Skip to main content

Email Headers Check - Generic

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This playbook executes one sub-playbook and one automation to check the email headers:

  • Process Microsoft's Anti-Spam Headers - This playbook stores the SCL, BCL and PCL scores if they exist to the relevant incident fields (Phishing SCL Score, Phishing PCL Score, Phishing BCL Score).
  • CheckEmailAuthenticity - This automation checks email authenticity based on its SPF, DMARC, and DKIM.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

Process Microsoft's Anti-Spam Headers

Integrations#

This playbook does not use any integrations.

Scripts#

CheckEmailAuthenticity

Commands#

setIncident

Playbook Inputs#


NameDescriptionDefault ValueRequired
AuthenticateEmailWhether the email authenticity should be verified using SPF, DKIM and DMARC.FalseOptional
CheckMicrosoftHeadersWhether to check Microsoft headers for BCL/PCL/SCL scores and set the "Severity" and "Email Classification" accordingly.FalseOptional

Playbook Outputs#


PathDescriptionType
Email.AuthenticityCheckPossible values:
Fail / Suspicious / Undetermined / Pass
Unknown
Email.MicrosoftHeadersSeverityCheckPossible values:
Medium: PCL or BCL scores are equal to or higher than 4.
High: BCL score is equal to or higher than 8.
Unknown

Playbook Image#


Email Headers Check - Generic