Note
We’ve renamed Microsoft Cloud App Security. It’s now called Microsoft Defender for Cloud Apps. In the coming weeks, we’ll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.
Run the GET request to fetch a list of continuous reports.
HTTP request
HTTP
GET api/discovery/streams/
Example
Request
Here is an example of the request.
HTTP
curl -XGET -H "Authorization:Token <your_token_key>" "https://<tenant_id>.<tenant_region>.contoso.com/api/discovery/streams/"
Response
Returns a list of continuous reports in JSON format.
JSON
{
"anonymizeUsers": false,
"displayName": "dependency_udp",
"logType": 223,
"receiverType": "syslog",
"protocol": "udp",
"streamType": 1,
"isManual": false,
"created": "2020-12-16T17:23:40.687Z",
"lastModified": "2021-01-05T13:41:36.104Z",
"logFilesHistoryCount": 2,
"supportedEntityTypes": [],
"supportedTrafficTypes": [1],
"lastAlertProcessingTime": 1609853011480,
"lastDataReceived": "2020-12-18T06:33:32.908Z",
"logFilesFailsCount": 2,
"currentServicesCollectionName": "discovery_services",
"globalAggregated": true,
"readTimeFramesFromSecond": true,
"timeFrames2": {},
"validTimeFrames2": [],
"timeFrames": {},
"validTimeFrames": [],
"timeWithoutLogs": 0,
"sourceStreams": []
}
The response object defines the following properties. Properties marked as optional may not appear for some continuous reports.
| Field name | Field type | Field description |
|---|---|---|
| anonymizeMachines (optional) | boolean | true if machine information is anonymized |
| anonymizeUsers (optional) | boolean | true if user information is anonymized |
| builtInStreamType (optional) | int | The built-in type of the continuous report. Possible values are: 0: PROXY 1: WINDOWS_DEFENDER |
| comment (optional) | string | The comment/description of the continuous report |
| created | date | The creation date of the continuous report |
| displayName | string | The display name of the continuous report |
| enableActivityGeneration (optional) | boolean | true if the continuous report is viewable in the (Investigate >) Activity log page after new data is processed |
| enableTrafficLog (optional) | boolean | true if the continuous report is viewable in the (Investigate > Activity log >) Investigate in Web traffic log page after new data is processed |
| isManual (optional) | boolean | true if the continuous report is manual configured |
| globalAggregated | boolean | true if the continuous report data is aggregated into the global report |
| lastDataReceived | date | The date that data was last received |
| lastModified | date | The date the continuous report was last modified |
| logFilesHistoryCount (optional) | int | Count of log files history |
| logType | int | The log type of the continuous report. For possible values, see Supported log types |
| protocol (optional) | string | The protocol (TCP, UDP) used by the continuous report |
| readTimeFramesFromSecond | boolean | A reference to which data set is holding the latest consisted aggregated data (that is visible in the portal). true if ‘timeFrames2’ is the relevant data set, false if ‘timeFrames’ is the relevant data set. |
| receiverType | string | The receiver type of the continuous report. Possible values include: syslog and ftp |
| snapshotData (optional) | boolean | true if the data is from snapshot report |
| streamType | int | The type of the continuous report. Possible values are: 1: INPUT (continuous report automatically created by log collector or data source) 3: VIEW (continuous report manually created in the portal) 5: PREVIEW (one-time continuous report created by snapshot report) |
| supportedEntityTypes | list | An array of discovery entity types. Possible values are: 0: INVALID 1: USER_NAME 2: IP_ADDRESS 3: MACHINE_NAME 4: RESOURCE |
| supportedTrafficTypes | list | An array of traffic types. Possible values are: 0: INVALID 1: TOTAL_BYTES 2: DOWNLOADED_BYTES 3: UPLOADED_BYTES |
| timeFrames/timeframes2 | list | An array of time frame objects for the last 7, 30, or 60 days with totals such as: Machine names count or IP addresses count |
| userTags | list | An array of user tags |
Supported log types
The following log types are currently supported:
| ID | Log type |
|---|---|
| 0 | INVALID |
| 1 | OTHER |
| 100 | LOG_3COM |
| 101 | BARRACUDA |
| 102 | BLUECOAT |
| 103 | CHECKPOINT |
| 104 | CISCO_ASA |
| 105 | CISCO_SSL_WEBVPN_OR_SVC_VPN |
| 106 | CISCO_IRONPORT_PROXY |
| 107 | CISCO_NETFLOW |
| 108 | FORTIGATE |
| 109 | JUNIPER_NETWORKS |
| 110 | GREENPLUM |
| 111 | MICROSFOT_ISA |
| 112 | PALO_ALTO |
| 113 | SONICWALL |
| 114 | SQUID |
| 115 | SUN_MICROSYSTEMS_SUNSCREEN_FIREWALL |
| 116 | SURICATA |
| 117 | SYMANTEC_WEB_SECURITY_CLOUD |
| 118 | WEBSENSE |
| 119 | WATCH_GUARD |
| 120 | ZSCALER |
| 121 | MCAFEE_SWG |
| 122 | HP_TIPPING_POINT |
| 123 | HP_NETWORKING |
| 124 | CISCO_SCAN_SAFE |
| 125 | CHECKPOINT_OPSEC_LEA |
| 126 | PALO_ALTO_SYSLOG |
| 127 | METADATA_ACTIVE_DIRECTORY_LOGIN |
| 128 | COX_SYSLOG |
| 129 | JUNIPER_SRX |
| 130 | SOPHOS_SG |
| 131 | METADATA_HPE_LOGIN |
| 132 | METADATA_CISCO_ISE |
| 133 | CISCO_IRONPORT_PROXY_SYSLOG |
| 134 | ZSCALER_NESTLE |
| 135 | WEBSENSE_V7_5 |
| 136 | FORTIGATE_SYSLOG |
| 137 | PAN_DELOITTE |
| 138 | WEBSENSE_SIEM_CEF |
| 139 | BLUECOAT_SYSLOG |
| 140 | CHECKPOINT_SYSLOG |
| 141 | CISCO_ASA_SYSLOG |
| 142 | CISCO_SCAN_SAFE_SYSLOG |
| 143 | ZSCALER_SYSLOG |
| 144 | MCAFEE_SWG_SYSLOG |
| 145 | CHECKPOINT_OPSEC_LEA_SYSLOG |
| 146 | SQUID_SYSLOG |
| 147 | JUNIPER_SRX_SYSLOG |
| 148 | SOPHOS_SG_SYSLOG |
| 149 | MICROSFOT_ISA_SYSLOG |
| 150 | WEBSENSE_SYSLOG |
| 151 | WEBSENSE_V7_5_SYSLOG |
| 152 | WEBSENSE_SIEM_CEF_SYSLOG |
| 153 | MACHINE_ZONE_MERAKI |
| 154 | MACHINE_ZONE_MERAKI_SYSLOG |
| 155 | SQUID_NATIVE |
| 156 | SQUID_NATIVE_SYSLOG |
| 157 | CISCO_FWSM |
| 158 | CISCO_FWSM_SYSLOG |
| 159 | MICROSOFT_ISA_W3C |
| 160 | SONICWALL_SYSLOG |
| 161 | MICROSOFT_ISA_W3C_SYSLOG |
| 162 | SOPHOS_CYBEROAM |
| 163 | SOPHOS_CYBEROAM_SYSLOG |
| 164 | CLAVISTER |
| 165 | CLAVISTER_SYSLOG |
| 166 | BARRACUDA_SYSLOG |
| 167 | CUSTOM_PARSER |
| 168 | JUNIPER_SSG |
| 169 | JUNIPER_SSG_SYSLOG |
| 170 | ZSCALER_QRADAR |
| 171 | ZSCALER_QRADAR_SYSLOG |
| 172 | JUNIPER_SRX_SD |
| 173 | JUNIPER_SRX_SD_SYSLOG |
| 174 | JUNIPER_SRX_WELF |
| 175 | JUNIPER_SRX_WELF_SYSLOG |
| 176 | ADALLOM_PROXY_RAW_TRAFFIC |
| 177 | CISCO_ASA_FIREPOWER |
| 178 | CISCO_ASA_FIREPOWER_SYSLOG |
| 179 | GENERIC_CEF |
| 180 | GENERIC_CEF_SYSLOG |
| 181 | GENERIC_LEEF |
| 182 | GENERIC_LEEF_SYSLOG |
| 183 | GENERIC_W3C |
| 184 | GENERIC_W3C_SYSLOG |
| 185 | I_FILTER |
| 186 | I_FILTER_SYSLOG |
| 187 | CHECKPOINT_XML |
| 188 | CHECKPOINT_XML_SYSLOG |
| 189 | CHECKPOINT_SMART_VIEW_TRACKER |
| 190 | CHECKPOINT_SMART_VIEW_TRACKER_SYSLOG |
| 191 | BARRACUDA_NEXT_GEN_FW |
| 192 | BARRACUDA_NEXT_GEN_FW_SYSLOG |
| 193 | BARRACUDA_NEXT_GEN_FW_WEBLOG |
| 194 | BARRACUDA_NEXT_GEN_FW_WEBLOG_SYSLOG |
| 195 | WDATP |
| 196 | ZSCALER_CEF |
| 197 | ZSCALER_CEF_SYSLOG |
| 198 | SOPHOS_XG |
| 199 | SOPHOS_XG_SYSLOG |
| 200 | IBOSS |
| 201 | IBOSS_SYSLOG |
| 202 | FORCEPOINT |
| 203 | FORCEPOINT_SYSLOG |
| 204 | FORTIOS |
| 205 | FORTIOS_SYSLOG |
| 206 | CISCO_IRONPORT_WSA_II |
| 207 | CISCO_IRONPORT_WSA_II_SYSLOG |
| 208 | PALO_ALTO_LEEF |
| 209 | PALO_ALTO_LEEF_SYSLOG |
| 210 | FORCEPOINT_LEEF |
| 211 | FORCEPOINT_LEEF_SYSLOG |
| 212 | STORMSHIELD |
| 213 | STORMSHIELD_SYSLOG |
| 214 | CONTENTKEEPER |
| 215 | CONTENTKEEPER_SYSLOG |
| 216 | CISCO_IRONPORT_WSA_III |
| 217 | CISCO_IRONPORT_WSA_III_SYSLOG |
| 218 | CHECKPOINT_CEF |
| 219 | CHECKPOINT_CEF_SYSLOG |
| 220 | CORRATA |
| 221 | CORRATA_SYSLOG |
| 222 | CISCO_FIREPOWER_V6 |
| 223 | CISCO_FIREPOWER_V6_SYSLOG |
| 224 | MENLO_SECURITY_CEF |
| 225 | WATCHGUARD_XTM |
| 226 | WATCHGUARD_XTM_SYSLOG |
If you run into any problems, we’re here to help. To get assistance or support for your product issue, please open a support ticket.
Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team
(Visited 10 times, 1 visits today)