Forum Discussion

lfk73's avatar
lfk73
Brass Contributor
Oct 21, 2019

Using flow Cloud App Security Alert trigger

I have a DLP rule in Offi e 365 that triggers an alert when PCI data is detected.  I want t use Flow to send an email to the person who owns the detected file\s, providing them the file name and location (this info is in the alerts when you view them in Cloud App Security) and asking them to remove the PCI data.

 

I setup the API token, a Cloud App Security trigger and then attached a basic email action to my and attached that to the alert as a Flow action just so I know when the DLP picks up PCI it runs the configured alert which then runs the configured Flow and I get the test email.  This works perfectly.

 

Next step then is to customize it to the file owner.  Here is where I'm having problems.  I need to put the file owner email address in the To field and at a minimum the file\s detected in the body.  My problem is I cant find any doco that explains what each of the dynamic content options actually are so I don't know which one give me the person and the file\s info.  I tried to just add all of them and wait for a triggered event but some I believe are arrays so it adds a "For each" action which I don't want.  How can i work out the dynamic content fields I need?

Resources