Integrate with Flow for custom alert automation
Applies to: Microsoft Cloud App Security
Cloud App Security integrates with Microsoft Flow to provide custom alert automation and orchestration playbooks. By using the ecosystem of connectors available in Microsoft Flow, you can automate the triggering of playbooks when Cloud App Security generates alerts. For example, automatically create an issue in ticketing systems using ServiceNow connector or send an approval email to execute a custom governance action when an alert is triggered in Cloud App Security.
- You must have a valid Microsoft Flow plan
How it works
On its own, Cloud App Security provides predefined governance options such as suspend user or make file private when defining policies. By creating a playbook in Microsoft Flow using Cloud App Security connector, you can create workflows to enable customized governance options for your policies. After the playbook is created in Flow, simply associate it with a policy in Cloud App Security to send alerts to Flow. Microsoft Flow offers several connectors and conditions to create a customized workflow for your organization.
The Cloud App Security connector in Flow supports automated trigger and actions. Flow is triggered automatically when Cloud App Security generates an alert. Actions include changing the alert status in Cloud App Security.
How to create playbooks with Microsoft Flow
Create an API token in Cloud App Security.
In search connectors and triggers, type Cloud App Security and select When an alert is generated.
Under Authentication settings, paste the API token from step 1.
Define the workflow that should be triggered when a policy in Cloud App Security generates an alert. You can add an action, logical condition, switch case conditions or loops and save the playbook.
In the Cloud App Security portal, go to Policies and in the row of the policy whose alerts you want to forward to Flow, click the three dots and select Settings.
Under Alerts, select Send Alerts to Flow and choose the name of playbook from the dropdown menu.
Cloud App Security playbooks that you’ve authored or are granted access to can be seen in the Security extensions screen.