04-28-2023 08:57 AM
I know EWS and O365 are current options for the Delete messages playbook however does anyone know it the Graph API is going to be added as an option? Due to certain restrictions I am being forced down the Graph API route for the preferred integration.
04-28-2023 10:57 AM
I took a quick look and didn't see anything regarding integrating it into the phishing playbook. I would recommend submitting a feature request so our product team knows it is something you are interested in. You may also be able to copy the default phishing playbook and add in another branch for the Graph API. I believe a lot of the logic will be the same as with O365 and EWS.
04-28-2023 10:03 AM
I took a look at the marketplace and it looks like we have a few Graph API specific integrations. The O365 Outlook Mail (Using Graph API) has a mail-delete command and there is an even more generic Microsoft Graph API integration which allows you to send custom Graph API requests.
04-28-2023 10:18 AM
Thanks,
I do see that as well I am just wondering if an option for the Graph API's is going to be available for the default phishing playbook. Currently when going down the malicious route for e-mail removal the only options you have (related to Microsoft) are the O365 or EWS routes both of which are able to be integrated with XSOAR but nothing for GraphMail.
04-28-2023 10:57 AM
I took a quick look and didn't see anything regarding integrating it into the phishing playbook. I would recommend submitting a feature request so our product team knows it is something you are interested in. You may also be able to copy the default phishing playbook and add in another branch for the Graph API. I believe a lot of the logic will be the same as with O365 and EWS.
04-30-2023 06:30 PM
When you say "Graph Mail", are you referring to "Microsoft Graph Mail Single User" ?
Microsoft Graph Mail Single User authenticates as a single, non-admin user for the purposes of sending/receiving email. In contrast with the other integrations, it is specifically intended to be used in situations where XSOAR cannot or should not be granted admin-level privileges over the mail system.
The "Search and Delete" functionality in the phishing playbook requires admin-level privileges to search / delete from other user's mailboxes, and so it is inherently incompatible with the design goals of this integration.
05-01-2023 10:46 AM - edited 05-01-2023 10:47 AM
I think the O365 Outlook Mail (Using Graph API) might work for multiple mailboxes. I took a quick look here and there is a msgraph-mail-delete-email command which takes user and message IDs as arguments.
05-01-2023 05:09 PM
Yeah, if they need the multi-mailbox delete functionality then "O365 Outlook Mail (Using Graph API)" is definitely one way to do this. I had assumed that wasn't possible for DennisO since the original post mentioned "O365" as being something they couldn't do, but if that was a misunderstanding on my part then they should definitely check it out.
05-02-2023 03:56 AM
Multi Mailbox solution is what I am after and it appears that creating my own Playbook for the Graph API is what I am going to do for this resolution. Thanks for all the input.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
