Common Playbooks Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.0.0 and later.
This playbook executes one sub-playbook and one automation to check the email headers:
- Process Microsoft's Anti-Spam Headers - This playbook stores the SCL, BCL and PCL scores if they exist to the relevant incident fields (Phishing SCL Score, Phishing PCL Score, Phishing BCL Score).
- CheckEmailAuthenticity - This automation checks email authenticity based on its SPF, DMARC, and DKIM.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Process Microsoft's Anti-Spam Headers
This playbook does not use any integrations.
|Whether the authenticity of the email should be verified using SPF, DKIM and DMARC.
|Whether to Check Microsoft headers for BCL/PCL/SCL scores and set the "Severity" and "Email Classification" accordingly.
|Possible values are: Fail / Suspicious / Undetermined / Pass
Medium: PCL or BCL scores are equal to or greater than 4.
High: BCL score is equal to or greater than 8.