https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/565388#M2825 <P>Hi,</P> <P>&nbsp;</P> <P>We've got an scenario where we are fetching mails from a mail server. When an email is received in the mail server, it applies some ruling and send it to a folder, then with XSOAR we've got N instances, one per folder and this is how we are classifying incidents and Use Cases.</P> <P>&nbsp;</P> <P>While there we few folders, it seemed to be the right choice. But recently we've been growing on folders and thus on instances so we've been discussing which would be the approach.</P> <P>&nbsp;</P> <P>Should we keep creating instances, one per folder? Oi isntead create one mail fetcher and the make the classification in XSOAR?</P> <P>&nbsp;</P> <P>BR,</P> <P>Fernando Otero</P> <P>&nbsp;</P> <P><LI-PRODUCT title="Cortex XSOAR" id="Cortex_XSOAR"></LI-PRODUCT>&nbsp;#aws #fetching</P> Mon, 13 Nov 2023 16:05:56 GMT foteromartinez 2023-11-13T16:05:56Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/565388#M2825 <P>Hi,</P> <P>&nbsp;</P> <P>We've got an scenario where we are fetching mails from a mail server. When an email is received in the mail server, it applies some ruling and send it to a folder, then with XSOAR we've got N instances, one per folder and this is how we are classifying incidents and Use Cases.</P> <P>&nbsp;</P> <P>While there we few folders, it seemed to be the right choice. But recently we've been growing on folders and thus on instances so we've been discussing which would be the approach.</P> <P>&nbsp;</P> <P>Should we keep creating instances, one per folder? Oi isntead create one mail fetcher and the make the classification in XSOAR?</P> <P>&nbsp;</P> <P>BR,</P> <P>Fernando Otero</P> <P>&nbsp;</P> <P><LI-PRODUCT title="Cortex XSOAR" id="Cortex_XSOAR"></LI-PRODUCT>&nbsp;#aws #fetching</P> Mon, 13 Nov 2023 16:05:56 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/565388#M2825 foteromartinez 2023-11-13T16:05:56Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/566003#M2836 <P>Most of the email fetching integrations, for example this one for EWS (<A href="https://xsoar.pan.dev/docs/reference/integrations/ewso365" target="_blank">https://xsoar.pan.dev/docs/reference/integrations/ewso365</A>) require the folder that you want to fetch from.</P> <P>&nbsp;</P> <P>So in your case, you're doing it the right way where you have multiple instances, each pointing at their own folder.&nbsp;</P> <P>&nbsp;</P> <P>If you were using gmail (<A href="https://xsoar.pan.dev/docs/reference/integrations/gmail#configure-gmail-in-cortex-xsoar" target="_blank">https://xsoar.pan.dev/docs/reference/integrations/gmail#configure-gmail-in-cortex-xsoar</A>), then it uses a query instead of folders, so classification may apply there.&nbsp; &nbsp;</P> Thu, 16 Nov 2023 15:46:24 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/566003#M2836 MBeauchamp2 2023-11-16T15:46:24Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/566124#M2845 <P>Hi!&nbsp;</P> <P>&nbsp;</P> <P>First of all thanks a lot for your response! Is it the right choice even if we have more than 20 folders? Isn't it a bit high in computer usage?</P> <P>&nbsp;</P> <P>BR!</P> Fri, 17 Nov 2023 09:09:40 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/566124#M2845 foteromartinez 2023-11-17T09:09:40Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/566169#M2847 <P>Well it's the same amount of emails being fetched regardless right?&nbsp; &nbsp;As I said depending on your integration, it might be the only way to do it.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Also consider the opportunity to streamline your folders on the other side if possible.&nbsp;</P> Fri, 17 Nov 2023 15:28:55 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/566169#M2847 MBeauchamp2 2023-11-17T15:28:55Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/566359#M2850 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/278086">@foteromartinez</a>&nbsp;,<BR /><BR />I also want to add that depending on the integration and logic you apply while moving emails to different folders, you can also move the items to different folders using XSOAR. For example, EWS integration has the below command where you can use in a playbook. In this way, you would have less number of integration to maintain.<BR /><BR /></P> <DIV class="row top-padded"> <DIV class="five wide break-word column integration-command-name">ews-move-item:&nbsp;<SPAN>Move an item to different folder in the mailbox.</SPAN></DIV> </DIV> <DIV class="row top-padded"> <DIV class="five wide break-word column integration-command-name">ews-move-item-between-mailboxes:&nbsp;<SPAN>Moves an item from one mailbox to different mailbox.</SPAN></DIV> </DIV> <DIV class="row top-padded">&nbsp;</DIV> Mon, 20 Nov 2023 10:14:13 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/multiple-instances-fetching-vs-one-instance-and-then-claasify/m-p/566359#M2850 gyldz 2023-11-20T10:14:13Z