Skip to main content

Get Activity

Get the activity matching the specified activity ID.

External Documentation

Parameters

ParameterDescription
Activity IDThe ID of the activity. Can be obtained via the List Activities action.

Example Output

{
"_id": "12345678_1687948118031_a09450102f0d469393cc1a9c2d1ee0ae",
"tenantId": 12345678,
"aadTenantId": "a233sdf3-8a55-469a-81bf-2f6a26736618",
"appId": 20595,
"saasId": 20595,
"timestamp": 1687948118031,
"timestampRaw": 1687948118031,
"instantiation": 1687948128252,
"instantiationRaw": 1687948128252,
"created": 1687948128350,
"createdRaw": 1687948128350,
"eventType": 917691,
"eventTypeValue": "EVENT_ADALLOM_FILES_LOAD_REDUCTION_ENABLE",
"eventRouting": {
"auditing": true,
"scubaUnpacker": false,
"adminEvent": true,
"portalEvent": true
},
"device": {
"clientIP": "147.243.210.209",
"countryCode": "AT"
},
"location": {
"countryCode": "AT",
"city": "wien",
"postalCode": "1000",
"region": "wien",
"longitude": 16.37417,
"latitude": 48.20861,
"organizationSearchable": "Microsoft Azure",
"anonymousProxy": false,
"isSatelliteProvider": false,
"ipTags": [
"0000002a0000000000000000"
],
"category": 5,
"categoryValue": "CLOUD_PROXY_NETWORK_IP",
"carrier": "microsoft corporation",
"organizationType": "Publishing",
"isHostingFacility": false
},
"user": {
"userName": "johndoe@companyonmicrosoft.com"
},
"userAgent": {
"family": "CHROME",
"name": "Chrome",
"operatingSystem": {
"name": "Catalina",
"version": "10.15.7",
},
"type": "Browser",
"typeName": "Browser",
"version": "114.0.0.0",
"major": "114",
"minor": "0",
"deviceType": "DESKTOP",
"nativeBrowser": false,
"os": "mac_os",
"browser": "CHROME"
},
"internals": {
"otherIPs": [
"147.243.210.209"
]
},
"tags": [
"000000110000000000000000"
],
"mainInfo": {
"eventObjects": [
{
"id": "johndoe@companyonmicrosoft.com",
"name": "johndoe@companyonmicrosoft.com",
"objType": 22,
"role": 4,
"tags": [],
"governable": false,
"instanceId": 0,
"link": -313799986,
"resolved": true,
"saasId": 11161
}
],
"rawOperationName": "files load reduction enable",
"prettyOperationName": "files load reduction enable",
"type": "setProperty"
},
"confidenceLevel": 30,
"session": {
"sessionId": "83419efbd49c7bbfd86bc3a6548d407b8bd35bfb6ac8661a21436d38f510fc31"
},
"collected": {
"apv2": true
},
"resolvedActor": {
"id": "johndoe@companyonmicrosoft.com",
"saasId": "11161",
"instanceId": "0",
"tags": [],
"objType": "22",
"name": "johndoe@companyonmicrosoft.com",
"role": "4",
"resolved": true,
"governable": false
},
"resolvedActorAccount": {
"id": "johndoe@companyonmicrosoft.com",
"saasId": "11161",
"instanceId": "0",
"tags": [],
"name": "johndoe@companyonmicrosoft.com",
"role": "4",
"resolved": true,
"governable": false
},
"uid": "12345678_1687948118031_a09450102f0d469393cc1a9c2d1ee0ae",
"appName": "Microsoft Defender for Cloud Apps",
"eventTypeName": "EVENT_CATEGORY_ENABLE_FILE_MONITORING",
"classifications": [
"file"
],
"entityData": {
"0": null,
"1": {
"displayName": "johndoe@companyonmicrosoft.com",
"id": {
"id": "johndoe@companyonmicrosoft.com",
"saas": 11161,
"inst": 0
},
"resolved": true
},
"2": null
},
"description_id": "EVENT_DESCRIPTION_ASSIGN",
"description_metadata": {
"target_object": "",
"to_object": "",
"parameters": "",
"event_category": "Enable file monitoring",
"colon": "",
"dash": ""
},
"description": "Enable file monitoring ",
"genericEventType": "ENUM_ACTIVITY_GENERIC_TYPE_SET_PROPERTY",
"severity": "INFO"
}

Workflow Library Example

Get Activity with Microsoft Defender for Cloud Apps and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop