PhishingAlerts Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.0.0 and later.
This playbook calculates and assigns the incident severity based on the highest returned severity level from the following calculations:
- Email security alert action
- DBotScores of indicators
- Critical assets
- Email authenticity
- Current incident severity
- Microsoft Headers
This playbook uses the following sub-playbooks, integrations, and scripts.
Calculate Severity - Generic v2
This playbook does not use any integrations.
|The default role to assign the incident to.
|The higher tier role to assign the incident to.
|Set to True to assign only to analysts on the current shift.
|Indicates the email authenticity resulting from the EmailAuthenticityCheck script. Possible values are: Pass, Fail, Suspicious, and Undetermined.
|This value is set by the "Process Microsoft's Anti-Spam Headers" playbook, which calculates the severity after processing the PCL, BCL and PCL values in Microsoft headers.
|The SOC email address to set if the playbook handles an email security alert.
|The email recipient.
|A comma-separated list of optional values the email security device returns for blocked\denied\etc. emails.
There are no outputs for this playbook.