- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-13-2023 08:05 AM
Hi,
We've got an scenario where we are fetching mails from a mail server. When an email is received in the mail server, it applies some ruling and send it to a folder, then with XSOAR we've got N instances, one per folder and this is how we are classifying incidents and Use Cases.
While there we few folders, it seemed to be the right choice. But recently we've been growing on folders and thus on instances so we've been discussing which would be the approach.
Should we keep creating instances, one per folder? Oi isntead create one mail fetcher and the make the classification in XSOAR?
BR,
Fernando Otero
Cortex XSOAR #aws #fetching
11-16-2023 07:46 AM
Most of the email fetching integrations, for example this one for EWS (https://xsoar.pan.dev/docs/reference/integrations/ewso365) require the folder that you want to fetch from.
So in your case, you're doing it the right way where you have multiple instances, each pointing at their own folder.
If you were using gmail (https://xsoar.pan.dev/docs/reference/integrations/gmail#configure-gmail-in-cortex-xsoar), then it uses a query instead of folders, so classification may apply there.
11-17-2023 01:09 AM
Hi!
First of all thanks a lot for your response! Is it the right choice even if we have more than 20 folders? Isn't it a bit high in computer usage?
BR!
11-17-2023 07:28 AM
Well it's the same amount of emails being fetched regardless right? As I said depending on your integration, it might be the only way to do it.
Also consider the opportunity to streamline your folders on the other side if possible.
11-20-2023 02:14 AM
Hi @foteromartinez ,
I also want to add that depending on the integration and logic you apply while moving emails to different folders, you can also move the items to different folders using XSOAR. For example, EWS integration has the below command where you can use in a playbook. In this way, you would have less number of integration to maintain.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!