I’ve been attempting to automate disabling a user who clicks on malicious URL (Office365) through InsightIDR custom alerts as well as Defender Incidents.
The InsightIDR alerts don’t give me any user information (UID only) and I’ve had no luck with Defender Incidents.
Has anybody had any luck automating URL Clicks?
Thanks!