Microsoft Cloud App Security

Version: 2.0.0

Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.

Connect Microsoft Cloud App Security with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Microsoft Cloud App Security.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • API URL: URL of API. If you have portal's URL, add the /api suffix to it to obtain your API URL. Example: https://mytenant.us2.contoso.com/api
    • Token: Token required for authentication.
  4. After you've entered all the details, click Connect.

Actions for Microsoft Cloud App Security

List Activities

Fetches a list of activities matching the specified filters.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
FilterJinja-template for json of filters. Reference for all the options: https://docs.microsoft.com/en-us/cloud-app-security/api-activities#filters.
Example filter: {"activity.id": {"eq": ["id1", "{{column_name_from_parent_table}}"]}}
Required
Sort DirectionSelect the sorting direction (Default is Ascending).
Sort FieldFields used to sort activities (Default is Date).
SkipSkips the specified number of records (Default is 0).
LimitMaximum number of records returned by the request (Default is 100, Max is 100,000).

Output

Array of activity objects.

{
   "_id":"112624484_1613202281066_84d5d2d3b3b547ab868eb141a7b1b7cc",
   "aadTenantId":"2d97f757-5a31-46a8-a957-3890738e1a25",
   "adallom":{
      "agentType":3,
      "alertActor":"11161|0|[email protected]",
      "alertBulk":false,
      "alertDate":"2021-02-11T00:28:50.3780000Z",
      "alertMongoId":"60255329369efb920b8e8e4f",
      "alertScore":"0",
      "alertSeverity":1,
      "alertSeverityValue":1,
      "alertTimestamp":1613003330378,
      "alertTitle":"Impossible travel activity",
      "alertTypeId":15859716,
      "alertUid":"VelocityDetection|[email protected]|[2021-02-10, 2021-02-11]_[(IN,SE)]",
      "allowContact":false,
      "bulkId":"60278369aa47e53c2fd5b92a",
      "comment":"closed by Indrajeet",
      "contactEmail":"[email protected]",
      "count":1,
      "feedback":"",
      "handledByUser":"[email protected]",
      "isLegacyAlertStatus":false,
      "licenses":[
         "AdallomStandalone"
      ],
      "operationTime":1613202281063,
      "reasonId":3,
      "resolutionStatus":4,
      "sendFeedback":false,
      "title":"Impossible travel activity"
   },
   "appId":20595,
   "appName":"Microsoft Cloud App Security",
   "classifications":[
      
   ],
   "confidenceLevel":20,
   "created":1613202288379,
   "createdRaw":1613202288379,
   "description":"Close alert as benign: Alert Closed ; Parameters: property <b>Resolution Status</b> <b>Benign</b>, property <b>Alert Title</b> <b>Impossible travel activity</b>, property <b>Alert Unique Id</b> <b>VelocityDetection|[email protected]|[2021-02-10, 2021-02-11]_[(IN,SE)]</b>, property <b>Handled By User</b> <b>[email protected]</b>",
   "description_id":"EVENT_DESCRIPTION_SECURITY_EVENT",
   "description_metadata":{
      "activity_result_message":"",
      "colon":": ",
      "dash":"",
      "event_category":"Close alert as benign",
      "operation_name":"Alert Closed",
      "parameters":"; Parameters: property <b>Resolution Status</b> <b>Benign</b>, property <b>Alert Title</b> <b>Impossible travel activity</b>, property <b>Alert Unique Id</b> <b>VelocityDetection|[email protected]|[2021-02-10, 2021-02-11]_[(IN,SE)]</b>, property <b>Handled By User</b> <b>[email protected]</b>",
      "target_object":""
   },
   "device":{
      "clientIP":"52.89.253.223",
      "countryCode":"US",
      "userAgent":"python-requests/2.25.0"
   },
   "entityData":{
      "0":{
         "displayName":"tango bango",
         "id":{
            "id":"[email protected]",
            "inst":0,
            "saas":11161
         },
         "resolved":true
      },
      "1":null,
      "2":{
         "displayName":"tango bango",
         "id":{
            "id":"bdd136b2-2307-47a4-823a-43a8d26ccaff",
            "inst":0,
            "saas":11161
         },
         "resolved":true
      }
   },
   "error":null,
   "eventRouting":{
      "adminEvent":true,
      "auditing":true,
      "scubaUnpacker":false
   },
   "eventType":917724,
   "eventTypeName":"EVENT_CATEGORY_CLOSE_ALERT_BENIGN",
   "eventTypeValue":"EVENT_ADALLOM_ALERT_CLOSED_BENIGN",
   "genericEventType":"ENUM_ACTIVITY_GENERIC_TYPE_SECURITY_EVENT",
   "has_error":false,
   "instantiation":1613202288233,
   "instantiationRaw":1613202288233,
   "internals":{
      "otherIPs":[
         "52.89.253.223"
      ]
   },
   "location":{
      "anonymousProxy":false,
      "category":5,
      "categoryValue":"CLOUD_PROXY_NETWORK_IP",
      "city":"boardman",
      "countryCode":"US",
      "ipTags":[
         "000000290000000000000000"
      ],
      "isSatelliteProvider":false,
      "latitude":45.73723,
      "longitude":-119.81143,
      "organizationSearchable":"Amazon Web Services",
      "postalCode":"97818",
      "region":"oregon"
   },
   "mainInfo":{
      "eventObjects":[
         {
            "name":"Resolution Status",
            "objType":7,
            "role":3,
            "tags":[
               
            ],
            "value":"Benign"
         },
         {
            "name":"Alert Title",
            "objType":7,
            "role":3,
            "tags":[
               
            ],
            "value":"Impossible travel activity"
         },
         {
            "name":"Alert Unique Id",
            "objType":7,
            "role":3,
            "tags":[
               
            ],
            "value":"VelocityDetection|[email protected]|[2021-02-10, 2021-02-11]_[(IN,SE)]"
         },
         {
            "name":"Handled By User",
            "objType":7,
            "role":3,
            "tags":[
               
            ],
            "value":"[email protected]"
         },
         {
            "id":"[email protected]",
            "instanceId":0,
            "link":426759197,
            "name":"tango bango",
            "objType":21,
            "resolved":true,
            "role":4,
            "saasId":11161,
            "tags":[
               
            ]
         },
         {
            "id":"bdd136b2-2307-47a4-823a-43a8d26ccaff",
            "instanceId":0,
            "link":426759197,
            "name":"tango bango",
            "objType":23,
            "resolved":true,
            "role":4,
            "saasId":11161,
            "tags":[
               "602477681ebb340bf80fa8f3"
            ]
         }
      ],
      "prettyOperationName":"Alert Closed",
      "rawOperationName":"Alert Closed",
      "type":"securityEvent"
   },
   "resolvedActor":{
      "id":"bdd136b2-2307-47a4-823a-43a8d26ccaff",
      "instanceId":"0",
      "name":"tango bango",
      "objType":"23",
      "resolved":true,
      "role":"4",
      "saasId":"11161",
      "tags":[
         "602477681ebb340bf80fa8f3"
      ]
   },
   "saasId":20595,
   "session":{
      "sessionId":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
   },
   "severity":"INFO",
   "tags":[
      "000000110000000000000000"
   ],
   "tenantId":112624484,
   "timestamp":1613202281066,
   "timestampRaw":1613202281066,
   "uid":"112624484_1613202281066_84d5d2d3b3b547ab868eb141a7b1b7cc",
   "user":{
      "userName":"[email protected]",
      "userTags":[
         "602477681ebb340bf80fa8f3"
      ]
   },
   "userAgent":{
      "browser":"PYTHON_REQUESTS",
      "deviceType":"DESKTOP",
      "family":"PYTHON_REQUESTS",
      "major":"2",
      "minor":"25",
      "name":"Python-requests",
      "nativeBrowser":true,
      "operatingSystem":{
         "family":"Unknown",
         "name":"Unknown"
      },
      "os":"OTHER",
      "tags":[
         "000000000000000000000000"
      ],
      "type":"Library",
      "typeName":"Library",
      "version":"2.25.0"
   }
}

Get Activity by ID

Get activity details by activity ID

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Activity IDColumn name from parent table containing activity ID.Required

Output

Object containing activity object.

{
   "_id":"112624484_1613202281066_84d5d2d3b3b547ab868eb141a7b1b7cc",
   "tenantId":112624484,
   "aadTenantId":"2d97f757-5a31-46a8-a957-3890738e1a25",
   "appId":20595,
   "saasId":20595,
   "timestamp":1613202281066,
   "timestampRaw":1613202281066,
   "instantiation":1613202288233,
   "instantiationRaw":1613202288233,
   "created":1613202288379,
   "createdRaw":1613202288379,
   "eventType":917724,
   "eventTypeValue":"EVENT_ADALLOM_ALERT_CLOSED_BENIGN",
   "eventRouting":{
      "scubaUnpacker":false,
      "auditing":true,
      "adminEvent":true
   },
   "device":{
      "clientIP":"52.89.253.223",
      "userAgent":"python-requests/2.25.0",
      "countryCode":"US"
   },
   "location":{
      "countryCode":"US",
      "city":"boardman",
      "postalCode":"97818",
      "region":"oregon",
      "longitude":-119.81143,
      "latitude":45.73723,
      "organizationSearchable":"Amazon Web Services",
      "anonymousProxy":false,
      "isSatelliteProvider":false,
      "ipTags":[
         "000000290000000000000000"
      ],
      "category":5,
      "categoryValue":"CLOUD_PROXY_NETWORK_IP"
   },
   "user":{
      "userName":"[email protected]",
      "userTags":[
         "602477681ebb340bf80fa8f3"
      ]
   },
   "userAgent":{
      "family":"PYTHON_REQUESTS",
      "name":"Python-requests",
      "operatingSystem":{
         "name":"Unknown",
         "family":"Unknown"
      },
      "type":"Library",
      "typeName":"Library",
      "version":"2.25.0",
      "major":"2",
      "minor":"25",
      "deviceType":"DESKTOP",
      "nativeBrowser":true,
      "tags":[
         "000000000000000000000000"
      ],
      "os":"OTHER",
      "browser":"PYTHON_REQUESTS"
   },
   "internals":{
      "otherIPs":[
         "52.89.253.223"
      ]
   },
   "tags":[
      "000000110000000000000000"
   ],
   "mainInfo":{
      "eventObjects":[
         {
            "objType":7,
            "role":3,
            "tags":[
               
            ],
            "name":"Resolution Status",
            "value":"Benign"
         },
         {
            "objType":7,
            "role":3,
            "tags":[
               
            ],
            "name":"Alert Title",
            "value":"Impossible travel activity"
         },
         {
            "objType":7,
            "role":3,
            "tags":[
               
            ],
            "name":"Alert Unique Id",
            "value":"VelocityDetection|[email protected]|[2021-02-10, 2021-02-11]_[(IN,SE)]"
         },
         {
            "objType":7,
            "role":3,
            "tags":[
               
            ],
            "name":"Handled By User",
            "value":"[email protected]"
         },
         {
            "objType":21,
            "role":4,
            "tags":[
               
            ],
            "name":"tango bango",
            "instanceId":0,
            "resolved":true,
            "saasId":11161,
            "link":426759197,
            "id":"[email protected]"
         },
         {
            "objType":23,
            "role":4,
            "tags":[
               "602477681ebb340bf80fa8f3"
            ],
            "name":"tango bango",
            "instanceId":0,
            "resolved":true,
            "saasId":11161,
            "link":426759197,
            "id":"bdd136b2-2307-47a4-823a-43a8d26ccaff"
         }
      ],
      "rawOperationName":"Alert Closed",
      "prettyOperationName":"Alert Closed",
      "type":"securityEvent"
   },
   "confidenceLevel":20,
   "session":{
      "sessionId":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
   },
   "adallom":{
      "alertSeverity":1,
      "isLegacyAlertStatus":false,
      "alertSeverityValue":1,
      "resolutionStatus":4,
      "alertTimestamp":1613003330378,
      "handledByUser":"[email protected]",
      "operationTime":1613202281063,
      "alertMongoId":"60255329369efb920b8e8e4f",
      "allowContact":false,
      "contactEmail":"[email protected]",
      "sendFeedback":false,
      "alertTypeId":15859716,
      "alertActor":"11161|0|[email protected]",
      "alertScore":"0",
      "alertTitle":"Impossible travel activity",
      "agentType":3,
      "alertBulk":false,
      "alertDate":"2021-02-11T00:28:50.3780000Z",
      "alertUid":"VelocityDetection|[email protected]|[2021-02-10, 2021-02-11]_[(IN,SE)]",
      "feedback":"",
      "licenses":[
         "AdallomStandalone"
      ],
      "reasonId":3,
      "comment":"closed by Indrajeet",
      "bulkId":"60278369aa47e53c2fd5b92a",
      "count":1,
      "title":"Impossible travel activity"
   },
   "resolvedActor":{
      "id":"bdd136b2-2307-47a4-823a-43a8d26ccaff",
      "saasId":"11161",
      "instanceId":"0",
      "tags":[
         "602477681ebb340bf80fa8f3"
      ],
      "objType":"23",
      "name":"tango bango",
      "role":"4",
      "resolved":true
   },
   "uid":"112624484_1613202281066_84d5d2d3b3b547ab868eb141a7b1b7cc",
   "appName":"Microsoft Cloud App Security",
   "eventTypeName":"EVENT_CATEGORY_CLOSE_ALERT_BENIGN",
   "classifications":[
      
   ],
   "entityData":{
      "0":{
         "displayName":"tango bango",
         "id":{
            "id":"[email protected]",
            "saas":11161,
            "inst":0
         },
         "resolved":true
      },
      "1":null,
      "2":{
         "displayName":"tango bango",
         "id":{
            "id":"bdd136b2-2307-47a4-823a-43a8d26ccaff",
            "saas":11161,
            "inst":0
         },
         "resolved":true
      }
   },
   "description_id":"EVENT_DESCRIPTION_SECURITY_EVENT",
   "description_metadata":{
      "target_object":"",
      "parameters":"; Parameters: property <b>Resolution Status</b> <b>Benign</b>, property <b>Alert Title</b> <b>Impossible travel activity</b>, property <b>Alert Unique Id</b> <b>VelocityDetection|[email protected]|[2021-02-10, 2021-02-11]_[(IN,SE)]</b>, property <b>Handled By User</b> <b>[email protected]</b>",
      "activity_result_message":"",
      "event_category":"Close alert as benign",
      "operation_name":"Alert Closed",
      "colon":": ",
      "dash":""
   },
   "description":"Close alert as benign: Alert Closed ; Parameters: property <b>Resolution Status</b> <b>Benign</b>, property <b>Alert Title</b> <b>Impossible travel activity</b>, property <b>Alert Unique Id</b> <b>VelocityDetection|[email protected]|[2021-02-10, 2021-02-11]_[(IN,SE)]</b>, property <b>Handled By User</b> <b>[email protected]</b>",
   "genericEventType":"ENUM_ACTIVITY_GENERIC_TYPE_SECURITY_EVENT",
   "severity":"INFO",
   "error":null,
   "has_error":false
}

List Alerts

List alerts of Microsoft Cloud App Security

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
FilterJinja-template for json of filters. Reference for all the options: https://docs.microsoft.com/en-us/cloud-app-security/api-activities#filters. Example filter: {"id": {"eq": ["id1", "{{column_name_from_parent_table}}"]}}
Sort DirectionSelect the sorting direction (Default is Ascending).
Sort FieldFields used to sort activities (Default is Date).
SkipSkips the specified number of records (Default is 0).
LimitMaximum number of records returned by the request (Default is 100, Max is 100,000).

Output

A JSON object containing multiple rows of alert object.

{
   "URL":"https://qrrush.portal.cloudappsecurity.com/#/alerts/60255329369efb920b8e8e4f",
   "_id":"60255329369efb920b8e8e4f",
   "comment":"closed by Indrajeet",
   "contextId":"2d97f757-5a31-46a8-a957-3890738e1a25",
   "description":"<p>The user tango bango ([email protected]) performed an impossible travel activity.<br>The user was active from 49.36.149.102 in India and 77.111.245.14 in Sweden within 219 minutes.<br>If these are IP addresses that are known and safe, add them in the <a href=\"#/subnet\">IP address range page</a> to improve the accuracy of the alerts.</p>",
   "entities":[
      {
         "id":20595,
         "label":"Microsoft Cloud App Security",
         "type":"service"
      },
      {
         "countryCode":"SE",
         "id":"77.111.245.14",
         "label":"77.111.245.14",
         "triggeredAlert":true,
         "type":"ip"
      },
      {
         "countryCode":"IN",
         "id":"49.36.149.102",
         "label":"49.36.149.102",
         "triggeredAlert":true,
         "type":"ip"
      },
      {
         "id":"IN",
         "label":"IN",
         "type":"country"
      },
      {
         "id":"SE",
         "label":"SE",
         "type":"country"
      },
      {
         "id":"60233090e39f5c3e5a17877a",
         "label":"Impossible travel",
         "policyType":"ANOMALY_DETECTION",
         "type":"policyRule"
      },
      {
         "entityType":1,
         "id":"[email protected]",
         "inst":0,
         "label":"tango bango",
         "pa":"[email protected]",
         "saas":11161,
         "type":"account"
      },
      {
         "id":"[email protected]",
         "label":"[email protected]",
         "type":"user"
      }
   ],
   "error":null,
   "handledByUser":"[email protected]",
   "has_error":false,
   "idValue":15859716,
   "isPreview":false,
   "isSystemAlert":false,
   "resolveTime":"2021-02-13T07:44:41.063Z",
   "severityValue":1,
   "statusValue":0,
   "stories":[
      0
   ],
   "threatScore":0,
   "timestamp":1613003330378,
   "title":"Impossible travel activity"
}

Get Alert by ID

Get alert details by alert ID

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alert IDColumn name from parent table containing activity ID.Required

Output

A JSON object containing activity object.

{
   "_id":"60255329369efb920b8e8e4f",
   "contextId":"2d97f757-5a31-46a8-a957-3890738e1a25",
   "description":"<p>The user tango bango ([email protected]) performed an impossible travel activity.<br>The user was active from 49.36.149.102 in India and 77.111.245.14 in Sweden within 219 minutes.<br>If these are IP addresses that are known and safe, add them in the <a href=\"#/subnet\">IP address range page</a> to improve the accuracy of the alerts.</p>",
   "entities":[
      {
         "id":20595,
         "type":"service",
         "label":"Microsoft Cloud App Security"
      },
      {
         "countryCode":"SE",
         "id":"77.111.245.14",
         "type":"ip",
         "triggeredAlert":true,
         "label":"77.111.245.14"
      },
      {
         "countryCode":"IN",
         "id":"49.36.149.102",
         "type":"ip",
         "triggeredAlert":true,
         "label":"49.36.149.102"
      },
      {
         "label":"IN",
         "id":"IN",
         "type":"country"
      },
      {
         "label":"SE",
         "id":"SE",
         "type":"country"
      },
      {
         "policyType":"ANOMALY_DETECTION",
         "id":"60233090e39f5c3e5a17877a",
         "label":"Impossible travel",
         "type":"policyRule"
      },
      {
         "pa":"[email protected]",
         "saas":11161,
         "entityType":1,
         "inst":0,
         "label":"tango bango",
         "id":"[email protected]",
         "type":"account"
      },
      {
         "label":"[email protected]",
         "id":"[email protected]",
         "type":"user"
      }
   ],
   "idValue":15859716,
   "isPreview":false,
   "isSystemAlert":false,
   "severityValue":1,
   "statusValue":0,
   "stories":[
      0
   ],
   "threatScore":0,
   "timestamp":1613003330378,
   "title":"Impossible travel activity",
   "comment":"closed by Indrajeet",
   "handledByUser":"[email protected]",
   "resolveTime":"2021-02-13T07:44:41.063Z",
   "URL":"https://qrrush.portal.cloudappsecurity.com/#/alerts/60255329369efb920b8e8e4f",
   "error":null,
   "has_error":false
}

Close Alert

Close alert of microsoft cloud app security

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Close StatusColumn name from parent table containing close status. Selected parent table column can have values: ("Benign", "False Positive", or "True Positive").Required
FilterJinja-template for json of filters. Reference for all the options: https://docs.microsoft.com/en-us/cloud-app-security/api-activities#filters.
Example filter: {"id": {"eq": ["id1", "{{column_name_from_parent_table}}"]}}
Required
CommentColumn name from parent table containing a comment about why the alerts are dismissed.Required
Reason IDColumn name from parent table providing a reason which helps improve the accuracy of the detection over time. Not used for True Positive. Selected parent table column can have values Possible values for Benign: 2, 4, 5, 6 Possible values for False Positive: 0, 1, 3, 4Required
Send FeedbackColumn name from parent table indicating that feedback about this alert is provided. Parent table should contain either true / false. (Default is false).Required
Feedback TextColumn name from the parent table containing text of the feedback.Required
Allow ContactColumn name from parent table containing a boolean value indicating that consent to contact the user is provided. Selected parent table column should contain either true / false. (Default is false).Required
Contact EmailThe email address of the user.Required

Output

A JSON object containing multiple rows of result:

  • closed_benign: Number of alerts selected,
  • has_error: True/False
  • error: message/null
{
   "closed_benign":1,
   "error":null,
   "has_error":false
}

Mark Alert

Mark alert read / unread

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alert IDColumn name from parent table containing activity ID.Required
Mark StatusColumn name from parent table containing mark status. Selected parent table column can have values: (UNREAD / READ).Required

Output

A JSON object containing the alert updated.

{
   "_id":"60255329369efb920b8e8e4f",
   "contextId":"2d97f757-5a31-46a8-a957-3890738e1a25",
   "description":"<p>The user tango bango ([email protected]) performed an impossible travel activity.<br>The user was active from 49.36.149.102 in India and 77.111.245.14 in Sweden within 219 minutes.<br>If these are IP addresses that are known and safe, add them in the <a href=\"#/subnet\">IP address range page</a> to improve the accuracy of the alerts.</p>",
   "entities":[
      {
         "id":20595,
         "type":"service",
         "label":"Microsoft Cloud App Security"
      },
      {
         "countryCode":"SE",
         "id":"77.111.245.14",
         "type":"ip",
         "triggeredAlert":true,
         "label":"77.111.245.14"
      },
      {
         "countryCode":"IN",
         "id":"49.36.149.102",
         "type":"ip",
         "triggeredAlert":true,
         "label":"49.36.149.102"
      },
      {
         "label":"IN",
         "id":"IN",
         "type":"country"
      },
      {
         "label":"SE",
         "id":"SE",
         "type":"country"
      },
      {
         "policyType":"ANOMALY_DETECTION",
         "id":"60233090e39f5c3e5a17877a",
         "label":"Impossible travel",
         "type":"policyRule"
      },
      {
         "pa":"[email protected]",
         "saas":11161,
         "entityType":1,
         "inst":0,
         "label":"tango bango",
         "id":"[email protected]",
         "type":"account"
      },
      {
         "label":"[email protected]",
         "id":"[email protected]",
         "type":"user"
      }
   ],
   "idValue":15859716,
   "isPreview":false,
   "isSystemAlert":false,
   "severityValue":1,
   "statusValue":0,
   "stories":[
      0
   ],
   "threatScore":0,
   "timestamp":1613003330378,
   "title":"Impossible travel activity",
   "comment":"closed by Indrajeet",
   "handledByUser":"[email protected]",
   "resolveTime":"2021-02-13T08:55:02.240Z",
   "URL":"https://qrrush.portal.cloudappsecurity.com/#/alerts/60255329369efb920b8e8e4f",
   "error":null,
   "has_error":false
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem