Get the activity matching the specified activity ID.

External Documentation

To learn more, visit the Microsoft Defender For Cloud Apps documentation.

Parameters

ParameterDescription
Activity IDThe ID of the activity. Can be obtained via the List Activities action.

Example Output

{
  "_id": "12345678_1687948118031_a09450102f0d469393cc1a9c2d1ee0ae",
  "tenantId": 12345678,
  "aadTenantId": "a233sdf3-8a55-469a-81bf-2f6a26736618",
  "appId": 20595,
  "saasId": 20595,
  "timestamp": 1687948118031,
  "timestampRaw": 1687948118031,
  "instantiation": 1687948128252,
  "instantiationRaw": 1687948128252,
  "created": 1687948128350,
  "createdRaw": 1687948128350,
  "eventType": 917691,
  "eventTypeValue": "EVENT_ADALLOM_FILES_LOAD_REDUCTION_ENABLE",
  "eventRouting": {
    "auditing": true,
    "scubaUnpacker": false,
    "adminEvent": true,
    "portalEvent": true
  },
  "device": {
    "clientIP": "147.243.210.209",
    "countryCode": "AT"
  },
  "location": {
    "countryCode": "AT",
    "city": "wien",
    "postalCode": "1000",
    "region": "wien",
    "longitude": 16.37417,
    "latitude": 48.20861,
    "organizationSearchable": "Microsoft Azure",
    "anonymousProxy": false,
    "isSatelliteProvider": false,
    "ipTags": [
      "0000002a0000000000000000"
    ],
    "category": 5,
    "categoryValue": "CLOUD_PROXY_NETWORK_IP",
    "carrier": "microsoft corporation",
    "organizationType": "Publishing",
    "isHostingFacility": false
  },
  "user": {
    "userName": "johndoe@companyonmicrosoft.com"
  },
  "userAgent": {
    "family": "CHROME",
    "name": "Chrome",
    "operatingSystem": {
      "name": "Catalina",
      "version": "10.15.7",
    },
    "type": "Browser",
    "typeName": "Browser",
    "version": "114.0.0.0",
    "major": "114",
    "minor": "0",
    "deviceType": "DESKTOP",
    "nativeBrowser": false,
    "os": "mac_os",
    "browser": "CHROME"
  },
  "internals": {
    "otherIPs": [
      "147.243.210.209"
    ]
  },
  "tags": [
    "000000110000000000000000"
  ],
  "mainInfo": {
    "eventObjects": [
      {
        "id": "johndoe@companyonmicrosoft.com",
        "name": "johndoe@companyonmicrosoft.com",
        "objType": 22,
        "role": 4,
        "tags": [],
        "governable": false,
        "instanceId": 0,
        "link": -313799986,
        "resolved": true,
        "saasId": 11161
      }
    ],
    "rawOperationName": "files load reduction enable",
    "prettyOperationName": "files load reduction enable",
    "type": "setProperty"
  },
  "confidenceLevel": 30,
  "session": {
    "sessionId": "83419efbd49c7bbfd86bc3a6548d407b8bd35bfb6ac8661a21436d38f510fc31"
  },
  "collected": {
    "apv2": true
  },
  "resolvedActor": {
    "id": "johndoe@companyonmicrosoft.com",
    "saasId": "11161",
    "instanceId": "0",
    "tags": [],
    "objType": "22",
    "name": "johndoe@companyonmicrosoft.com",
    "role": "4",
    "resolved": true,
    "governable": false
  },
  "resolvedActorAccount": {
    "id": "johndoe@companyonmicrosoft.com",
    "saasId": "11161",
    "instanceId": "0",
    "tags": [],
    "name": "johndoe@companyonmicrosoft.com",
    "role": "4",
    "resolved": true,
    "governable": false
  },
  "uid": "12345678_1687948118031_a09450102f0d469393cc1a9c2d1ee0ae",
  "appName": "Microsoft Defender for Cloud Apps",
  "eventTypeName": "EVENT_CATEGORY_ENABLE_FILE_MONITORING",
  "classifications": [
    "file"
  ],
  "entityData": {
    "0": null,
    "1": {
      "displayName": "johndoe@companyonmicrosoft.com",
      "id": {
        "id": "johndoe@companyonmicrosoft.com",
        "saas": 11161,
        "inst": 0
      },
      "resolved": true
    },
    "2": null
  },
  "description_id": "EVENT_DESCRIPTION_ASSIGN",
  "description_metadata": {
    "target_object": "",
    "to_object": "",
    "parameters": "",
    "event_category": "Enable file monitoring",
    "colon": "",
    "dash": ""
  },
  "description": "Enable file monitoring ",
  "genericEventType": "ENUM_ACTIVITY_GENERIC_TYPE_SET_PROPERTY",
  "severity": "INFO"
}

Workflow Library Example

Get Activity with Microsoft Defender for Cloud Apps and Send Results Via Email

Preview this Workflow on desktop