Integrating via Microsoft Power Automate

Microsoft Power Automate is a web-based service that allows end users to automate workflows for Office365 services and third-party services without writing code. This sample integration will show how you can use FireEye's Detection on Demand API to help secure your Outlook inbox from malicious emails. This is just one of many ways you can use Power Automate and Detection on Demand to secure your cloud apps.

Prerequisites

In order to follow along with this tutorial, you will need the following items:

A Microsoft Power Automate Account
A FireEye Detection on Demand API key
The flow template used in this tutorial

Import the flow template into Power Automate

Start by logging into Power Automate and navigating to "My Flows", where you will be able to import the flow template you downloaded.

import flow

Once you have imported the flow, click on it in your flows page and edit it.

edit flow

Initializing the variables

The flow is set up to activate if you receive an email with attachments in your inbox. If an email with one or more attachments is received, then the flow will initialize the DoD (Detection on Demand) API. The flow will only execute successfully if the API key is provided, so you will need to paste your API key into the "Value" field.

initialize API key

Scanning loop

Next, the flow will submit each attachment to the DoD API and then check the status of each submission every 10 seconds until the report is finished. The flow will check each report result, setting the malicious email flag to true if any of the reports detected a malicious file.

scanning loop

Taking action

The final step is to move the email to the trash folder if it contains a malicious attachment, as determined by the malicious email flag variable declared at the top of the flow. You can specify the email be moved to a different folder if you prefer, such as a "Quarantine" folder, but make sure you create the folder in your Outlook account first.

taking action

Summary

Microsoft Power Automate is an easy way to automate tasks in your Office365 environment without the need to write code or host it, and this template is a working example of how you can use security products like FireEye's Detection on Demand to add an additional layer of security to your workflow. Power Automate also offers connectors to many third party services, like Slack, SalesForce, and JIRA, allowing you to automate workflows for more than just Microsoft products.

overview