Power Platform Community Forum Thread Details

Hi Everyone,

I'm trying to use Power Automate to retrieve the Office 365 alert titled "A user clicked through to a potentially malicious URL", and send a notification, but I can't find the correct action to use to grab that alert.

I attempted to use the Graph Security action, but it doesn't seem to retrieve this type of alert.

Could you guide me on how to achieve this?

Thank you in advance for your help!

Categories:

Building flows

Hi CU15011824-0

To retrieve the specific alert, use the Microsoft 365 Defender Alerts API. https://api.security.microsoft.com/api/alerts

Trigger: Use a schedule-based trigger or any relevant trigger (e.g., recurrence every hour).

Action: HTTP Request: Add an HTTP action to call the Defender API. Configure it as follows: Method: GET URI: https://api.security.microsoft.com/api/alerts?$filter=title eq 'A user clicked through to a potentially malicious URL' Headers: Authorization: Bearer {Access_Token} Content-Type: application/json

Parse the Response: Use the Parse JSON action to extract relevant details from the API response. Paste the JSON schema (obtained from a sample response) into the Parse JSON step.

Condition: Add a condition to check if any alerts are returned. Example: @greater(length(body('Parse_JSON')), 0)

send Notification: If alerts exist, use actions such as Send an email (V2) or Post a message in Teams to notify the appropriate recipients.

thanks