cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Memorable Member
Memorable Member

Tips: Alert RDP connection to servers by Microsoft Operations Management Suite with Microsoft Flow

I want to share "Alert RDP connection to server" flow

For automate security task by Microsoft Operations Management Suite with Microsoft Flow.

1.png

 

 At Microsoft Flow.

1. Trigger: Request

  JSON Schema:

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "alertname": {
      "type": "string"
    },
    "IncludeSearchResults": {
      "type": "boolean"
    },
    "SearchResults": {
      "type": "object",
      "properties": {
        "id": {
          "type": "string"
        },
        "__metadata": {
          "type": "object",
          "properties": {
            "top": {
              "type": "integer"
            },
            "RequestId": {
              "type": "string"
            },
            "Status": {
              "type": "string"
            },
            "NumberOfDocuments": {
              "type": "integer"
            },
            "StartTime": {
              "type": "string"
            },
            "LastUpdated": {
              "type": "string"
            },
            "ETag": {
              "type": "string"
            },
            "resultType": {
              "type": "string"
            },
            "aggregatedValueField": {
              "type": "string"
            },
            "aggregatedValueFields": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "aggregateGroupingFields": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "sum": {
              "type": "integer"
            },
            "max": {
              "type": "integer"
            },
            "total": {
              "type": "integer"
            },
            "requestTime": {
              "type": "integer"
            }
          },
          "required": [
            "top",
            "RequestId",
            "Status",
            "NumberOfDocuments",
            "StartTime",
            "LastUpdated",
            "ETag",
            "resultType",
            "aggregatedValueField",
            "aggregatedValueFields",
            "aggregateGroupingFields",
            "sum",
            "max",
            "total",
            "requestTime"
          ]
        },
        "value": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "Computer": {
                "type": "string"
              },
              "IpAddress": {
                "type": "string"
              },
              "Account": {
                "type": "string"
              },
              "Count": {
                "type": "integer"
              }
            },
            "required": [
              "Computer",
              "IpAddress",
              "Account",
              "Count"
            ]
          }
        }
      },
      "required": [
        "id",
        "__metadata",
        "value"
      ]
    }
  },
  "required": [
    "alertname",
    "IncludeSearchResults",
    "SearchResults"
  ]
}

2.  Apply to each ( Select an output from previous step = SelectResults.value )

3. Action: Send an push notification ( Subject = alertname: Computer from IpAddress by Account 2.png

 

 

 

At Microsoft Operations Management Suite.

1. Create new alert rule for RDP connection.

  Search Query:

  

EventID=4624 LogonTypeName="10 - RemoteInteractive" | measure count() as Count by Computer, IpAddress, Account

2. Webhook

  Yes,

  Webhook URL = URL of Request trigger in Microsoft Flow

  Include custom JSON payload = check

  Enter your custom JSON payload

  

{
"alertname":"#alertrulename",
"IncludeSearchResults":true
}

For Testing.

1. Install Microsoft Operations Management Suite Agent to your server.

2. Connect the server by RDP app.

3. Select "Test Webhook" on Alert Setting in Microsoft Operations Management Suite.

4. Check the result of your flow.

5. Check the notification of your phone.

 

Now, I can set some alert notification to my phone.

 

Regards,

Yoshihiro Kawabata

 

 

2 REPLIES 2
Highlighted
Community Support
Community Support

Re: Tips: Alert RDP connection to servers by Microsoft Operations Management Suite with Microsoft Fl

Hi @yoshihirok,

 

Thanks a lot for your continuous sharing on Flow. We appreciate your contribution on the community. I will try this out later.

 

Regards,

Mona

Community Support Team _ Mona Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Highlighted
Memorable Member
Memorable Member

Re: Tips: Alert RDP connection to servers by Microsoft Operations Management Suite with Microsoft Fl

Thank you too, @v-monli-msft

 

Microsoft Flow and Microsoft Operations Management Suite are both nice for making secure our servers.

 

Regards,

Yoshihiro Kawabata

Helpful resources

Announcements
firstImage

Super User Program Update

Three Super User rank tiers have been launched!

firstImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

firstImage

New & Improved Power Automate Community Cookbook

We've updated and improved the layout and uploading format of the Power Automate Cookbook!

thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

Top Solution Authors
Users online (6,488)