Hi, I wondered if it's possible to check URLs from mails via integration with XSOAR and then send a response with verdict to those address which was recipient for this mail under investigation?
Maybe you can advice some features for realization or something with analogous functional?
Will be tanksful for any answer!
Yes, this can be achieved through playbook. The email with URL will have to be received as an incident in XSOAR and URLs in that email can be extracted, perform enrichment and share the reputation back to sender of this email.
if this is what you were trying to achieve , Take a look at Phishing V3 content pack, in that phishing playbook some of these steps are done, you can take those tasks and add additional tasks to respond to the user with reputation.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!