Skip to main content

Abuse Inbox Management Protection

This Playbook is part of the SlashNext Phishing Incident Response - Annual Subscription (Direct Subscription) Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Analyzes the URLs, domains, and IPs in suspicious emails, reported by end users, and returns a binary verdict (malicious or benign) and forensic information including screenshot of attack page, threat name and type, threat status, and first/last seen date


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • SlashNext Phishing Incident Response
  • Rasterize


  • AddEvidence
  • IsIntegrationAvailable


  • rasterize-email
  • slashnext-api-quota
  • slashnext-url-scan-sync
  • extractIndicators
  • slashnext-host-reputation
  • slashnext-host-report
  • slashnext-scan-report

Playbook Inputs#

NameDescriptionDefault ValueRequired
contentEmail/Message content to be scanned by SlashNext Phishing Incident Response${incident.details}Required
emailReceived email HTML for logging evidence${incident.labels.Email/html}Required

Playbook Outputs#

SlashNext.IPComplete IP Enrichment Data Returned by SlashNextunknown
SlashNext.DomainComplete Domain Enrichment Data Returned by SlashNextunknown
SlashNext.URLComplete URL Enrichment Data Returned by SlashNextunknown

Playbook Image#

Abuse Inbox Management Protection