A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Breadcrumb Home Insights Source Zero Using Microsoft Flows and UI Flows for Patch and Software Testing November 04, 2020 Using Microsoft Flows and UI Flows for Patch and Software Testing Microsoft Power Automate Flows, UI Flows, & Automation Runbooks: Part One of a series. A few of my peers are working on a vulnerability remediation project that will reduce the time-to-patch. During this process, we talked to several vendors. I asked each of them if clients verify that user workflows continue to function properly after pushing patches or software and security updates. The answer was an overwhelming “almost never.” The follow-up question I asked was, “Why?” The answer: because it takes too much time. This was an answer I knew, but I was looking for confirmation. I started to wonder if the user workflow verification part could be tested in an automated fashion using what was available to me in Microsoft’s Power Automate platform. Power Automate is an automation platform very similar to Logic Apps. In fact, it uses Logic Apps under the hood with some slight licensing and Visual Studio integration differences. Power Automate also includes UI flows for Robotic Process Automation (RPA). Using Power Automate Flows and UI Flows I wanted to see if I could speed up the user workflow testing portion of the software patch or update cycles. To execute my automation successfully, I would need to automagically create a test environment, have RPA execute a user workflow, prove successful workflow testing, and repeatably execute entire flow and UI flow with no human interaction. To properly execute this use case with Power Automate and Azure, there were a lot of technical questions I would need answered. Some of those questions are answered in this blog series and include: What software and Azure services are needed to make this work? How do I build out all the resources needed for the test environment? How would I parse the body of the email to be used as variables later in the flow? How would I bypass Flow checker in the Flow Designer? How would I pass new WinAutomation processes to the VM? How could I have each new VM preregistered as an On-Premise Data Gateway? What does WinAutomation user agent not found mean? How can I lock down access to Salesforce to a new VM that is ephemeral? How can I write a script to a temp directory during runtime that is used at runtime? How can I get commands to execute on a VM if I have already used my one custom script extension? What can I use as proof that the UI flow executed successfully if the test environment is delete after the flow runs? How can I upload screenshots from the VM to Azure Storage without any human interaction? How can I add a blob to an email as an attachment? How can I authenticate as a service principal? How do I create mandatory parameters in an Automation Account Runbook? How can I assign a specific IP address to the test VM each time it is spun up? How can I update the WinAutomation processes on a VM without having to create new VM snapshots each time? How can I copy a WinAutomation Processes.Dat file to a newly created VM? How can I reference a blob as a variable when the blob doesn’t exist yet? How can I slow do the UI flow so that page links can render before click attempts are made? At a high-level this blog series will cover how I used Power Automate and Azure Automation Runbooks to validate a simple user workflow in a flow similar to the one shown in the Visio diagram below. Creating a flow with an email trigger and extracting the body to use as variables. Every automation flow starts with a trigger. When the trigger condition is met a series of actions, defined by the flow creator, are executed. For example, the trigger event I used was an email. Ideally, what I wanted to happen was that an email is sent from a user to a specific email address, and upon receipt of an email -- that meets certain conditions -- a flow is triggered. This step is fairly easy and is covered below. The trigger that starts this flow is found in Office 0365 Outlook connector. The one I used is When a new email arrives (v3) show below. Once a connection is made to the email account, additional conditions can be defined to narrow the scope of messages that trigger this flow. I kept it relatively simple and only specified the From and Subject fields as seen in the image below. If the Service email account that is defined in the from field sends an email to the email account listed under My Connections, with the subject “Software or Security Update Workflow Test” the flow will trigger. Current Flow Not relevant to the flow trigger, but very relevant to future actions in the flow, is the email body. The body of this email contains three lines of text. Some of the text in the email body will serve as variables used in actions that follow. The text after Owner will be used as the tag for the Azure resource group created. Vendor will be the vendor and/or software being tested. Lastly, IP will be the source IP address allowed, by security group, to RDP to the newly created virtual machine if an issue arises. I needed to extract specific contents of the email body to be used as variables later in the flow. I chose to use Plumsail Documents, a service free for 30 days, that enables pattern matching through regular expression. It was just easier than trying to figure out the correct Power Automate function. After registering for a free account, I used Plumsail to perform regex matches on the body to pull out information that I could use as variables further down the flow. Plumsail has pretty good documentation on their site, but I ran into a nested loop issue when it came to performing multiple matches within a single pattern field and then passing those successfully as individual variables. To get this to work successfully, I created three parallel branches. Each branch has an action that searches for a single pattern in the dynamically defined Text field that was equal to the email body. For example, the image below shows the pattern matched used for the Owner information. The image above is one of three regex patterns used. The other two patterns are configured similarly. Word replacements for Vendor and IP instead of vendor were used for the other two regex patterns. This can be seen in the image below. Once the email is received, Plumsail will perform the pattern matches on the text listed in the email body as seen in the vendor match below. I can use the output of each pattern matched as a variable in specific actions further in the flow. Before the flow knows that the matches are variables, I need to initalize and set each of the three variables. The first action selected is to initialize the variable. Following the regex pattern match from above, I used the name Vendor, Type is defined as String and the variable value is left blank. This can be seen in the screenshot below. Once the variable is labeled I needed to Set it by choosing the Set Variable operation. The name will again be vendor and the value will be a dynamic value selection. This dynamic value will be the regular expression match for vendor. I also needed to create similar action steps for Owner and IP. With the steps expanded out, my flow looks like this. With the Owner, Vendor, and IP variables defined, the next step in the process will be to pass these variables into an Azure Automation Action to create the resources needed for the test environment. Current Flow In the next blog in this series I’ll cover how to use an Azure Automation runbook to provision a test environment that will be used for robotic process automation. Additional Reference Information: Microsoft Power Automate: https://flow.microsoft.com/en-us/ UI Flows: https://flow.microsoft.com/en-us/ui-flows/ Azure Logic Apps: https://azure.microsoft.com/en-us/services/logic-apps/ Azure Logic Apps and Power Automate - Functions in Expressions: https://docs.microsoft.com/en-us/azure/logic-apps/workflow-definition-language-functions-reference Plumsail: https://plumsail.com/documents/ https://docs.microsoft.com/en-us/connectors/plumsail/ Initialize a Variable: https://www.youtube.com/watch?v=fBS3wyWZo6Q Here's a review of related posts on this series: Part 1: Using Microsoft Flows and UI Flows for Patch and Software Testing Part 2: Provisioning RPA Test Environments With Azure Automation Runbooks Part 3: Assigning Specific Public IP Addresses With Azure Automation Runbook Part 4: Robotic Process Automation with WinAutomation Part 5: Copying Updated WinAutomation Databases for RPA With Azure Custom Script Extensions Part 6: Uploading WinAutomation Screenshots to Azure Container Storage Using Invoke-AzVMRunCommand Part 7: Tearing Down Azure Resources and Replying to Emails Using Power Automate Flows and Azure Runbooks By: Dan Kiraly Senior Research Scientist | Optiv Dan Kiraly is senior research scientist on Optiv’s R&D team. In this role he's responsible for use case development and the vetting of security products for Optiv. Share: Microsoft Azure Microsoft Power Automate Power Automate Flows UI Flows Robotic Process Automation RPA Azure Automation Automation Runbooks CDX Patch Management Orchestration Automation Blue Team Source Zero® Copyright © 2024 Optiv Security Inc. All rights reserved. No license, express or implied, to any intellectual property or other content is granted or intended hereby. This blog is provided to you for information purposes only. While the information contained in this site has been obtained from sources believed to be reliable, Optiv disclaims all warranties as to the accuracy, completeness or adequacy of such information. Links to third party sites are provided for your convenience and do not constitute an endorsement by Optiv. These sites may not have the same privacy, security or accessibility standards. Complaints / questions should be directed to Legal@optiv.com
Copyright © 2024 Optiv Security Inc. All rights reserved. No license, express or implied, to any intellectual property or other content is granted or intended hereby. This blog is provided to you for information purposes only. While the information contained in this site has been obtained from sources believed to be reliable, Optiv disclaims all warranties as to the accuracy, completeness or adequacy of such information. Links to third party sites are provided for your convenience and do not constitute an endorsement by Optiv. These sites may not have the same privacy, security or accessibility standards. Complaints / questions should be directed to Legal@optiv.com
Would you like to speak to an advisor? Let's Talk Cybersecurity Provide your contact information and we will follow-up shortly. Let's Browse Cybersecurity Just looking? Explore how Optiv serves its ~6,000 clients. Show me AI Security Solutions Show me the Optiv brochure Take me to Optiv's Events page Browse all Services