XSOAR Delete Messages using Graph API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XSOAR Delete Messages using Graph API

L1 Bithead

I know EWS and O365 are current options for the Delete messages playbook however does anyone know it the Graph API is going to be added as an option? Due to certain restrictions I am being forced down the Graph API route for the preferred integration.

1 accepted solution

Accepted Solutions

I took a quick look and didn't see anything regarding integrating it into the phishing playbook. I would recommend submitting a feature request so our product team knows it is something you are interested in. You may also be able to copy the default phishing playbook and add in another branch for the Graph API. I believe a lot of the logic will be the same as with O365 and EWS.

View solution in original post

7 REPLIES 7

L3 Networker

I took a look at the marketplace and it looks like we have a few Graph API specific integrations. The O365 Outlook Mail (Using Graph API) has a mail-delete command and there is an even more generic Microsoft Graph API integration which allows you to send custom Graph API requests.

Thanks,

    I do see that as well I am just wondering if an option for the Graph API's is going to be available for the default phishing playbook. Currently when going down the malicious route for e-mail removal the only options you have (related to Microsoft) are the O365 or EWS routes both of which are able to be integrated with XSOAR but nothing for GraphMail.

I took a quick look and didn't see anything regarding integrating it into the phishing playbook. I would recommend submitting a feature request so our product team knows it is something you are interested in. You may also be able to copy the default phishing playbook and add in another branch for the Graph API. I believe a lot of the logic will be the same as with O365 and EWS.

L3 Networker

When you say "Graph Mail", are you referring to "Microsoft Graph Mail Single User" ? 

 

Microsoft Graph Mail Single User authenticates as a single, non-admin user for the purposes of sending/receiving email. In contrast with the other integrations, it is specifically intended to be used in situations where XSOAR cannot or should not be granted admin-level privileges over the mail system.

 

The "Search and Delete" functionality in the phishing playbook requires admin-level privileges to search / delete from other user's mailboxes, and so it is inherently incompatible with the design goals of this integration.

I think the O365 Outlook Mail (Using Graph API) might work for multiple mailboxes. I took a quick look here and there is a msgraph-mail-delete-email command which takes user and message IDs as arguments.

Yeah, if they need the multi-mailbox delete functionality then "O365 Outlook Mail (Using Graph API)" is definitely one way to do this. I had assumed that wasn't possible for DennisO since the original post mentioned "O365" as being something they couldn't do, but if that was a misunderstanding on my part then they should definitely check it out.

Multi Mailbox solution is what I am after and it appears that creating my own Playbook for the Graph API is what I am going to do for this resolution. Thanks for all the input.

  • 1 accepted solution
  • 2005 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!