Flow is a workflow automation tool07-03-2019 0 Comment(s)
For those of you unfamiliar, Flow is a workflow automation tool that is very easy to use and allows you to build an automated (if this, then that) scenario extremely quickly. In fact, this being my first foray into Flow, it took me less than an hour to get my scenario up and running – it does help if you have a basic understanding of coding logic because then you should be very familiar with concepts such as variables, operators, loops and conditions but there is really no previous knowledge required. It has an already huge library of connectors that will allow you to build out all kinds of complex scenarios – in an easy way.
So, what’s the scenario to increase protection for the exec? When alert gets raised on a machine owned by a high value target, we will launch a workflow to take some proactive response actions and escalate to another tier – after a quick triage. The aim is to increase protection but not by increasing operational effort. It uses some lower impact response actions that should not negatively impact user experience (too much) and it promises to lower response time considerably.
Now for action A. We’ve now filtered so we have the machines that have the “VIP” tag so we reduce some noise but since this could be multiple machines I need to specify I wish to focus on a single alert and deal with those individually. We add another Action (Get single alert) that retrieves a single alert in the context of the machines retrieved earlier (nested logic).
No Comments to Show