Skip to main content

Abuse Inbox Management Detect & Respond

This Playbook is part of the SlashNext Phishing Incident Response - Annual Subscription (Direct Subscription) Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

When combined with ‘SlashNext Abuse Management Protection’, this playbook fully automates the identification and remediation of phishing emails found in Microsoft 365 user inboxes. Using the indicators of compromise, URL, domain, and IP, found in the original email, it searches and remediates other emails containing the same IOCs.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Abuse Inbox Management Protection


  • EWS Mail Sender
  • EWS v2


This playbook does not use any scripts.


  • ews-search-mailbox
  • send-mail
  • ews-move-item
  • closeInvestigation

Playbook Inputs#

There are no inputs for this playbook.

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Abuse Inbox Management Detect & Respond