Supported Cortex XSOAR versions: 6.1.0 and later.
A script for deleting reported phishing emails from the mailbox in which they were reported.
The script was specifically developed for use by the
Delete Reported Email layout on the
Phishing - Generic v3 playbook, and should not be used elsewhere.
|Cortex XSOAR Version
|The type of deletion - soft allows restoring, hard doesn't. Not relevant for O365 and Search & Compliance.
|The brand for which to delete this email from. The default value is the incident using the brand.
|Argument used for the generic polling flow within the security and compliance search.
|Use the Cortex XSOAR built-in polling to retrieve the result when it's ready.
|Interval in seconds between each poll.
|Whether the deletion operation was successful, skipped, or failed
|The reason of failure if the deletion operation failed or skipped
|Whether the deletion operation was hard or soft.
|The email service that was used to delete the email.
|The subject of the deleted email.
|The message ID of the deleted email.
- If the
Reported Email Originfield is missing or has a value of
None, the script will not be able to locate the email and fail.
This can happen if the email forwarded to the listener mailbox was not forwarded as an attachment (with an
EMLfile) as it should.
- If either the
Reported Email Message IDor
Reported Email Tofields are missing, the cause is likely to be one of the following:
EMLfile was not attached to the email.
- The playbook is being used as a sub-playbook, causing the
EMLfile to exist only in the parent playbook.
Process Email - Generic v2sub-playbook failed, or the
ParseEmailFilesV2step within it specifically failed.