Skip to main content

Abuse Inbox Management Protection

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Analyzes the URLs, domains, and IPs in suspicious emails, reported by end users, and returns a binary verdict (malicious or benign) and forensic information including screenshot of attack page, threat name and type, threat status, and first/last seen date

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • SlashNext Phishing Incident Response
  • Rasterize

Scripts#

  • AddEvidence
  • IsIntegrationAvailable

Commands#

  • rasterize-email
  • slashnext-api-quota
  • slashnext-url-scan-sync
  • extractIndicators
  • slashnext-host-reputation
  • slashnext-host-report
  • slashnext-scan-report

Playbook Inputs#


NameDescriptionDefault ValueRequired
contentEmail/Message content to be scanned by SlashNext Phishing Incident Response${incident.details}Required
emailReceived email HTML for logging evidence${incident.labels.Email/html}Required

Playbook Outputs#


PathDescriptionType
SlashNext.IPComplete IP Enrichment Data Returned by SlashNextunknown
SlashNext.DomainComplete Domain Enrichment Data Returned by SlashNextunknown
SlashNext.URLComplete URL Enrichment Data Returned by SlashNextunknown

Playbook Image#


Abuse Inbox Management Protection