Forum Discussion
Maximilian Grandahl Lærum
Jul 24, 2019Brass Contributor
Use cases MDATP and Flow
Hi!
I'm curious as to what the community has created in Flow related to MDATP.
I've seen some blog posts about having email alerts on High cases, and a approve action where you can isolate the machine.
Is there any other awesome use cases out there someone wants to share?
- jloudenBrass Contributor
Maximilian Grandahl Lærum We have a few of the more basic flows around the alerts, eg alert comes through, start full scan, update 365 safe links\attachment and then tell wider team via ms teams and sms's.
We are planning on extending this one to update the firewalls \ Proxies to block access to the source url\ip based upon approval (via flow) from a nominated approver. We just have a preference to have human interaction before we start a deny cycle.