Common Playbooks Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.1.0 and later.
This playbook searches and deletes emails with similar attributes of a malicious email using one of the following integrations: EWS Office 365 Gmail Agari Phishing Defense
This playbook uses the following sub-playbooks, integrations, and scripts.
- Search And Delete Emails - EWS
- O365 - Security And Compliance - Search And Delete
- Search And Delete Emails - Gmail
- Agari Phishing Defense
|The value of the malicious email's "From" attribute.
|The value of the malicious email's "Subject" attribute.
|The value of the malicious email's "AttachmentName" attribute.
|The integration in which to run the search and delete action. Can be O365, Gmail, EWS, or Agari Phishing Defense.
|Used only in O365. A comma-separated list of mailboxes/distribution groups to include, or use the value "All" to include all.
|Used only in O365. Text search string or a query that is formatted using the Keyword Query Language (KQL).
|Used only in O365. Whether to include mailboxes other than regular user mailboxes in the compliance search.
|Used only in O365. The delete type to perform on the search results. Possible values are Hard or Soft, or leave empty to select manually (Hard = Unrecoverable, Soft=Recoverable).
|Used only when searching and deleting emails in O365. The exchange location. Determines where to search and delete emails searched using O365 playbooks. Use the value 'All' to search all mailboxes, use 'SingleMailbox' to search and delete the email only from the recipient's inbox, or use 'Manual' to decide manually for every incident. Note: Searching all mailboxes may take a significant amount of time.
|Whether to limit the search to the current week.
There are no outputs for this playbook.