Forum Discussion

Dan Michelson's avatar
Dan Michelson
Icon for Microsoft rankMicrosoft
Jun 01, 2019

Automate machine isolation with MDATP and Microsoft Flow - YouTube MVP Demo

Learn how to automate suspicious machine isolation with MDATP and Microsoft Flow. https://www.youtube.com/watch?v=uT2RQf_uPKA   We are proud of our Security MVPs   Dan Michelson , @da...
Joe Stern's avatar
Joe Stern
Iron Contributor
Jun 03, 2019

What is a good way to test this flow? The downloads from https://demo.wd.microsoft.com all generate Informational severity alerts. 

Dan Michelson's avatar
Dan Michelson
Icon for Microsoft rankMicrosoft
Jun 03, 2019

Joe Stern 

 

Have you tried our "Simulations and Tutorials"?

On the upper right side of the MDATP portal you'll find the "?" menu. There you may pick the Simulations menu item and try different scenarios. Most of the attack scenarios will create the alerts you're looking for.

 

Please share your feedback.

  • Joe Stern's avatar
    Joe Stern
    Iron Contributor
    Jun 03, 2019
    Thanks, Dan. The fileless PowerShell scenario on that page triggered my flow successfully; I'm hoping never to see a real one but I will ready when it comes.

Resources