Skip to content
This repository has been archived by the owner on Feb 13, 2024. It is now read-only.

2. Getting Started

Jump to bottom
Mike Kassis edited this page Jan 31, 2019 · 5 revisions

Install the module

The first thing is to install the module from the Powershell Gallery by launching an elevated Powershell prompt and running the following command:

 Install-Module MCAS

If you already have the module installed and just want to update to the latest version, launch an elevated Powershell prompt and run the following command:

 Update-Module MCAS

Set the credential for your MCAS tenant

The next step is to set a credential to be used to connect to MCAS. (Once the module is installed, you do not to use an elevated Powershell prompt.) To set the credential for MCAS for your Powershell session, run the following command:

 Get-MCASCredential -TenantUri <yourdomain>.<yourdatacenter>.portal.cloudappsecurity.com

Example: Get-MCASCredential -TenantUri contoso.us1.portal.cloudappsecurity.com

If you are unsure of your datacenter, click the '?' icon in the upper right of the console and click 'About' to locate this information.

When prompted for a password, enter the API token that you can get from the web console of MCAS. To get it, login to the MCAS web console, click on the gear icon in the upper right and choose "Security Extensions". Once there, click the blue "+" icon to generate a token, name it whatever you want, and copy the string to your clipboard. That token will have the same rights in MCAS as your user account. Paste the token into the credential prompt as the password for Get-MCASCredential. To validate that the credential is present in your session, run:

 $CASCredential

If you see output like the following, then the credential is present in your session. (Note that the credential is not authenticated until you attempt to use another cmdlet to interact with MCAS, so if you have a typo in the credential it won't be apparent until you attempt to use another cmdlet and it gives you an error.)

 UserName                                                Password
 --------                                                --------
 contoso.portal.cloudappsecurity.com System.Security.SecureString

Go do some stuff with MCAS

Now, you can use the remaining module cmdlets to interact with MCAS. A good first interaction, is to get open alerts with a medium or high severity status by running:

 Get-MCASAlert -Severity High,Medium -ResolutionStatus Open -ResultSetSize 100

Another good one to start with is to get the most recent 100 activities across all connected SaaS apps:

 Get-MCASActivity -SortBy Date -SortDirection Descending -ResultSetSize 100

More Examples: Get one item of each type

Accounts

Get-MCASAccount -ResultSetSize 1

Activities

Get-MCASActivity -ResultSetSize 1

Alerts

Get-MCASAlert -ResultSetSize 1

Files

Get-MCASFile -ResultSetSize 1

Happy hunting!!!

Scripting with the MCAS module

Clone this wiki locally