Usecase for IP block

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Usecase for IP block

L0 Member

Hi Team,

 

I am new to this Xsoar platform. Trying to create custom playbook, just want help on parsing an email from external source.

 

Our customer will sent an email with IOC attachment in excel format to our SOC operation team to block the IOC in firewall , proxy , edr. I need to create a flow followed by playbook.

 

Work flow how I think is 

 

Cutomer shall sent an email to a generic email id with IOC list (excel format), we need to parse it and block  it in our security devices.

 

Is there any in built custom script available for email parsing ? Kindly help

 

 

2 REPLIES 2

L1 Bithead

XSOAR provides a built-in command "extractIndiactors".

Use it against the file attached or email body wherever the indicators are. 

You can do a custom rule in Outlook to categorize in a folder this mails and then, configure EWS O365 Integration to read all mails in real time of this folder. Use the mapper for set it on fields and then, configure a playbook with the built-in command that @pagnihotri comments. 
PD: Link incident type with instance of EWS O365 and link the playbook with this type.

  • 167 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!