Playbooks with MDCA
I am attempting to integrate MDCA alerts with freshdesk as per the e.g. https://learn.microsoft.com/en-us/defender-cloud-apps/flow-integration I have E5 without teams licenses. I created the flow, Once from playbooks in MDCA portal and once in power automate directly and went to create a policy to test it out but the option "Sent to power automate" from the policy is always greyed out. Alerts are not automatically detected in the flow unless the action in the policy is set to send to power automate which again is greyed as option in the policies. Also playbooks tab in the MDCA portal does not show the flows I created before, It shows empty, Seems link is broken between MDCA and PowerAutomate. Any reason for this, Any Idea about this? Thanks in advance.
New blog post | One click to cover containers & Kubernetes in Defender CSPM (agentless)
Defender CSPM contextual security capabilities assists security teams in the reduction of the risk of impactful breaches. Defender CSPM uses environment context to perform a risk assessment of your security issues. Defender CSPM identifies the biggest security risk issues, while distinguishing them from less risky issues. One click to cover containers & Kubernetes in Defender CSPM (agentless) - Microsoft Community Hub
Submit same file twice get different results
Not sure if here is the right place to post this message. I have a c++ program build with Visual Studio 2017. I uploaded the exe file to security intelligence, and got "No malware detected" for both client and cloud protection, but after a while when I clicked the "Rescan Submission" button, it instantly showed "Program:Win32/Wacapew.C!ml " under cloud protection. The strange thing is, I uploaded the same file again as developer, it finally showed "No malware detected" after period of time waiting. How could this happen, same file got different results, really frustrating.alert on External Sharing event
I'm trying to create an alert that will inform Security team on External Sharing event from Teams. I found that there are some controls over SharePoint and then some Activity Types related to sharing... but I don't know what each of this action means and how to narrow down to only 'external sharing'? - is there detailed documentation describing each Action Type for each App? - how distinguish between external/internal? thx!
