Microsoft Defender for Cloud Apps Event Collector
Microsoft Cloud App Security Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.8.0 and later.
Microsoft Defender for Cloud Apps Event Collector integration.
#
Configure Microsoft Defender for Cloud Apps Event Collector on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Microsoft Defender for Cloud Apps Event Collector.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Endpoint URI The United States: api-us.security.microsoft.com
Europe: api-eu.security.microsoft.com
The United Kingdom: api-uk.security.microsoft.comTrue Client (Application) ID The Client (Application) ID to use to connect. True Client Secret True Tenant ID True Scope True First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days) False Vendor The vendor name to be used in the dataset name, in this format <vendor>_<product>_raw. False Product False Number of alerts for each fetch. Due to API limitations, the maximum is 10,000. False Fetch events False Verify SSL Certificate False Use system proxy settings False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
microsoft-defender-cloud-apps-get-eventsReturns a list of alerts.
#
Base Commandmicrosoft-defender-cloud-apps-get-events
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of alerts per fetch. Default is 10000. | Optional |
after | The first fetch time (<number> <time unit>, for example 12 hours, 1 day, 3 months). Default is 3 days. | Optional |
push_to_xsiam | Whether to push the fetched event to XSIAM or not. Possible values are: false, true. Default is false. | Optional |
#
Context OutputThere is no context output for this command.