ThreatConnect Marketplace
  • Apps
  • Playbooks
  • Apps
  • Playbooks
Home » Apps Overview » Microsoft Exchange Web Services (EWS)
Back to Apps

Categories:
  • Endpoint Detection and Response
Built by

ThreatConnect

Microsoft Exchange Web Services (EWS)

ThreatConnect has released a Playbook App and a Service App for joint Microsoft Exchange customers to leverage Microsoft Exchange Web Services (EWS).  With these apps, you can automate email investigation and response actions with Microsoft Exchange using the EWS API. The EWS Service App pulls messages from an Exchange mailbox on a schedule into a target folder for processing, while the EWS Playbook App allows you to automatically monitor emails for attacks and orchestrate a response within ThreatConnect.

The EWS Playbook App integration allows these automated actions:

  • Get Attachment – Action to retrieve a suspicious or flagged email attachment
  • Get Message – Action to retrieve a suspicious or flagged email message
  • Move Message – Action to move a suspicious or flagged message into a target folder for investigation
  • Delete Message – Action to remove a suspicious or flagged message
  • Search Mailboxes – Search specific email accounts for messages or attachments that breach policy or are flagged as suspicious

The EWS Service App allows the following actions:

  • Pull Exchange email messages on a schedule
  • Put emails in a target folder for processing

The Playbook App can be found in the ThreatConnect App Catalog listed as Microsoft Exchange Web Services (EWS), and the Service App is listed as Microsoft Exchange Web Services (EWS) Service as a Custom Trigger.

Related Apps

Cybereason
Endpoint Detection and Response

With the Cybereason  integration, customers  have the ability to query both types of malops, isolate suspicious activities,...

SentinelOne
Endpoint Detection and Response

With the SentinelOne integration, users  have the ability to interact with agents, threats, hashes, exclusions and blocklist...

CarbonBlack Playbook
Endpoint Detection and Response

This Playbook template will allow you to deploy a Yara rule to Carbon Black's Yara Manager.

Developers

  • Knowledge Base
  • Training Site

Company

  • ThreatConnect
  • Contact Us
  • Blog
  • Twitter
  • Facebook
  • Linkedin

© Copyright - ThreatConnect Marketplace
Scroll to top