Use cases MDATP and Flow

Occasional Contributor

Hi!

 

I'm curious as to what the community has created in Flow related to MDATP. 

I've seen some blog posts about having email alerts on High cases, and a approve action where you can isolate the machine.

 

Is there any other awesome use cases out there someone wants to share?

1 Reply

@Maximilian Grandahl Lærum We have a few of the more basic flows around the alerts,  eg alert comes through, start full scan, update 365 safe links\attachment and then tell wider team via ms teams and sms's.

 

We are planning on extending this one to update the firewalls \ Proxies to block access to the source url\ip based upon approval (via flow) from a nominated approver. We just have a preference to have human interaction before we start a deny cycle.