Home

Alert Handing

%3CLINGO-SUB%20id%3D%22lingo-sub-987903%22%20slang%3D%22en-US%22%3EAlert%20Handing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-987903%22%20slang%3D%22en-US%22%3E%3CP%3Esince%20we%20have%20connected%20Azure%20Security%20Center%2C%20Office%20Security%20Center%20and%20Cloud%20app%20Security%20%2C%20we%20now%20have%20to%20close%20alerts%20in%20multiple%20places.%20How%20are%20you%20handing%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-991287%22%20slang%3D%22en-US%22%3ERe%3A%20Alert%20Handing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-991287%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324992%22%20target%3D%22_blank%22%3E%40capsec_1101%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollowing..%3C%2FP%3E%3CP%3EExperts%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUse%20Case%20in%20MCAS%3A%20An%20alert%20is%20triggered%20based%20on%20the%20policy%26nbsp%3B%3CSPAN%3E%26nbsp%3Bwhich%20needs%20user%20intervention%20to%20confirm%20the%20same.%20There%20is%20a%20flow%20that%20triggers%20an%20alert%20to%20the%20user%2C%20and%20user%20responds%20to%20it%20accordingly%20and%20SNOW%20ticket%20is%20generated%20and%20based%20on%20user%20response%20the%20alert%20is%20dismissed%2F%20resolved%20in%20MCAS.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FEnterprise-Mobility-Security%2FAutomating-Security-workflows-with-Microsoft-s-CASB-and-MS-Flow%2Fba-p%2F308575%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FEnterprise-Mobility-Security%2FAutomating-Security-workflows-with-Microsoft-s-CASB-and-MS-Flow%2Fba-p%2F308575%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20do%20we%20achieve%20the%20same%20in%20Sentinel%3F%20Would%20it%20be%20possible%20to%20create%20the%20same%20flow%20on%20Sentinel%20instead%20of%20MCAS%20using%20Logic%20Apps%20which%20would%20take%20up%20the%20compromised%20entity%20and%20trigger%20a%20mail%20for%20user%20response(Cloud%20App%20Security%20connector%20seems%20to%20be%20missing%20or%20did%20I%20not%20search%20it%20thoroughly)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
capsec_1101
Regular Visitor

since we have connected Azure Security Center, Office Security Center and Cloud app Security , we now have to close alerts in multiple places. How are you handing this?

1 Reply

@capsec_1101 

 

Following..

Experts,

 

Use Case in MCAS: An alert is triggered based on the policy  which needs user intervention to confirm the same. There is a flow that triggers an alert to the user, and user responds to it accordingly and SNOW ticket is generated and based on user response the alert is dismissed/ resolved in MCAS.

 

https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Automating-Security-workflows-wi...

 

How do we achieve the same in Sentinel? Would it be possible to create the same flow on Sentinel instead of MCAS using Logic Apps which would take up the compromised entity and trigger a mail for user response(Cloud App Security connector seems to be missing or did I not search it thoroughly)?

 

Thanks

 

 

 

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies