IronPort integration with XSOAR, receiving to mails

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

IronPort integration with XSOAR, receiving to mails

L0 Member

Hi, I wondered if it's possible to check URLs from mails via integration with XSOAR and then send a response with verdict to those address which was recipient for this mail under investigation? 

Maybe you can advice some features for realization or something with analogous functional?

 

Will be tanksful for any answer!

1 REPLY 1

L2 Linker

Hi, 

 

Yes, this can be achieved through playbook. The email with URL will have to be received as an incident in XSOAR and URLs in that email can be extracted, perform enrichment and share the reputation back to sender of this email.

if this is what you were trying to achieve , Take a look at Phishing V3 content pack, in that phishing playbook some of these steps are done, you can take those tasks and add additional tasks to respond to the user with reputation.

  • 1322 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!