Created
March 17, 2019 20:13
-
-
Save alexverboon/ad2e37d3cc21065f235abd995c59a7bd to your computer and use it in GitHub Desktop.
Flow - Defender ATP alert email template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- Windows Defender ATP e-mail alert template --> | |
| <html><head> | |
| <meta http-equiv="Content-Type" content="text/html; charset=utf-8"><style> | |
| .alertTable { | |
| width:750px; | |
| background-color:white; | |
| border-spacing:5px; | |
| font-size:16px; | |
| border:0; | |
| } | |
| .alertTable td { | |
| padding:10px; | |
| } | |
| .property{ | |
| background-color:#002060; | |
| width:30%; | |
| color:white; | |
| height: 20px; | |
| padding:5px; | |
| } | |
| .tableHeader{ | |
| background-color:#a80000; | |
| text-align:center; | |
| font-size:32px; | |
| color:white; | |
| padding:10px; | |
| } | |
| /* unvisited link */ | |
| .property a:link { | |
| color: white; | |
| } | |
| /* visited link */ | |
| .property a:visited { | |
| color: white; | |
| } | |
| </style> | |
| </head> | |
| <body style="font-size: 11px; font-family: Segoe UI, arial, sans-serif;"> | |
| <div> | |
| <table class="alertTable" align="center"> | |
| <tr> | |
| <td colspan="2" class="tableHeader"> | |
| Windows Defender Advanced Threat Protection New Alert Detection | |
| </td> | |
| </tr> | |
| <tr> | |
| <td class="property">Title</td> | |
| <td> @{body('Get_single_alert')?['title']} </td> | |
| </tr> | |
| <tr> | |
| <td class="property">Status</td> | |
| <td>@{body('Get_single_alert')?['status']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Severity</td> | |
| <td>@{body('Get_single_alert')?['severity']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Category</td> | |
| <td>@{body('Get_single_alert')?['category']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Detection Source</td> | |
| <td>@{body('Get_single_alert')?['detectionSource']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Alert First Event Time</td> | |
| <td>@{body('Get_single_alert')?['firstEventTime']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Threat Family Name</td> | |
| <td>@{body('Get_single_alert')?['threatFamilyName']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Alert Classification</td> | |
| <td>@{body('Get_single_alert')?['classification']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Description</td> | |
| <td>@{body('Get_single_alert')?['description']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">ID</td> | |
| <td>@{body('Get_single_alert')?['id']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">WDATP Alert Portal link</td> | |
| <td> https://securitycenter.windows.com/alert/@{body('Get_single_alert')?['id']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Recommendation</td> | |
| <td>@{body('Get_single_alert')?['recommendedAction']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Computername</td> | |
| <td>@{body('Get_single_machine')?['computerDnsName']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Computer AAD Device ID</td> | |
| <td> @{body('Get_single_machine')?['aadDeviceId']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Computer Health Status</td> | |
| <td>@{body('Get_single_machine')?['healthStatus']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Computer Risk Score</td> | |
| <td>@{body('Get_single_machine')?['riskScore']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Computer OS</td> | |
| <td> @{body('Get_single_machine')?['osPlatform']} - @{body('Get_single_machine')?['osVersion']} - @{body('Get_single_machine')?['osBuild']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Computer IP Address</td> | |
| <td>@{body('Get_single_machine')?['lastIpAddress']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">Computer Machine ID </td> | |
| <td>@{body('Get_single_alert')?['machineId']}</td> | |
| </tr> | |
| <tr> | |
| <td class="property">WDATP Portal Computer Link </td> | |
| <td> https://securitycenter.windows.com/machines/@{body('Get_single_alert')?['machineId']}</td> | |
| </tr> | |
| </table> | |
| <table align="center" border="0" style="width: 750px; background-color: white;"> | |
| <tbody> | |
| <tr> | |
| <td style="border-top: solid 2px #898989;"> | |
| <!--FOOTER FOR TRANSACTIONAL EMAILS--> | |
| <!-- FOOTER --> | |
| <table class="aes-footer-content" style="-webkit-margin-start: 0px; -webkit-margin-end: 0px; width: 100%" border="0" cellpadding="0" cellspacing="0" align="center"> | |
| <tbody> | |
| <tr> | |
| <td valign="top" style="background-color: #dddddd; font-family:'Segoe UI', Verdana, Arial, sans-serif;font-size:10px;padding-top: 15px;padding-right: 10px;padding-bottom: 2px;padding-left: 10px;color:#000000"> | |
| <p align="left" style="margin-bottom:1em;">This message from Microsoft is an important part of a program, service, or product that you or your company purchased or participates in.</p> | |
| <p align="left" style="margin-bottom:1em;">Microsoft respects your privacy. Please read our <a href="https://privacy.microsoft.com/en-us/privacystatement" style="color: #0066cc; text-decoration: underline;" title="Privacy Statement">Privacy Statement</a></p> | |
| <p align="left" style="margin-bottom:2em;">Microsoft Corporation<br> | |
| One Microsoft Way<br> | |
| Redmond, WA 98052 USA | |
| </p> | |
| </td> | |
| </tr> | |
| </tbody> | |
| </table> | |
| <!-- /FOOTER --> | |
| </td> | |
| </tr> | |
| </tbody> | |
| </table> | |
| </div> | |
| </html> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, can you update the template, some value has changed when i apply your template i get an error!!! Great tutorial, it helped me a lot