cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

functionality of "Isolate machine using Windows Defender upon a Cloud App Security alert" template

thezero
Copper Contributor

‎Aug 12 2021 01:00 AM

‎Aug 12 2021 01:00 AM

functionality of "Isolate machine using Windows Defender upon a Cloud App Security alert" template

Hello guys,

I wanted to try out the integration of cloud app security in microsoft flow/power automate and wanted to test the "Isolate machine using Windows Defender upon a Cloud App Security alert" template. 

The template doesn't work because the ATP Advanced Hunting query step inside the flow always fails. So I tried the query that is used for that step in the Microsoft 365 Security Center and it doesn't work because the table "LogonEvents" doesn't exist anymore. So I wanted to ask if there are any alternatives to still make the template work. I tried it with DeviceLogonEvents and IdentityLogonEvents but they don't seem to support the same features.

 

Best regards

 

Salomo

661 Views
0 Likes
0 Replies
Reply
0 Replies