If you are using the Cloud App Security (CAS) service, you can connect Microsoft Flow to it in order to automate actions like generating ticket in SIEM system, send notification to user and/or manager, disable account…
To do so you must, off course, have an active Cloud App Security and Flow subscription.
Then you need to generate a token to allow Flow to connect to CAS
- Connect to your Cloud App Security management portal (https://portal.cloudappsecurity.com) and reach out the Settings\Security Extension\API Token menu
- Save the generated token as it will be needed when you will setup the Flow connection with CAS
- Connect to your Flow management portal (https://flow.microsoft.com) to create a connection to your CAS using either the Connectors and search for Cloud App Security
- Then click on the When an alert is generated button and fill the Connection Name and API Key fields (use the token value created earlier)
- Then you can configure your Flow to define what actions/steps need to be executed when an alert is generated from CAS