Skip to main content

Search And Delete Emails - EWS

This Playbook is part of the Microsoft Exchange On-Premise Pack.#

Searches EWS to identify and delete emails with similar attributes of a malicious email.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • EWS v2

Scripts#

  • BuildEWSQuery

Commands#

  • ews-delete-items
  • ews-search-mailboxes

Playbook Inputs#


NameDescriptionDefault ValueSourceRequired
FromThe value of the malicious email's "From" attribute.emailfromincidentRequired
SubjectThe value of the malicious email's "Subject" attribute.emailsubjectincidentOptional
AttachmentNameThe value of the malicious email's AttachmentName attribute.attachmentnameincidentOptional
SearchThisWeekLimit the search to the current week. Can be "true" or "false".true-Required
LimitThe maximum number of search results.20-Required
DeleteTypeThe deletion type. Can be, "trash", "soft", or "hard".trash-Required

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Search_And_Delete_Emails_EWS