Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Flow - Defender ATP alert email template
<!-- Windows Defender ATP e-mail alert template -->
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><style>
.alertTable {
width:750px;
background-color:white;
border-spacing:5px;
font-size:16px;
border:0;
}
.alertTable td {
padding:10px;
}
.property{
background-color:#002060;
width:30%;
color:white;
height: 20px;
padding:5px;
}
.tableHeader{
background-color:#a80000;
text-align:center;
font-size:32px;
color:white;
padding:10px;
}
/* unvisited link */
.property a:link {
color: white;
}
/* visited link */
.property a:visited {
color: white;
}
</style>
</head>
<body style="font-size: 11px; font-family: Segoe UI, arial, sans-serif;">
<div>
<table class="alertTable" align="center">
<tr>
<td colspan="2" class="tableHeader">
Windows Defender Advanced Threat Protection New Alert Detection
</td>
</tr>
<tr>
<td class="property">Title</td>
<td> @{body('Get_single_alert')?['title']} </td>
</tr>
<tr>
<td class="property">Status</td>
<td>@{body('Get_single_alert')?['status']}</td>
</tr>
<tr>
<td class="property">Severity</td>
<td>@{body('Get_single_alert')?['severity']}</td>
</tr>
<tr>
<td class="property">Category</td>
<td>@{body('Get_single_alert')?['category']}</td>
</tr>
<tr>
<td class="property">Detection Source</td>
<td>@{body('Get_single_alert')?['detectionSource']}</td>
</tr>
<tr>
<td class="property">Alert First Event Time</td>
<td>@{body('Get_single_alert')?['firstEventTime']}</td>
</tr>
<tr>
<td class="property">Threat Family Name</td>
<td>@{body('Get_single_alert')?['threatFamilyName']}</td>
</tr>
<tr>
<td class="property">Alert Classification</td>
<td>@{body('Get_single_alert')?['classification']}</td>
</tr>
<tr>
<td class="property">Description</td>
<td>@{body('Get_single_alert')?['description']}</td>
</tr>
<tr>
<td class="property">ID</td>
<td>@{body('Get_single_alert')?['id']}</td>
</tr>
<tr>
<td class="property">WDATP Alert Portal link</td>
<td> https://securitycenter.windows.com/alert/@{body('Get_single_alert')?['id']}</td>
</tr>
<tr>
<td class="property">Recommendation</td>
<td>@{body('Get_single_alert')?['recommendedAction']}</td>
</tr>
<tr>
<td class="property">Computername</td>
<td>@{body('Get_single_machine')?['computerDnsName']}</td>
</tr>
<tr>
<td class="property">Computer AAD Device ID</td>
<td> @{body('Get_single_machine')?['aadDeviceId']}</td>
</tr>
<tr>
<td class="property">Computer Health Status</td>
<td>@{body('Get_single_machine')?['healthStatus']}</td>
</tr>
<tr>
<td class="property">Computer Risk Score</td>
<td>@{body('Get_single_machine')?['riskScore']}</td>
</tr>
<tr>
<td class="property">Computer OS</td>
<td> @{body('Get_single_machine')?['osPlatform']} - @{body('Get_single_machine')?['osVersion']} - @{body('Get_single_machine')?['osBuild']}</td>
</tr>
<tr>
<td class="property">Computer IP Address</td>
<td>@{body('Get_single_machine')?['lastIpAddress']}</td>
</tr>
<tr>
<td class="property">Computer Machine ID </td>
<td>@{body('Get_single_alert')?['machineId']}</td>
</tr>
<tr>
<td class="property">WDATP Portal Computer Link </td>
<td> https://securitycenter.windows.com/machines/@{body('Get_single_alert')?['machineId']}</td>
</tr>
</table>
<table align="center" border="0" style="width: 750px; background-color: white;">
<tbody>
<tr>
<td style="border-top: solid 2px #898989;">
<!--FOOTER FOR TRANSACTIONAL EMAILS-->
<!-- FOOTER -->
<table class="aes-footer-content" style="-webkit-margin-start: 0px; -webkit-margin-end: 0px; width: 100%" border="0" cellpadding="0" cellspacing="0" align="center">
<tbody>
<tr>
<td valign="top" style="background-color: #dddddd; font-family:'Segoe UI', Verdana, Arial, sans-serif;font-size:10px;padding-top: 15px;padding-right: 10px;padding-bottom: 2px;padding-left: 10px;color:#000000">
<p align="left" style="margin-bottom:1em;">This message from Microsoft is an important part of a program, service, or product that you or your company purchased or participates in.</p>
<p align="left" style="margin-bottom:1em;">Microsoft respects your privacy. Please read our <a href="https://privacy.microsoft.com/en-us/privacystatement" style="color: #0066cc; text-decoration: underline;" title="Privacy Statement">Privacy Statement</a></p>
<p align="left" style="margin-bottom:2em;">Microsoft Corporation<br>
One Microsoft Way<br>
Redmond, WA 98052 USA
</p>
</td>
</tr>
</tbody>
</table>
<!-- /FOOTER -->
</td>
</tr>
</tbody>
</table>
</div>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.