Connectors Reference

Cloud App Security

Microsoft Cloud App Security gives you visibility into your cloud apps and services, provides sophisticated analytics to identify and combat cyberthreats and enables you to control how your data travels.

 

Status: Production

Tier: Standard

Version: 1.0

 

Actions:

Name

Summary

MCAS_DELETE_FLOW (string flow_id)

Delete flow

MCAS_DISMISS_ALERT (MCAS_DISMISS_ALERTParameterBody body)

(Deprecated) Dismiss Cloud App Security alert

MCAS_RESOLVE_ALERT (MCAS_RESOLVE_ALERTParameterBody body)

(Deprecated) Resolve Cloud App Security alert

MCAS_CLOSE_ALERT_FALSE_POSITIVE (MCAS_CLOSE_ALERT_FALSE_POSITIVEParameterBody body)

Close Cloud App Security alert as false positive

MCAS_CLOSE_ALERT_TRUE_POSITIVE (MCAS_CLOSE_ALERT_TRUE_POSITIVEParameterBody body)

Close Cloud App Security alert as true positive

MCAS_CLOSE_ALERT_BENIGN (MCAS_CLOSE_ALERT_BENIGNParameterBody body)

Close Cloud App Security alert as benign

MCAS_DISABLE_POLICY (string policy_id)

Disable Cloud App Security policy

MCAS_ENABLE_POLICY (string policy_id)

Enable Cloud App Security policy

MCAS_GET_OPEN_ALERTS (MCAS_GET_OPEN_ALERTSParameterBody body)

Get Cloud App Security open alerts

MCAS_GET_POLICY (string policy_id, MCAS_GET_POLICYParameterBody body)

Get Cloud App Security policy

MCAS_GET_ACTIVITIES (MCAS_GET_ACTIVITIESParameterBody body)

Get Cloud App Security activities

MCAS_TAG_APP_SANCTIONED (integer app_id, MCAS_TAG_APP_SANCTIONEDParameterBody body)

Tag app as sanctioned

MCAS_TAG_APP_UNSANCTIONED (integer app_id, MCAS_TAG_APP_UNSANCTIONEDParameterBody body)

Tag app as unsanctioned

 

Triggers:

Name

Summary

MCAS_ON_ALERT_GENERATED (MCAS_ON_ALERT_GENERATEDParameterBody body)

When an alert is generated

 

Objects:

Name

Summary

ActivitiesAPIResult

Activities

AlertsAPIResult

Open alerts

MCAS_CLOSE_ALERT_BENIGNParameterBody

 

MCAS_CLOSE_ALERT_FALSE_POSITIVEParameterBody

 

MCAS_CLOSE_ALERT_TRUE_POSITIVEParameterBody

 

MCAS_DISMISS_ALERTParameterBody

 

MCAS_GET_ACTIVITIESParameterBody

 

MCAS_GET_OPEN_ALERTSParameterBody

 

MCAS_GET_POLICYParameterBody

 

MCAS_ON_ALERT_GENERATEDParameterBody

 

MCAS_RESOLVE_ALERTParameterBody

 

MCAS_TAG_APP_SANCTIONEDParameterBody

 

MCAS_TAG_APP_UNSANCTIONEDParameterBody

 

PolicyAPIResult

Policy

 

Actions:

MCAS_DELETE_FLOW

Summary: Delete flow

Description: Deletes a flow

 

Syntax:

CloudAppSecurity.MCAS_DELETE_FLOW (string flow_id)

 

Parameters:

Name

Type

Summary

Required

Related Action

flow_id

string

 

 

True

 

Returns:

          Type:string

 

MCAS_DISMISS_ALERT

Summary: (Deprecated) Dismiss Cloud App Security alert

Description: Dismiss Cloud App Security alert by alert ID (deprecated version)

 

Syntax:

CloudAppSecurity.MCAS_DISMISS_ALERT (MCAS_DISMISS_ALERTParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

body

MCAS_DISMISS_ALERTParameterBody

 

 

True

 

Returns:

 

MCAS_RESOLVE_ALERT

Summary: (Deprecated) Resolve Cloud App Security alert

Description: Resolve Cloud App Security alert by alert ID (deprecated version)

 

Syntax:

CloudAppSecurity.MCAS_RESOLVE_ALERT (MCAS_RESOLVE_ALERTParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

body

MCAS_RESOLVE_ALERTParameterBody

 

 

True

 

Returns:

 

MCAS_CLOSE_ALERT_FALSE_POSITIVE

Summary: Close Cloud App Security alert as false positive

Description: Close Cloud App Security alert by alert ID as false positive

 

Syntax:

CloudAppSecurity.MCAS_CLOSE_ALERT_FALSE_POSITIVE (MCAS_CLOSE_ALERT_FALSE_POSITIVEParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

body

MCAS_CLOSE_ALERT_FALSE_POSITIVEParameterBody

 

 

True

 

Returns:

 

MCAS_CLOSE_ALERT_TRUE_POSITIVE

Summary: Close Cloud App Security alert as true positive

Description: Close Cloud App Security alert by alert ID as true positive

 

Syntax:

CloudAppSecurity.MCAS_CLOSE_ALERT_TRUE_POSITIVE (MCAS_CLOSE_ALERT_TRUE_POSITIVEParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

body

MCAS_CLOSE_ALERT_TRUE_POSITIVEParameterBody

 

 

True

 

Returns:

 

MCAS_CLOSE_ALERT_BENIGN

Summary: Close Cloud App Security alert as benign

Description: Close Cloud App Security alert by alert ID as benign

 

Syntax:

CloudAppSecurity.MCAS_CLOSE_ALERT_BENIGN (MCAS_CLOSE_ALERT_BENIGNParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

body

MCAS_CLOSE_ALERT_BENIGNParameterBody

 

 

True

 

Returns:

 

MCAS_DISABLE_POLICY

Summary: Disable Cloud App Security policy

Description: Disable Cloud App Security policy by policy ID

 

Syntax:

CloudAppSecurity.MCAS_DISABLE_POLICY (string policy_id)

 

Parameters:

Name

Type

Summary

Required

Related Action

policy_id

string

(Provider policy ID)

Enter provider policy ID...

True

 

Returns:

 

MCAS_ENABLE_POLICY

Summary: Enable Cloud App Security policy

Description: Enable Cloud App Security policy by policy ID

 

Syntax:

CloudAppSecurity.MCAS_ENABLE_POLICY (string policy_id)

 

Parameters:

Name

Type

Summary

Required

Related Action

policy_id

string

(Provider policy ID)

Enter provider policy ID...

True

 

Returns:

 

MCAS_GET_OPEN_ALERTS

Summary: Get Cloud App Security open alerts

Description: Get Cloud App Security open alerts

 

Syntax:

CloudAppSecurity.MCAS_GET_OPEN_ALERTS (MCAS_GET_OPEN_ALERTSParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

body

MCAS_GET_OPEN_ALERTSParameterBody

 

 

True

 

Returns:

          Type:AlertsAPIResult

          Summary: Open alerts

 

MCAS_GET_POLICY

Summary: Get Cloud App Security policy

Description: Get Cloud App Security policy by policy ID

 

Syntax:

CloudAppSecurity.MCAS_GET_POLICY (string policy_id, MCAS_GET_POLICYParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

policy_id

string

(Provider policy ID)

Enter provider policy ID...

True

body

MCAS_GET_POLICYParameterBody

 

 

True

 

Returns:

          Type:PolicyAPIResult

          Summary: Policy

 

MCAS_GET_ACTIVITIES

Summary: Get Cloud App Security activities

Description: Get Cloud App Security activities performed by Azure AD user ID

 

Syntax:

CloudAppSecurity.MCAS_GET_ACTIVITIES (MCAS_GET_ACTIVITIESParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

body

MCAS_GET_ACTIVITIESParameterBody

 

 

True

 

Returns:

          Type:ActivitiesAPIResult

          Summary: Activities

 

MCAS_TAG_APP_SANCTIONED

Summary: Tag app as sanctioned

Description: Tag app as sanctioned by app ID

 

Syntax:

CloudAppSecurity.MCAS_TAG_APP_SANCTIONED (integer app_id, MCAS_TAG_APP_SANCTIONEDParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

app_id

integer(int32)

(Cloud Application)

Enter Cloud Application ID...

True

body

MCAS_TAG_APP_SANCTIONEDParameterBody

 

 

True

 

Returns:

 

MCAS_TAG_APP_UNSANCTIONED

Summary: Tag app as unsanctioned

Description: Tag app as unsanctioned by app ID

 

Syntax:

CloudAppSecurity.MCAS_TAG_APP_UNSANCTIONED (integer app_id, MCAS_TAG_APP_UNSANCTIONEDParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

app_id

integer(int32)

(Cloud Application)

Enter Cloud Application ID...

True

body

MCAS_TAG_APP_UNSANCTIONEDParameterBody

 

 

True

 

Returns:

 

Triggers:

Trigger MCAS_ON_ALERT_GENERATED

Summary: When an alert is generated

Description: Triggers when a Cloud App Security alert is generated. After configuring your flow, go to the Cloud App Security policy page, and specify this flow in one of your policies.

 

Syntax:

CloudAppSecurity.MCAS_ON_ALERT_GENERATED (MCAS_ON_ALERT_GENERATEDParameterBody body)

 

Parameters:

Name

Type

Summary

Required

Related Action

body

MCAS_ON_ALERT_GENERATEDParameterBody

 

 

True

 

Returns:

 

 

ActivitiesAPIResult

Summary: Activities

Description:

 

          Properties:

Name

Type

Summary

data

array of (DataItem)

 

Activities by AAD user ID

 

DataItem

Summary:

Description:

 

          Properties:

Name

Type

Summary

 

 

AlertsAPIResult

Summary: Open alerts

Description:

 

          Properties:

Name

Type

Summary

data

array of (DataItem)

 

Get open alerts

 

DataItem

Summary:

Description:

 

          Properties:

Name

Type

Summary

 

 

MCAS_CLOSE_ALERT_BENIGNParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

filters

Filters

 

filters

comment

string

 

Comment

 

Filters

Summary:

Description: filters

 

          Properties:

Name

Type

Summary

id

Id

 

id

 

Id

Summary:

Description: id

 

          Properties:

Name

Type

Summary

eq

array of (string)

 

eq

 

 

MCAS_CLOSE_ALERT_FALSE_POSITIVEParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

filters

Filters

 

filters

comment

string

 

Comment

 

Filters

Summary:

Description: filters

 

          Properties:

Name

Type

Summary

id

Id

 

id

 

Id

Summary:

Description: id

 

          Properties:

Name

Type

Summary

eq

array of (string)

 

eq

 

 

MCAS_CLOSE_ALERT_TRUE_POSITIVEParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

filters

Filters

 

filters

comment

string

 

Comment

 

Filters

Summary:

Description: filters

 

          Properties:

Name

Type

Summary

id

Id

 

id

 

Id

Summary:

Description: id

 

          Properties:

Name

Type

Summary

eq

array of (string)

 

eq

 

 

MCAS_DISMISS_ALERTParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

filters

Filters

 

filters

comment

string

 

Comment

 

Filters

Summary:

Description: filters

 

          Properties:

Name

Type

Summary

id

Id

 

id

 

Id

Summary:

Description: id

 

          Properties:

Name

Type

Summary

eq

array of (string)

 

eq

 

 

MCAS_GET_ACTIVITIESParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

skip

integer(int32)

 

skip

limit

integer(int32)

 

Enter limit...

filters

Filters

 

filters

sortField

string

 

sortField

sortDirection

string

 

sortDirection

 

Filters

Summary:

Description: filters

 

          Properties:

Name

Type

Summary

entity

Entity

 

entity

 

Entity

Summary:

Description: entity

 

          Properties:

Name

Type

Summary

eq

array of (EqItem)

 

eq

 

EqItem

Summary:

Description:

 

          Properties:

Name

Type

Summary

id

string

 

Enter AAD User ID...

saas

integer(int32)

 

saas

inst

integer(int32)

 

inst

 

 

MCAS_GET_OPEN_ALERTSParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

skip

integer(int32)

 

skip

limit

integer(int32)

 

Enter limit...

filters

Filters

 

filters

sortField

string

 

sortField

sortDirection

string

 

sortDirection

projectedMSFlowFields

boolean

 

projectedMSFlowFields

 

Filters

Summary:

Description: filters

 

          Properties:

Name

Type

Summary

 

 

MCAS_GET_POLICYParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

projectedMSFlowFields

string

 

projectedMSFlowFields

 

MCAS_ON_ALERT_GENERATEDParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

callback_url

string

 

callback_url

 

MCAS_RESOLVE_ALERTParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

filters

Filters

 

filters

comment

string

 

Comment

 

Filters

Summary:

Description: filters

 

          Properties:

Name

Type

Summary

id

Id

 

id

 

Id

Summary:

Description: id

 

          Properties:

Name

Type

Summary

eq

array of (string)

 

eq

 

 

MCAS_TAG_APP_SANCTIONEDParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

sanction

string

 

sanction

 

MCAS_TAG_APP_UNSANCTIONEDParameterBody

Summary:

Description:

 

          Properties:

Name

Type

Summary

ban

string

 

ban

 

PolicyAPIResult

Summary: Policy

Description:

 

          Properties:

Name

Type

Summary

name

string

Name

The name of the policy

description

string

Description

The description of the policy

policyType

string

Type

The type of the policy

alertDailyLimit

integer

Daily alert limit

Daily limit of generated alerts

lastModified

number

Last modified

Last modified timestamp