Workflow for Advanced Threat Protection when a blob is scanned

%3CLINGO-SUB%20id%3D%22lingo-sub-1435843%22%20slang%3D%22en-US%22%3EWorkflow%20for%20Advanced%20Threat%20Protection%20when%20a%20blob%20is%20scanned%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1435843%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20it%20possible%20to%20create%20a%20logic%20app%20or%20function%20which%20is%20triggered%20each%20time%20Advanced%20Threat%20Protecton%20scans%20a%20blob%20for%20malware%3F%26nbsp%3BI%20am%20aware%20of%20that%20ATP%20will%20create%20an%20alert%20in%20security%20center%20if%20the%20blob%20is%20detected%20as%20malware.%20However%2C%20it%20is%20hard%20to%20know%20if%20a%20blob%20has%20been%20scanned%20and%20not%20been%20flagged%20as%20malware.%20What%20i%20am%20looking%20for%20is%20a%20way%20to%20mark%20the%20blobs%20which%20have%20passed%20the%20malware%20scan%20done%20by%20ATP.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20idea%5Csolution%20for%20achieving%20this%20under%20current%20ATP%20support%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1457756%22%20slang%3D%22en-US%22%3ERe%3A%20Workflow%20for%20Advanced%20Threat%20Protection%20when%20a%20blob%20is%20scanned%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1457756%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F684559%22%20target%3D%22_blank%22%3E%40pit3445%3C%2FA%3E%26nbsp%3BTry%20reaching%20out%20to%20the%20Information%20Protection%20of%20Azure%20community%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.yammer.com%2Faskipteam%2F%23%2Fhome%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.yammer.com%2Faskipteam%2F%23%2Fhome%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThey%20should%20be%20able%20to%20answer%20your%20question!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EJason%20Cohen%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Established Member

Is it possible to create a logic app or function which is triggered each time Advanced Threat Protecton scans a blob for malware? I am aware of that ATP will create an alert in security center if the blob is detected as malware. However, it is hard to know if a blob has been scanned and not been flagged as malware. What i am looking for is a way to mark the blobs which have passed the malware scan done by ATP.  

 

Any idea\solution for achieving this under current ATP support?

1 Reply
Highlighted

@pit3445 Try reaching out to the Information Protection of Azure community here: https://www.yammer.com/askipteam/#/home

They should be able to answer your question!

 

Thanks,


Jason Cohen