Exchange 2016 Compliance Search (Deprecated)
#
This Integration is part of the Exchange 2016 Compliance Search Pack.Deprecated
Use EWS V2 instead.
Deprecated, use EWS V2 instead.
Use this integration to run and manage compliance searches on your Exchange 2016 Server.
This integration was integrated and tested with Exchange 2016 Server.
Use Cases
Exchange Server 2016 Compliance Search enables you to search for and delete an email message from all mailboxes in your organization. There are no limits to the number of target mailboxes in a single search.
Prerequisite
Install Cortex XSOAR Engine
- Cortex XSOAR Engine must be installed on a target window machine which is part of the domain of your Exchange 2016 server.
- Make sure you have Python 2.7 installed on the Engine machine.
-
Add the necessary Python lbs to the Engine machine.
https://github.com/demisto/content/blob/master/Packs/Exchange2016_Compliance/Integrations/Exchange2016_Compliance/doc_files/requirements.txt
Run the pip install --no-cache-dir -r requirements.txt command. - Make sure the integration runs without docker image.
- For more information regarding Installing and Deploying Cortex XSOAR Engines, see the Cortex XSOAR Engines Documentation .
Permissions
The user that you configure for the integration instance requires the Compliance Management role to run the integration commands. For more information, see the
Microsoft Documentation
.
Configure Exchange 2016 Compliance Search on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for Exchange 2016 Compliance Search.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- DOMAIN\USERNAME (e.g., XSOAR.INT\admin)
- Exchange Server fully qualified domain name (FQDN)
- Use single engine : engine to run the integration on
- Note : the integration requires engine and there is no option to use it without engine.
- Trust any certificate (not secure)
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Start a compliance search: exchange2016-start-compliance-search
- Get the results and status of a compliance search: exchange2016-get-compliance-search
- Remove a compliance search: exchange2016-remove-compliance-search
- Purge the results of a compliance search: exchange2016-purge-compliance-search-results
- Get the status of a purge operation: exchange2016-get-compliance-search-purge-status
1. Start a compliance search
Initiates a compliance search.
Base Command
exchange2016-start-compliance-search
Input
Argument Name | Description | Required |
---|---|---|
query | Query for finding mail messages | Required |
Context Output
Path | Type | Description |
---|---|---|
EWS.ComplianceSearch.Name | string | The name of the compliance search |
EWS.ComplianceSearch.Status | string | The status of the compliance search |
Command Example
exchange2016-start-compliance-search query="subject:\"Email to be searched and deleted\""
Context Example
{ "EWS": { "ComplianceSearch": { "Status": "Starting", "Name": "DemistoSearch939b54bcd2bb4848bb0885dc4071d366" } } }
Human Readable Output
2. Get the results and status of a compliance search
Gets the status and results of a compliance search.
Base Command
exchange2016-get-compliance-search
Input
Argument Name | Description | Required |
---|---|---|
search-name | Name of the compliance search | Required |
Context Output
Path | Type | Description |
---|---|---|
EWS.ComplianceSearch.Status | string | The status of the compliance search |
Command Example
exchange2016-get-compliance-search search-name=DemistoSearch939b54bcd2bb4848bb0885dc4071d366
Context Example
{ "EWS": { "ComplianceSearch": { "Status": "InProgress", "Name": "DemistoSearch939b54bcd2bb4848bb0885dc4071d366" } } }
Human Readable Output
3. Remove a compliance search
Removes the compliance search from the Exchange Server.
Base Command
exchange2016-remove-compliance-search
Input
Argument Name | Description | Required |
---|---|---|
search-name | Name of the compliance search | Required |
Context Output
Path | Type | Description |
---|---|---|
EWS.ComplianceSearch.Status | string | The status of the compliance search |
Command Example
exchange2016-remove-compliance-search search-name="DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
Context Example
{ "EWS": { "ComplianceSearch": { "Status": "Removed", "Name": "DemistoSearch939b54bcd2bb4848bb0885dc4071d366" } } }
Human Readable Output
4. Purge the results of a compliance search
Purges the results found during the compliance search.
Base Command
exchange2016-purge-compliance-search-results
Input
Argument Name | Description | Required |
---|---|---|
search-name | Name of the compliance search | Required |
Context Output
There is no context output for this command.
Command Example
exchange2016-purge-compliance-search-results search-name="DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
Context Example
{ "EWS": { "ComplianceSearch": { "Status": "Purging", "Name": "DemistoSearch939b54bcd2bb4848bb0885dc4071d366" } } }
Human Readable Output
5. Get the status of a purge operation
Checks the status of the purge operation on the compliance search.
Base Command
exchange2016-get-compliance-search-purge-status
Input
Argument Name | Description | Required |
---|---|---|
search-name | Name of the compliance search | Required |
Context Output
There is no context output for this command.
Command Example
exchange2016-get-compliance-search-purge-status search-name="DemistoSearch939b54bcd2bb4848bb0885dc4071d366"
Context Example
{ "EWS": { "ComplianceSearch": { "Status": "Purging", "Name": "DemistoSearch939b54bcd2bb4848bb0885dc4071d366" } } }
Human Readable Output