09-27-2024 02:14 AM
Hi Team,
I am new to this Xsoar platform. Trying to create custom playbook, just want help on parsing an email from external source.
Our customer will sent an email with IOC attachment in excel format to our SOC operation team to block the IOC in firewall , proxy , edr. I need to create a flow followed by playbook.
Work flow how I think is
Cutomer shall sent an email to a generic email id with IOC list (excel format), we need to parse it and block it in our security devices.
Is there any in built custom script available for email parsing ? Kindly help
09-27-2024 06:32 AM
XSOAR provides a built-in command "extractIndiactors".
Use it against the file attached or email body wherever the indicators are.
10-08-2024 01:31 AM
You can do a custom rule in Outlook to categorize in a folder this mails and then, configure EWS O365 Integration to read all mails in real time of this folder. Use the mapper for set it on fields and then, configure a playbook with the built-in command that @pagnihotri comments.
PD: Link incident type with instance of EWS O365 and link the playbook with this type.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
