The "Remediate Alerts from Rules to External Address Adaptive Shield" workflow template facilitates security administrators in mitigating risks associated with unauthorized email forwarding rules in Outlook. When Adaptive Shield detects alerts of email rules forwarding to external addresses, the workflow automates a response by polling the last 8 hours for relevant alerts. It then notifies administrators via Slack with remediation options such as notifying the user, disabling the user, or deleting the problematic email rule. This streamlined process empowers rapid response to potential security breaches and ensures swift enforcement of email security policies.
Use Cases
Application Security Operations , Remediate Web Security Alerts
Workflow Breakdown
Poll Adaptive Shield for alerts within the last 8 hours and process the alert that matches the configured Security Check
Gather the email of the Affected User and present remediation options to admins through Slack
Process the remediation actions based on the slack response
Provide feedback of the remediation steps back to the configured users in Slack
Vendors
Slack, Utils, HTTP, Microsoft Azure AD, Microsoft 365, Adaptive Shield
Workflow Output
Notify User of infraction, Disable User, Delete Email rule from users Outlook
Tips
Ensure that the Azure application has the proper permissions to perform the designated actions