List Activities
Retrieve a list of activities.
External Documentation
To learn more, visit the Microsoft Defender For Cloud Apps documentation.
Example Output
{
"data": [
{
"_id": "12345678_1687948118031_a09450102f0d469393cc1a9c2d1ee0ae",
"tenantId": 12345678,
"aadTenantId": "a233sdf3-8a55-469a-81bf-2f6a26736618",
"appId": 20595,
"saasId": 20595,
"timestamp": 1687948118031,
"timestampRaw": 1687948118031,
"instantiation": 1687948128252,
"instantiationRaw": 1687948128252,
"created": 1687948128350,
"createdRaw": 1687948128350,
"eventType": 917691,
"eventTypeValue": "EVENT_ADALLOM_FILES_LOAD_REDUCTION_ENABLE",
"eventRouting": {
"auditing": true,
"scubaUnpacker": false,
"adminEvent": true,
"portalEvent": true
},
"device": {
"clientIP": "147.243.210.209",
"countryCode": "AT"
},
"location": {
"countryCode": "AT",
"city": "wien",
"postalCode": "1000",
"region": "wien",
"longitude": 16.37417,
"latitude": 48.20861,
"organizationSearchable": "Microsoft Azure",
"anonymousProxy": false,
"isSatelliteProvider": false,
"ipTags": [
"0000002a0000000000000000"
],
"category": 5,
"categoryValue": "CLOUD_PROXY_NETWORK_IP",
"carrier": "microsoft corporation",
"organizationType": "Publishing",
"isHostingFacility": false
},
"user": {
"userName": "johndoe@companyonmicrosoft.com"
},
"userAgent": {
"family": "CHROME",
"name": "Chrome",
"operatingSystem": {
"name": "Catalina",
"version": "10.15.7",
},
"type": "Browser",
"typeName": "Browser",
"version": "114.0.0.0",
"major": "114",
"minor": "0",
"deviceType": "DESKTOP",
"nativeBrowser": false,
"os": "mac_os",
"browser": "CHROME"
},
"internals": {
"otherIPs": [
"147.243.210.209"
]
},
"tags": [
"000000110000000000000000"
],
"mainInfo": {
"eventObjects": [
{
"id": "johndoe@companyonmicrosoft.com",
"name": "johndoe@companyonmicrosoft.com",
"objType": 22,
"role": 4,
"tags": [],
"governable": false,
"instanceId": 0,
"link": -313799986,
"resolved": true,
"saasId": 11161
}
],
"rawOperationName": "files load reduction enable",
"prettyOperationName": "files load reduction enable",
"type": "setProperty"
},
"confidenceLevel": 30,
"session": {
"sessionId": "83419efbd49c7bbfd86bc3a6548d407b8bd35bfb6ac8661a21436d38f510fc31"
},
"collected": {
"apv2": true
},
"resolvedActor": {
"id": "johndoe@companyonmicrosoft.com",
"saasId": "11161",
"instanceId": "0",
"tags": [],
"objType": "22",
"name": "johndoe@companyonmicrosoft.com",
"role": "4",
"resolved": true,
"governable": false
},
"resolvedActorAccount": {
"id": "johndoe@companyonmicrosoft.com",
"saasId": "11161",
"instanceId": "0",
"tags": [],
"name": "johndoe@companyonmicrosoft.com",
"role": "4",
"resolved": true,
"governable": false
},
"uid": "12345678_1687948118031_a09450102f0d469393cc1a9c2d1ee0ae",
"appName": "Microsoft Defender for Cloud Apps",
"eventTypeName": "EVENT_CATEGORY_ENABLE_FILE_MONITORING",
"classifications": [
"file"
],
"entityData": {
"0": null,
"1": {
"displayName": "johndoe@companyonmicrosoft.com",
"id": {
"id": "johndoe@companyonmicrosoft.com",
"saas": 11161,
"inst": 0
},
"resolved": true
},
"2": null
},
"description_id": "EVENT_DESCRIPTION_ASSIGN",
"description_metadata": {
"target_object": "",
"to_object": "",
"parameters": "",
"event_category": "Enable file monitoring",
"colon": "",
"dash": ""
},
"description": "Enable file monitoring ",
"genericEventType": "ENUM_ACTIVITY_GENERIC_TYPE_SET_PROPERTY",
"severity": "INFO"
}
],
"hasNext": false,
"total": 3
}
Workflow Library Example
List Activities with Microsoft Defender for Cloud Apps and Send Results Via Email
Preview this Workflow on desktop