Skip to content

Convert Microsoft Cloud App Security events into EclecticIQ sightings

License

Notifications You must be signed in to change notification settings

KPN-CISO/MCAS-to-EIQ

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Introduction

MCAS-to-EIQ is a simple Python script that will connect to your Microsoft Cloud App Security instance, download all Events/Sightings from a given time period and import them into your EclecticIQ instance as Sightings.

For configuration options, refer to the README.md in the config/ directory.

Requirements

  • Python 3 (uses 'requests', 'urllib3', 'datetime')
  • EIQlib module from Sebastiaan Groot (eiqjson.py and eiqcalls.py)
  • An MCAS account with a valid API token
  • An EclecticIQ account (user+pass) and EIQ 'Source' token

Getting started

  • Clone the repository
  • Rename settings.py.sample file in the config/ directory to settings.py and update settings accordingly.
  • Run ./mcas_to_eiq.py -h for help/options

Options

Running ./mcas-to-eiq.py with -h will display help:

-v / --verbose will display progress/error info
-s / --simulate do not actually ingest anything into EclecticIQ, just pretend (useful with -v)
-d / --duplicate do not update the existing entity in EclecticIQ, but create duplicates (default: disabled)

Copyright

(c) 2020 Arnim Eijkhoudt and Sebastiaan Groot (for his great EIQ lib / submodule)

This software is GPLv3 licensed, except where otherwise indicated.

About

Convert Microsoft Cloud App Security events into EclecticIQ sightings

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages