of the vendor that raised the alert

ProviderName
ProviderName string

The name of the vendor that raised the alert

AlertType
AlertType string

The type name of the alert

StartTimeUtc
StartTimeUtc date-time

The impact start time of the alert (the time of the first event contributing to the alert)

EndTimeUtc
EndTimeUtc date-time

The impact end time of the alert (the time of the last event contributing to the alert)

TimeGenerated
TimeGenerated date-time

The time the alert was generated by CAS

Severity
Severity string

The severity of the alert

ProviderAlertId
ProviderAlertId string

Unique ID for the specific alert instance

ProviderPolicyId
ProviderPolicyId string

ID of the MCAS policy that triggered the alert

CorrelationKey
CorrelationKey string

Used to group similar or duplicate alerts

AzureResourceId
AzureResourceId string

The full ARM resource identifier for the cloud resource being alerted on

CompromisedEntity
CompromisedEntity string

Display name of the main entity being reported on

AlertDisplayName
AlertDisplayName string

The display name of the alert

Description
Description string

Alert description

RemediationSteps
RemediationSteps array of string

Manual action items to take to remediate the alert

Component
Metadata.Component string

Component

ComponentVersion
Metadata.ComponentVersion string

ComponentVersion

TenantId
Metadata.TenantId string

TenantId

MCASTenantId
Metadata.MCASTenantId string

MCASTenantId

MCASDC
Metadata.MCASDC date-time

MCASDC

DuplicateAlertsContextId
Metadata.DuplicateAlertsContextId string

DuplicateAlertsContextId

MCASAlertCategory
Metadata.MCASAlertCategory string

MCASAlertCategory

IP Addresses
ExtendedProperties.IP Addresses string

IP addresses related to the alert

Cloud Applications
ExtendedProperties.Cloud Applications string

Cloud applications related to the alert

Countries
ExtendedProperties.Countries string

Countries related to the alert

Entities
Entities array of object

A list of entities related to the alert. This list can hold a mixture of entities of diverse types.

Type
Entities.Type string

Type of the entity

Name
Entities.Name string

Name of the entity

AadTenantId
Entities.AadTenantId string

AAD Tenant ID of an account entity

AadUserId
Entities.AadUserId string

AAD User ID of an account entity

UPNSuffix
Entities.UPNSuffix string

UPN Suffix of an account entity

Address
Entities.Address string

IP Address of an IP entity

ResourceId
Entities.ResourceId string

ResourceId of an Azure resource entity

Domains
Entities.Domains array of string

List of domains of a cloud application entity

ExtendedLinks
ExtendedLinks array of object

A list of links related to the alert. This list can hold a mixture of links of diverse types.

Type
ExtendedLinks.Type string

Link type

Category
ExtendedLinks.Category string

Link category

Label
ExtendedLinks.Label string

Link label

Href
ExtendedLinks.Href string

Link address

Definitions

ActivitiesAPIResult

Name Path Type Description
data
data ActivitiesData

Activities by AAD user ID

ActivitiesData

Activities by AAD user ID

Activities by AAD user ID

AlertsAPIResult

Name Path Type Description
data
data AlertsData

Get open alerts

AlertsData

Get open alerts

Get open alerts

PolicyAPIResult

Name Path Type Description
Name
name PolicyName

The name of the policy

Description
description PolicyDescription

The description of the policy

Type
policyType PolicyType

The type of the policy

Daily alert limit
alertDailyLimit DailyAlertLimit

Daily limit of generated alerts

Last modified
lastModified LastModified

Last modified timestamp

PolicyName

The name of the policy

The name of the policy

Name
string

PolicyDescription

The description of the policy

The description of the policy

Description
string

PolicyType

The type of the policy

The type of the policy

Type
string

DailyAlertLimit

Daily limit of generated alerts

Daily limit of generated alerts

Daily alert limit
integer

LastModified

Last modified timestamp

Last modified timestamp

Last modified
integer