Parameters

ParameterDescription
Activity IDThe ID of the activity. Can be obtained via the List Activities action.

Example Output

{  "_id": "12345678_1687948118031_a09450102f0d469393cc1a9c2d1ee0ae",  "tenantId": 12345678,  "aadTenantId": "a233sdf3-8a55-469a-81bf-2f6a26736618",  "appId": 20595,  "saasId": 20595,  "timestamp": 1687948118031,  "timestampRaw": 1687948118031,  "instantiation": 1687948128252,  "instantiationRaw": 1687948128252,  "created": 1687948128350,  "createdRaw": 1687948128350,  "eventType": 917691,  "eventTypeValue": "EVENT_ADALLOM_FILES_LOAD_REDUCTION_ENABLE",  "eventRouting": {    "auditing": true,    "scubaUnpacker": false,    "adminEvent": true,    "portalEvent": true  },  "device": {    "clientIP": "147.243.210.209",    "countryCode": "AT"  },  "location": {    "countryCode": "AT",    "city": "wien",    "postalCode": "1000",    "region": "wien",    "longitude": 16.37417,    "latitude": 48.20861,    "organizationSearchable": "Microsoft Azure",    "anonymousProxy": false,    "isSatelliteProvider": false,    "ipTags": [      "0000002a0000000000000000"    ],    "category": 5,    "categoryValue": "CLOUD_PROXY_NETWORK_IP",    "carrier": "microsoft corporation",    "organizationType": "Publishing",    "isHostingFacility": false  },  "user": {    "userName": "johndoe@companyonmicrosoft.com"  },  "userAgent": {    "family": "CHROME",    "name": "Chrome",    "operatingSystem": {      "name": "Catalina",      "version": "10.15.7",    },    "type": "Browser",    "typeName": "Browser",    "version": "114.0.0.0",    "major": "114",    "minor": "0",    "deviceType": "DESKTOP",    "nativeBrowser": false,    "os": "mac_os",    "browser": "CHROME"  },  "internals": {    "otherIPs": [      "147.243.210.209"    ]  },  "tags": [    "000000110000000000000000"  ],  "mainInfo": {    "eventObjects": [      {        "id": "johndoe@companyonmicrosoft.com",        "name": "johndoe@companyonmicrosoft.com",        "objType": 22,        "role": 4,        "tags": [],        "governable": false,        "instanceId": 0,        "link": -313799986,        "resolved": true,        "saasId": 11161      }    ],    "rawOperationName": "files load reduction enable",    "prettyOperationName": "files load reduction enable",    "type": "setProperty"  },  "confidenceLevel": 30,  "session": {    "sessionId": "83419efbd49c7bbfd86bc3a6548d407b8bd35bfb6ac8661a21436d38f510fc31"  },  "collected": {    "apv2": true  },  "resolvedActor": {    "id": "johndoe@companyonmicrosoft.com",    "saasId": "11161",    "instanceId": "0",    "tags": [],    "objType": "22",    "name": "johndoe@companyonmicrosoft.com",    "role": "4",    "resolved": true,    "governable": false  },  "resolvedActorAccount": {    "id": "johndoe@companyonmicrosoft.com",    "saasId": "11161",    "instanceId": "0",    "tags": [],    "name": "johndoe@companyonmicrosoft.com",    "role": "4",    "resolved": true,    "governable": false  },  "uid": "12345678_1687948118031_a09450102f0d469393cc1a9c2d1ee0ae",  "appName": "Microsoft Defender for Cloud Apps",  "eventTypeName": "EVENT_CATEGORY_ENABLE_FILE_MONITORING",  "classifications": [    "file"  ],  "entityData": {    "0": null,    "1": {      "displayName": "johndoe@companyonmicrosoft.com",      "id": {        "id": "johndoe@companyonmicrosoft.com",        "saas": 11161,        "inst": 0      },      "resolved": true    },    "2": null  },  "description_id": "EVENT_DESCRIPTION_ASSIGN",  "description_metadata": {    "target_object": "",    "to_object": "",    "parameters": "",    "event_category": "Enable file monitoring",    "colon": "",    "dash": ""  },  "description": "Enable file monitoring ",  "genericEventType": "ENUM_ACTIVITY_GENERIC_TYPE_SET_PROPERTY",  "severity": "INFO"}

Workflow Library Example

Get Activity with Microsoft Defender for Cloud Apps and Send Results Via Email

Preview this Workflow on desktop