- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-26-2023 04:14 PM
I would like to explore an option to trigger a use case by forwarding or sending the email to a cortex email address (Dedicated) to a client and trigger a playbook from there.
(Something like client@paloalto.com) and then it creates an incident and we can trigger the playbook from there.
Is there a way to do this?
Cortex XSOAR #Playbook_Triggers
05-28-2023 05:43 PM
Yes, you can create incidents in XSOAR based on emails arriving to a dedicated inbox. You'll need a mail integration like Mail Listener or Gmail Single User to receive the emails. These are most commonly used for phishing reports, but there's nothing to stop you from using them for other purposes. You can have multiple instances of the same integration, so if you need multiple mailboxes for different purposes that's fine too.
You can use the classifier and mapper with regular expressions (or similar) to select the appropriate incident type and extract stored data from the email into fields. For this, bear in mind that this kind of extraction works best with highly structured mails (eg, mails created to a template).
Once the incident has been classified and mapped, it will automatically execute the associated playbook for the incident type (depending on incident type settings).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!