PerceptionPoint
This Integration is part of the Perception Point Pack.#
Use the Perception Point integration to resend falsely quarantined emails.
Get your Perception Point API token
To get an API token, contact PerceptionPoint support.
API token use cases
To set the number of results to return, specify the parameter "Number of API loops". Each loop returns a maximum of 20 items.
- View and manage your incidents list. This list will be updated automatically in the Incidents dashboard.
- Release emails from quarantine and resend them to their recipients, by passing the scan ID as an argument.
Configure PerceptionPoint on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for Perception Point.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Token to use Perception Point's API
- No. of API loops
- Fetch incidents
- Fetch blocked incidents
- Fetch spam incidents
- Fetch malicious incidents
- Incident type
- Trust any certificate (insecure)
- Use system proxy
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
1. Resend a falsely quarantined email
Resends an email that was falsely quarantined, using the scan ID.
Base Command
pp-release-email
Input
| Argument Name | Description | Required |
|---|---|---|
| scan_id | The PP scan ID of the email. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| PP.Released | number | The scan ID of the released email. |
Command Example
pp-release-email scan_id="80052041"
Context Example
{
"PP.Released": "80052041"
}
Human Readable Output
Email with id 80052041 was released Successfully!