Mar 01 2022 06:01 PM
Mar 01 2022 11:35 PM
Jul 24 2022 03:06 PM
@NicS we have a similar issue -
Did you have any success with automating closure of MCAS with correct status? I found this article about using API connection, but it's from 2020 so I'm unsure if it is still required.
Microsoft Cloud App Security (MCAS) Activity Log in Azure Sentinel - Microsoft Tech Community
In our case, with the Sentinel security extension enabled in MCAS, Sentinel does not update MCAS alert at all. If we disable the security extension, it does update but incorrectly e.g. Close an alert in Sentinel as False Positive - benign, automatically closes alert in MCAS as True Positive.
Anyone know how to get MCAS updated correctly based on Sentinel Incident closure?
I assume this matters because the logic for alerting in MCAS would be skewed by alerts being closed with incorret status?
Jul 31 2022 06:15 AM