Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Using Microsoft Flows and UI Flows for Patch and Software Testing
A few of my peers are working on a vulnerability remediation project that will reduce the time-to-patch. During this process, we talked to several vendors. I asked each of them if clients verify that user workflows continue to function properly after pushing patches or software and security updates. The answer was an overwhelming “almost never.” The follow-up question I asked was, “Why?” The answer: because it takes too much time. This was an answer I knew, but I was looking for confirmation. I started to wonder if the user workflow verification part could be tested in an automated fashion using what was available to me in Microsoft’s Power Automate platform.
Power Automate is an automation platform very similar to Logic Apps. In fact, it uses Logic Apps under the hood with some slight licensing and Visual Studio integration differences. Power Automate also includes UI flows for Robotic Process Automation (RPA). Using Power Automate Flows and UI Flows I wanted to see if I could speed up the user workflow testing portion of the software patch or update cycles.
To execute my automation successfully, I would need to automagically create a test environment, have RPA execute a user workflow, prove successful workflow testing, and repeatably execute entire flow and UI flow with no human interaction. To properly execute this use case with Power Automate and Azure, there were a lot of technical questions I would need answered. Some of those questions are answered in this blog series and include:
At a high-level this blog series will cover how I used Power Automate and Azure Automation Runbooks to validate a simple user workflow in a flow similar to the one shown in the Visio diagram below.
Creating a flow with an email trigger and extracting the body to use as variables.
Every automation flow starts with a trigger. When the trigger condition is met a series of actions, defined by the flow creator, are executed. For example, the trigger event I used was an email. Ideally, what I wanted to happen was that an email is sent from a user to a specific email address, and upon receipt of an email -- that meets certain conditions -- a flow is triggered. This step is fairly easy and is covered below.
The trigger that starts this flow is found in Office 0365 Outlook connector. The one I used is When a new email arrives (v3) show below.
Once a connection is made to the email account, additional conditions can be defined to narrow the scope of messages that trigger this flow. I kept it relatively simple and only specified the From and Subject fields as seen in the image below.
If the Service email account that is defined in the from field sends an email to the email account listed under My Connections, with the subject “Software or Security Update Workflow Test” the flow will trigger.
Not relevant to the flow trigger, but very relevant to future actions in the flow, is the email body. The body of this email contains three lines of text. Some of the text in the email body will serve as variables used in actions that follow. The text after Owner will be used as the tag for the Azure resource group created. Vendor will be the vendor and/or software being tested. Lastly, IP will be the source IP address allowed, by security group, to RDP to the newly created virtual machine if an issue arises.
I needed to extract specific contents of the email body to be used as variables later in the flow. I chose to use Plumsail Documents, a service free for 30 days, that enables pattern matching through regular expression. It was just easier than trying to figure out the correct Power Automate function. After registering for a free account, I used Plumsail to perform regex matches on the body to pull out information that I could use as variables further down the flow.
Plumsail has pretty good documentation on their site, but I ran into a nested loop issue when it came to performing multiple matches within a single pattern field and then passing those successfully as individual variables. To get this to work successfully, I created three parallel branches. Each branch has an action that searches for a single pattern in the dynamically defined Text field that was equal to the email body. For example, the image below shows the pattern matched used for the Owner information.
The image above is one of three regex patterns used. The other two patterns are configured similarly. Word replacements for Vendor and IP instead of vendor were used for the other two regex patterns. This can be seen in the image below.
Once the email is received, Plumsail will perform the pattern matches on the text listed in the email body as seen in the vendor match below.
I can use the output of each pattern matched as a variable in specific actions further in the flow. Before the flow knows that the matches are variables, I need to initalize and set each of the three variables.
The first action selected is to initialize the variable. Following the regex pattern match from above, I used the name Vendor, Type is defined as String and the variable value is left blank. This can be seen in the screenshot below.
Once the variable is labeled I needed to Set it by choosing the Set Variable operation. The name will again be vendor and the value will be a dynamic value selection. This dynamic value will be the regular expression match for vendor.
I also needed to create similar action steps for Owner and IP. With the steps expanded out, my flow looks like this.
With the Owner, Vendor, and IP variables defined, the next step in the process will be to pass these variables into an Azure Automation Action to create the resources needed for the test environment.
In the next blog in this series I’ll cover how to use an Azure Automation runbook to provision a test environment that will be used for robotic process automation.
Additional Reference Information:
Microsoft Power Automate: https://flow.microsoft.com/en-us/
UI Flows: https://flow.microsoft.com/en-us/ui-flows/
Azure Logic Apps: https://azure.microsoft.com/en-us/services/logic-apps/
Azure Logic Apps and Power Automate - Functions in Expressions: https://docs.microsoft.com/en-us/azure/logic-apps/workflow-definition-language-functions-reference
Initialize a Variable: https://www.youtube.com/watch?v=fBS3wyWZo6Q
Here's a review of related posts on this series:
November 04, 2020
How to provision a test environment for robotic process automation with Azure automation runbooks: part two in a series.
How to assign a specific public IP address using Azure Automation runbook. Part three in a series.
Part four in the series: setting up RPA with WinAutomation.
Let us know what you need, and we will have an Optiv professional contact you shortly.