Skip to main content

Agari Message Remediation - Agari Phishing Defense

This Playbook is part of the Agari Phishing Defense Pack.#

Investigates Agari policy events by obtaining the original message and attachments from the existing email integrations and remediates in Agari. Supported Cortex XSOAR versions: 5.0.0 and later.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Entity Enrichment - Phishing v2
  • Extract Indicators From File - Generic v2
  • Email Address Enrichment - Generic v2.1
  • Retrieve Email Data - Agari Phishing Defense
  • Calculate Severity - Generic v2
  • Process Email - Generic
  • Remediate Message - Agari Phishing Defense
  • Detonate File - Generic


This playbook does not use any integrations.


  • AssignAnalystToIncident
  • Set
  • CheckEmailAuthenticity


  • closeInvestigation
  • setIncident

Playbook Inputs#

NameDescriptionDefault ValueRequired
APD Global Message IDGlobal Message Id obtained from the incident.incident.apdglobalmessageidRequired
AuthenticateEmailWhether the authenticity of the email should be verified, using Authenticity Score.TrueOptional
OnCallSet to true to assign only user that is currently on shift. Requires Cortex XSOAR v5.5 or later.falseOptional
RoleThe default role to assign the incident to.AdministratorOptional
ResolveIPResolve IP addresses to hostnames (DNS).FalseOptional
AutoRemeditaionWhether Automatic remediate message or not.falseOptional
RemediateActionDefault action for remediation of message.moveOptional
UserEnrichmentEnableFlag for enabling User Enrichment.TrueOptional
User IdId of User.Optional
APD Internal Message IDInternal Message Id obtained from the incident.incident.apdinternalmessageidRequired

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Agari Message Remediation - Agari Phishing Defense