Email Headers Check - Generic
Common Playbooks Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.0.0 and later.
This playbook executes one sub-playbook and one automation to check the email headers:
- Process Microsoft's Anti-Spam Headers - This playbook stores the SCL, BCL and PCL scores if they exist to the relevant incident fields (Phishing SCL Score, Phishing PCL Score, Phishing BCL Score).
- CheckEmailAuthenticity - This automation checks email authenticity based on its SPF, DMARC, and DKIM.
This playbook uses the following sub-playbooks, integrations, and scripts.
Process Microsoft's Anti-Spam Headers
This playbook does not use any integrations.
|AuthenticateEmail||Whether the email authenticity should be verified using SPF, DKIM and DMARC.||False||Optional|
|CheckMicrosoftHeaders||Whether to check Microsoft headers for BCL/PCL/SCL scores and set the "Severity" and "Email Classification" accordingly.||False||Optional|
Fail / Suspicious / Undetermined / Pass
Medium: PCL or BCL scores are equal to or higher than 4.
High: BCL score is equal to or higher than 8.