Cloud App Security (Preview)

Cloud App Security (Preview)

Microsoft Cloud App Security gives you visibility into your cloud apps and services, provides sophisticated analytics to identify and combat cyberthreats and enables you to control how your data travels.

This connector is available in the following products and regions:

Service Class Regions
Flow Standard All Flow regions except the following:
     -   US Government (GCC)
PowerApps Standard All PowerApps regions except the following:
     -   US Government (GCC)

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Creating a connection

To connect your account, you will need the following information:

API Key
securestring
The API Key for this api

Actions

Disable Cloud App Security policy

Disable Cloud App Security policy by policy ID

Required Parameters

Provider policy ID
string
Enter provider policy ID...

Dismiss Cloud App Security alert

Dismiss Cloud App Security alert by alert ID

Optional Parameters

Alert ID
string
Enter alert ID...
Dismissal comment
string
Comment

Enable Cloud App Security policy

Enable Cloud App Security policy by policy ID

Required Parameters

Provider policy ID
string
Enter provider policy ID...

Get Cloud App Security activities

Get Cloud App Security activities performed by Azure AD user ID

Required Parameters

AAD User ID
string
Enter AAD User ID...

Optional Parameters

Limit
integer
Enter limit...

Returns

Activities
ActivitiesAPIResult

Get Cloud App Security open alerts

Get Cloud App Security open alerts

Optional Parameters

Limit
integer
Enter limit...

Returns

Open alerts
AlertsAPIResult

Get Cloud App Security policy

Get Cloud App Security policy by policy ID

Required Parameters

Provider policy ID
string
Enter provider policy ID...

Returns

Resolve Cloud App Security alert

Resolve Cloud App Security alert by alert ID

Optional Parameters

Alert ID
string
Enter alert ID...
Resolution comment
string
Comment

Tag app as sanctioned

Tag app as sanctioned by app ID

Required Parameters

Cloud Application
integer
Enter Cloud Application ID...

Tag app as unsanctioned

Tag app as unsanctioned by app ID

Required Parameters

Cloud Application
integer
Enter Cloud Application ID...

Triggers

When an alert is generated

Triggers when a Cloud App Security alert is generated. After configuring your flow, go to the Cloud App Security policy page, and specify this flow in one of your policies.

Returns

Version
string
The version of the alert schema
VendorName
string
The name of the vendor that raised the alert
ProviderName
string
The name of the vendor that raised the alert
AlertType
string
The type name of the alert
StartTimeUtc
date-time
The impact start time of the alert (the time of the first event contributing to the alert)
EndTimeUtc
date-time
The impact end time of the alert (the time of the last event contributing to the alert)
TimeGenerated
date-time
The time the alert was generated by CAS
Severity
string
The severity of the alert
ProviderAlertId
string
Unique ID for the specific alert instance
ProviderPolicyId
string
ID of the MCAS policy that triggered the alert
CorrelationKey
string
Used to group similar or duplicate alerts
AzureResourceId
string
The full ARM resource identifier for the cloud resource being alerted on
CompromisedEntity
string
Display name of the main entity being reported on
AlertDisplayName
string
The display name of the alert
Description
string
Alert description
RemediationSteps
array of string
Manual action items to take to remediate the alert
Component
string
Component
ComponentVersion
string
ComponentVersion
TenantId
string
TenantId
MCASTenantId
string
MCASTenantId
MCASDC
date-time
MCASDC
DuplicateAlertsContextId
string
DuplicateAlertsContextId
MCASAlertCategory
string
MCASAlertCategory
IP Addresses
string
IP addresses related to the alert
Cloud Applications
string
Cloud applications related to the alert
Countries
string
Countries related to the alert
Entities
array of object
A list of entities related to the alert. This list can hold a mixture of entities of diverse types.
Type
string
Type of the entity
Name
string
Name of the entity
AadTenantId
string
AAD Tenant ID of an account entity
AadUserId
string
AAD User ID of an account entity
UPNSuffix
string
UPN Suffix of an account entity
Address
string
IP Address of an IP entity
ResourceId
string
ResourceId of an Azure resource entity
Domains
array of string
List of domains of a cloud application entity
ExtendedLinks
array of object
A list of links related to the alert. This list can hold a mixture of links of diverse types.
Type
string
Link type
Category
string
Link category
Label
string
Link label
Href
string
Link address

Definitions

ActivitiesAPIResult

data
ActivitiesData
Activities by AAD user ID

ActivitiesData

Activities by AAD user ID

data
ActivitiesData
Activities by AAD user ID

AlertsAPIResult

data
AlertsData
Get open alerts

AlertsData

Get open alerts

data
ActivitiesData
Activities by AAD user ID

PolicyAPIResult

Daily alert limit
DailyAlertLimit
Daily limit of generated alerts
Description
PolicyDescription
The description of the policy
Last modified
LastModified
Last modified timestamp
Name
PolicyName
The name of the policy
Type
PolicyType
The type of the policy

PolicyName

The name of the policy

data
ActivitiesData
Activities by AAD user ID

PolicyDescription

The description of the policy

data
ActivitiesData
Activities by AAD user ID

PolicyType

The type of the policy

data
ActivitiesData
Activities by AAD user ID

DailyAlertLimit

Daily limit of generated alerts

data
ActivitiesData
Activities by AAD user ID

LastModified

Last modified timestamp

data
ActivitiesData
Activities by AAD user ID