Microsoft Exchange Web Services (EWS)

ThreatConnect has released a Playbook App and a Service App for joint Microsoft Exchange customers to leverage Microsoft Exchange Web Services (EWS). With these apps, you can automate email investigation and response actions with Microsoft Exchange using the EWS API. The EWS Service App pulls messages from an Exchange mailbox on a schedule into a target folder for processing, while the EWS Playbook App allows you to automatically monitor emails for attacks and orchestrate a response within ThreatConnect.

The EWS Playbook App integration allows these automated actions:

Get Attachment – Action to retrieve a suspicious or flagged email attachment
Get Message – Action to retrieve a suspicious or flagged email message
Move Message – Action to move a suspicious or flagged message into a target folder for investigation
Delete Message – Action to remove a suspicious or flagged message
Search Mailboxes – Search specific email accounts for messages or attachments that breach policy or are flagged as suspicious

The EWS Service App allows the following actions:

Pull Exchange email messages on a schedule
Put emails in a target folder for processing

The Playbook App can be found in the ThreatConnect App Catalog listed as Microsoft Exchange Web Services (EWS), and the Service App is listed as Microsoft Exchange Web Services (EWS) Service as a Custom Trigger.

Categories:

ThreatConnect

Microsoft Exchange Web Services (EWS)

Developers

Company

Categories:

ThreatConnect

Microsoft Exchange Web Services (EWS)

Related Apps

Cybereason

Endpoint Detection and Response

SentinelOne

Endpoint Detection and Response

CarbonBlack Playbook

Endpoint Detection and Response

Developers

Company