Hey all, I'm wondering what you think of this PowerAutomate idea. I don't have access to the product with a personal account, but would like to know if its a flow that could be set up. Any insight would be great to I can better understand its capabilities and follow the right path.
One way I see AI helping the companies infosec is with Power Automate & Defender. When there's a high-sev detection, add a custom group to the user with attached GPOs for verbose auditing. Deploy Sysmon to suspected devices upon notification approval. Extend that with custom SPL & KQL to monitor DNS, outbound, and internal auth/traffic. Include stats for beaconing & tunneling. Last, use Live Response library for custom powershell scripts, get Event Logs -1h, and Collect Investigation Package.