Microsoft Exchange Web Services (EWS)
ThreatConnect has released a Playbook App and a Service App for joint Microsoft Exchange customers to leverage Microsoft Exchange Web Services (EWS). With these apps, you can automate email investigation and response actions with Microsoft Exchange using the EWS API. The EWS Service App pulls messages from an Exchange mailbox on a schedule into a target folder for processing, while the EWS Playbook App allows you to automatically monitor emails for attacks and orchestrate a response within ThreatConnect.
The EWS Playbook App integration allows these automated actions:
- Get Attachment – Action to retrieve a suspicious or flagged email attachment
- Get Message – Action to retrieve a suspicious or flagged email message
- Move Message – Action to move a suspicious or flagged message into a target folder for investigation
- Delete Message – Action to remove a suspicious or flagged message
- Search Mailboxes – Search specific email accounts for messages or attachments that breach policy or are flagged as suspicious
The EWS Service App allows the following actions:
- Pull Exchange email messages on a schedule
- Put emails in a target folder for processing
The Playbook App can be found in the ThreatConnect App Catalog listed as Microsoft Exchange Web Services (EWS), and the Service App is listed as Microsoft Exchange Web Services (EWS) Service as a Custom Trigger.