You’re offline. This is a read only version of the page.
Announcements
1
Hi Everyone,
I'm trying to use Power Automate to retrieve the Office 365 alert titled "A user clicked through to a potentially malicious URL", and send a notification, but I can't find the correct action to use to grab that alert.
I attempted to use the Graph Security action, but it doesn't seem to retrieve this type of alert.
Could you guide me on how to achieve this?
Thank you in advance for your help!
Trigger: Use a schedule-based trigger or any relevant trigger (e.g., recurrence every hour).
Action: HTTP Request: Add an HTTP action to call the Defender API. Configure it as follows: Method: GET URI: https://api.security.microsoft.com/api/alerts?$filter=title eq 'A user clicked through to a potentially malicious URL' Headers: Authorization: Bearer {Access_Token} Content-Type: application/json
Parse the Response: Use the Parse JSON action to extract relevant details from the API response. Paste the JSON schema (obtained from a sample response) into the Parse JSON step.
Condition: Add a condition to check if any alerts are returned. Example: @greater(length(body('Parse_JSON')), 0)
send Notification: If alerts exist, use actions such as Send an email (V2) or Post a message in Teams to notify the appropriate recipients.
thanks
Share
Report
All responses (
Answers (
