Supported Cortex XSOAR versions: 6.8.0 and later.
This playbook should only be used as a sub-playbook inside the "Phishing - Handle Microsoft 365 Defender Results" playbook. It searches through existing Cortex XSOAR incidents based on retrieved email message IDs and returns data only for emails that ares not found in existing incidents.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
This playbook does not use any commands.
|Emails retrieved by the "Microsoft 365 Defender - Threat Hunting Generic" playbook.
|The subject of the emails to be retrieved.
|The Message-ID of the emails to be retrieved.
|The recipient email address of the emails to be retrieved.
|An object containing the subject, internet message ID, and recipient email address of the emails to be retrieved.