Power Automate Integrated With Virus Total to Scan Files and Links

Remember Virus Total? Now you can integrate it with Power Automate to give real time URL and file analysis.

Virus Total in Power Automate. Now we can scan links or files and generate a report, right in Power Automate. Some examples may include: Links or files from Emails, Teams, Etc.

What is Virus Total

Virus Total is a free and powerful tool to scan Files, and Links. Virus Total uses the Hash of the File/URL and checks some of the most popular antivirus systems to generate a report. https://www.virustotal.com/

Prerequisites

This is a Premium connector
Note: These actions of the time of this blog, are in Preview.

Virus total has two types of API
Free (Public):
– The Public API is limited to 4 requests per minute and 1K requests per day.
– The Public API must not be used in commercial products or services.
– The Public API must not be used in business workflows that do not contribute new files.
Paid (Premium):
– The Premium API does not have request rate or daily allowance limitations, limits are governed by your licensed service step.
– The Premium API returns more threat data and exposes more endpoints and functionality.
– The Premium API is governed by an SLA that guarantees readiness of data.

Keep the above information in mind when using the API


To use the Virus Total connector, you must sign up on their site and get a token. To get the token, follow these steps:

First head over to https://www.virustotal.com/ and sign up for free
Next you will have to confirm your email address

Now once you can login to your account, you want to click your person logo in the top right, and select API key

Now copy the API key that you are given. That is it! Now you can use that Key to create a connection with the Virus Total Connector is Power Automate

Connection Setup

First, we make a connection to the Virus Total API.
In your Flow, add a new action, search for Virus Total.

Virus Total has a couple Actions here that are very powerful.
We will be using ‘Analyse an URL’ action for this demo.

All that is needed to create the connection is your API key from the prerequisites.

Connection name can be anything you want, for this demo I chose VirusTotalDemo

Now that we have the connection established we can build the Logic for analyzing a URL.

Building the Flow

I will be using a Button trigger, and a Variable to store the URL I want to analyze but I will go through some use cases at the end of this blog of how this can be implemented.

There are two main actions in the Virus Total connector I will be using:
– Analyse an URL
– Retrieve information about a file or URL analysis

I am using a string variable to store the URL.
Now we use the Virus total action called: Analyse an URL. This action only needs one input, the URL we want to analyse. This action outputs the ‘id’ for the analysis. We can use this ‘id’ in our next action.

Now we add the second Virus Total action called: Retrieve information about a file or URL analysis. This action wants the ‘id’ from the first step.

From here we get a bunch of cool dynamic content for the stats of this URL.. But for this demo, I will use the ‘stats’ dynamic content, this is a JSON object so I will add a Parse JSON action.
To get the schema, you can either copy my schema, or use {} inside your schema, and run the flow, than copy the outputs to ‘Generate from sample’

My schema is:

{
    "type": "object",
    "properties": {
        "harmless": {
            "type": "integer"
        },
        "malicious": {
            "type": "integer"
        },
        "suspicious": {
            "type": "integer"
        },
        "timeout": {
            "type": "integer"
        },
        "undetected": {
            "type": "integer"
        }
    }
}

From parsing the ‘stats’ object, I am able to check if the URL has any harmless, malicious, suspicious, or undetected reports. This information can be very useful.

Now I can add a If condition and control what kind of sites I want to classify as harmful or malicious. Here is my condition:

If URL has 3 or more report engines pick up the URL as Malicious, OR if the report has less than 50 harmless reports. That I am classifying this URL as BAD

Use Cases / Conclusion

I have only scratched the surface with Virus Total in this blog. I am sure lots of people can find a great use out of this. A great example of how this can be used:
Have users send files or URLS, which can get analyzed, to help with cyber security. Could trigger by:
– Flow bot in Teams
– Have a flow monitor a certain email, which can parse the body for URLS, and check for attachments

Thanks for reading!

Grab Azure Key Vault Secrets Securely

Using Azure Key Vault to pass in secrets into Flow for secure transportation of sensitive information

How are you using and storing sensitive usernames and passwords in Flow? We use usernames and passwords for so many different actions in Flow. One main use is in a HTTP action.

In scenarios like this, where do you store these usernames and passwords? This post will show how to use Azure Key Vault action to get a secret, which can be passed to any action securely using Secure Inputs and Outputs.

Prerequisites

  • Azure Subscription
  • Azure Key Vault setup
  • Key Vault Secret created
  • Premium License for Power Automate

Steps

Okay, now that we have the above prerequisites ready, lets get the Flow created

First we want to search for ‘Azure Key Vault‘ when adding a new action in our Flow. We will use the ‘Get Secret‘ action

When creating the connection, you will be asked for the Key Vault name. This is the display name that is in Azure.

Next, we add the name of the Secret we want to get. I also Initialize a variable to store the Secret in for easier reference later in my Flow

Inside the Variable, I select the Dynamic content Value.

Now, I run the Flow…

Oh Uh, that doesn’t look good.. Our Secret is wide open and visible in the run history. We can easily fix this.

On the Get secret action we want to enable Secure Outputs
We do this by:
Clicking the 3 dots on the Get Secret action,
Go into settings,
Enable Secure Outputs.
Click Done

Now when we run then Flow, the Secret value will be hidden from the run history, in all actions.

Thanks for reading!!
If you have any questions, please reach out.

Adding Security Roles and Field Security Profiles to Users in CDS using Power Automate

The Scenario

We will be adding a Security Role / Field Security Profile to users in CDS. For this demo, our scenario will be grabbing all the users from a Office365 group and assigning them a certain Security Role / Field Security Profile.

The source of the users can be from anywhere:
– MS Form
– SharePoint
– Array inside the Flow
– Excel Table
– AAD Group / Office365 Group

Prerequisites

We will be using the Common Data Service Current Environment connector. This means that our Flow, MUST be created inside a Solution.

You will need appropriate permissions to be able to assign Security Roles and Profiles to

Steps

INFORMATION:
This Flow will work the exact same to add Field Security Profiles instead of Security Roles. The only changes you have to make are in the List records – Get Security Role, and the Relate records – Security Role to User. The changes are listed in the captions of those images.

We use a Variable to store the name of the Security Role we want to add to the users.
Than use a List records action on the Entity Security Roles
In our Filter Query we will use:
name eq ‘ ‘
Since we are using a variable to store the name of the Security Role, we pass this into the Filter Query

Field Security Profile = Change Entity name to Field Security Profile

Next, add a Compose action, to get the Odata URL. This URL is how we will add the Security Role to the User later on.

first(outputs('List_records_-_Get_Security_Role')?['body/value'])?['@odata.id']

To build the above expression follow these steps:

1) Inside the Compose action select Expression tab
2) Use the expression first()
3) Click back to Dynamic content tab

We use first() to get the first value in the CDS List records action. This allows us to bypass the Apply to each loop that Flow creates for us

4) In the ( ) select the Dynamic content value from the List records action

TIP: Make sure you see the fx logo in the text box, this indicates we are using an expression

5) At the end of the expression add:

?['@odata.id']

6) Click OK

7) Confirm the expression saved correctly by hovering your mouse over the expression

Next, use any data source / connector that meets your needs to get the emails of your users that you want to add – In this example I am using Office365 List group members

Add an Apply to each loop – So we can loop through each email and assign the Security Role

Inside the Apply to each loop, add a List records action on the Users entity
Filter Query = internalemailaddress eq ‘ ‘
Add your dynamic content that has the email address for the user to add inside the ‘ ‘

Next, add a Compose action – to store the User ID (Unique ID)
We use the same technique as mentioned above, using first() and the field name
Add this to the end of your expression

?['systemuserid']
systemuserid = the field name in CDS that stores the Unique value for each user. This value is used as a lookup guid. So we can relate the records to this guid

Still inside the Loop:
Add a Relate Records action.. This is one of the actions inside the Common Data Service Current Environment Connector.
Entity Name: Users
Item ID: The Compose – Get User ID Outputs
Relationship: Select ‘Security Role – systemuserroles_association’ from the drop-down
URL: The Compose – Security Role odata URL

Field Security Profile = Change Relationship Dropdown to — Field Security Profile – systemuserprofiles_association

Your action should look like this:

Conclusion

Adding Security roles or Field Security Profiles, can be a long and tedious process. You can add this Flow to a MS form and have users fill out what roles they need.

Thanks for reading!

Authentication on Microsoft Forms

Microsoft Forms is great for many use cases. However, with some use cases you may not want the whole organization to have access to this form.

Summary

In short, we want to setup a way to allow certain users to fill out a MS form.
How can we achieve this?
My Flow below will show how to take a list from SharePoint that has users emails, to only allow them to process the Form.

** Note – You do not have to use SharePoint, you can use any means necessary. **

Setup

First you will need to have a Microsoft Form created – Any MS Form will work

Next, we setup our List of ‘Authenticated’ Emails. Again in this demo I am using SharePoint
I created a simple SharePoint List with a single text field to store email addresses

Steps

In the Flow, we create as normal with a Microsoft Form Trigger and action to get the Details
Trigger – When a new response is submitted
Action – Get response details
Next add a Variable, we make the Type an Array
Under the Variable, add Get items action, and choose our Authenticated users list that we created above

Next, add an Apply to each loop. Select the value from the Get items action.
Inside the loop, add a Append to array variable, select the variable that we initialized above. Value = the column name that stores the email Address in our SharePoint List

** Note – Make sure the Initialize variable is type Array **

Outside the loop – Add a Condition
Select the Array on the left side – Contains – Responder on the right

— We use Contains to check if the User filling out the form is in this Array of emails —

If the user who is filling out the form does not belong to the ‘Authenticated’ list, we Send an Email letting the user know they are unauthorized to fill out this form.
Under the Send an email action, add a Terminate action with Status of Success, this is to ensure the flow stops running, while not throwing an unwanted Failed run

Here is what a User will see when they do not have access

Conclusion

I am sure there are a million ways to add your own intuitive Authentication methods.
I hope my method helps or inspires someone else!
Thanks for reading