Skip to content
This repository has been archived by the owner on Feb 13, 2024. It is now read-only.

2. Getting Started

Jump to bottom
Jared edited this page Mar 14, 2017 · 5 revisions

Install the module

The first thing is to install the module from the Powershell Gallery by launching an elevated Powershell prompt and running the following command:

 Install-Module Cloud-App-Security

If you already have the module installed and just want to update to the latest version, launch an elevated Powershell prompt and run the following command:

 Update-Module Cloud-App-Security

Set the credential for your MCAS tenant

The next step is to set a credential to be used to connect to MCAS. (Once the module is installed, you do not to use an elevated Powershell prompt.) To set the credential for MCAS for your Powershell session, run the following command:

 Get-MCASCredential -TenantUri contoso.portal.cloudappsecurity.com

When prompted for a password, enter the API token that you can get from the web console of MCAS. To get it, login to the MCAS web console, click on the person silhouette in the upper right, then the gear next to your user name, then "API token" on the left. Once there, click "Generate new token" to generate a token, name it whatever you want, and copy the hex string to your clipboard. That token will have the same rights in MCAS as your user account. Paste the hex string into the credential prompt as the password for Get-CASCredential. To validate that the credential is present in your session, run:

 $CASCredential

If you see output like the following, then the credential is present in your session. (Note that the credential is not authenticated until you attempt to use another cmdlet to interact with MCAS, so if you have a typo in the credential it won't be apparent until you attempt to use another cmdlet and it gives you an error.)

 UserName                                                Password
 --------                                                --------
 contoso.portal.cloudappsecurity.com System.Security.SecureString

Go do some stuff with MCAS

Now, you can use the remaining module cmdlets to interact with MCAS. A good first interaction, is to get open alerts with a medium or high severity status by running:

 Get-MCASAlert -Severity High,Medium -ResolutionStatus Open -ResultSetSize 10000

Another good one to start with is to get the most recent 100 activities across all connected SaaS apps:

 Get-MCASActivity -SortBy Date -SortDirection Descending -ResultSetSize 100

More Examples: Get one item of each type

Accounts

Get-MCASAccount -ResultSetSize 1

Activities

Get-MCASActivity -ResultSetSize 1

Alerts

Get-MCASAlert -ResultSetSize 1

Files

Get-MCASFile -ResultSetSize 1

Happy hunting!!!

Clone this wiki locally