Skip to main content
All CollectionsTemplatesIntermediate
Remediate Alerts from Rules to External Address Adaptive Shield - Workflow Template
Remediate Alerts from Rules to External Address Adaptive Shield - Workflow Template

Remediate Adaptive Shield alerts generated from Outlook inboxes with email rules that forward email to external addresses using Slack

Updated over a week ago

The "Remediate Alerts from Rules to External Address Adaptive Shield" workflow template facilitates security administrators in mitigating risks associated with unauthorized email forwarding rules in Outlook. When Adaptive Shield detects alerts of email rules forwarding to external addresses, the workflow automates a response by polling the last 8 hours for relevant alerts. It then notifies administrators via Slack with remediation options such as notifying the user, disabling the user, or deleting the problematic email rule. This streamlined process empowers rapid response to potential security breaches and ensures swift enforcement of email security policies.

Use Cases

Application Security Operations , Remediate Web Security Alerts

Workflow Breakdown

  1. Poll Adaptive Shield for alerts within the last 8 hours and process the alert that matches the configured Security Check

  2. Gather the email of the Affected User and present remediation options to admins through Slack

  3. Process the remediation actions based on the slack response

  4. Provide feedback of the remediation steps back to the configured users in Slack

Vendors

Slack, Utils, HTTP, Microsoft Azure AD, Microsoft 365, Adaptive Shield

Workflow Output

Notify User of infraction, Disable User, Delete Email rule from users Outlook

Tips

Ensure that the Azure application has the proper permissions to perform the designated actions

Did this answer your question?