Trigger a usecase by sending an email to an email address (Dedicated) owned by Paloalto

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Trigger a usecase by sending an email to an email address (Dedicated) owned by Paloalto

L1 Bithead

I would like to explore an option to trigger a use case by forwarding or sending the email to a cortex email address (Dedicated) to a client and trigger a playbook from there.

 

(Something like client@paloalto.com) and then it creates an incident and we can trigger the playbook from there.

 

Is there a way to do this?

 

Cortex XSOAR #Playbook_Triggers

1 REPLY 1

L3 Networker

Yes, you can create incidents in XSOAR based on emails arriving to a dedicated inbox. You'll need a mail integration like Mail Listener or Gmail Single User to receive the emails. These are most commonly used for phishing reports, but there's nothing to stop you from using them for other purposes. You can have multiple instances of the same integration, so if you need multiple mailboxes for different purposes that's fine too.

 

You can use the classifier and mapper with regular expressions (or similar) to select the appropriate incident type and extract stored data from the email into fields. For this, bear in mind that this kind of extraction works best with highly structured mails (eg, mails created to a template).

 

Once the incident has been classified and mapped, it will automatically execute the associated playbook for the incident type (depending on incident type settings).

  • 1668 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!